Winter Sale Discount 60% Offer - Ends in 0d 00h 00m 00s - Coupon code: brite60

ExamsBrite Dumps

GitHub Advanced Security Exam Question and Answers

GitHub Advanced Security Exam

Last Update Nov 3, 2025
Total Questions : 75

We are offering FREE GH-500 Microsoft exam questions. All you do is to just go and sign up. Give your details, prepare GH-500 free exam questions and then go for complete pool of GitHub Advanced Security Exam test questions that will help you more.

GH-500 pdf

GH-500 PDF

$46  $114.99
 Add to Cart
GH-500 Engine

GH-500 Testing Engine

$54  $134.99
 Add to Cart
GH-500 PDF + Engine

GH-500 PDF + Testing Engine

$70  $174.99
 Add to Cart
Questions 1

Which syntax in a query suite tells CodeQL to look for one or more specified .ql files?

Options:

A.  

query

B.  

qlpack

C.  

qls

Discussion 0
Questions 2

Which of the following options are code scanning application programming interface (API) endpoints? (Each answer presents part of the solution. Choose two.)

Options:

A.  

List all open code scanning alerts for the default branch

B.  

Modify the severity of an open code scanning alert

C.  

Get a single code scanning alert

D.  

Delete all open code scanning alerts

Discussion 0
Questions 3

Assuming that no custom Dependabot behavior is configured, who has the ability to merge a pull request created via Dependabot security updates?​

Options:

A.  

An enterprise administrator

B.  

A user who has write access to the repository

C.  

A user who has read access to the repository

D.  

A repository member of an enterprise organization​

Discussion 0
Questions 4

Which of the following secret scanning features can verify whether a secret is still active?

Options:

A.  

Push protection

B.  

Validity checks

C.  

Branch protection

D.  

Custom patterns

Discussion 0
Questions 5

What does code scanning do?

Options:

A.  

It contacts maintainers to ask them to create security advisories if a vulnerability is found

B.  

It prevents code pushes with vulnerabilities as a pre-receive hook

C.  

It analyzes a GitHub repository to find security vulnerabilities

D.  

It scans your entire Git history on branches present in your GitHub repository for any secrets

Discussion 0
Questions 6

When using CodeQL, how does extraction for compiled languages work?

Options:

A.  

By generating one language at a time

B.  

By resolving dependencies to give an accurate representation of the codebase

C.  

By monitoring the normal build process

D.  

By running directly on the source code

Discussion 0
Questions 7

What filter or sort settings can be used to prioritize the secret scanning alerts that present the most risk?

Options:

A.  

Sort to display the oldest first

B.  

Sort to display the newest first

C.  

Filter to display active secrets

D.  

Select only the custom patterns

Discussion 0
Questions 8

You are managing code scanning alerts for your repository. You receive an alert highlighting a problem with data flow. What do you click for additional context on the alert?​

Options:

A.  

Show paths

B.  

Security

C.  

Code scanning alerts​

Discussion 0
Questions 9

Which of the following features helps to prioritize secret scanning alerts that present an immediate risk?

Options:

A.  

Non-provider patterns

B.  

Push protection

C.  

Custom pattern dry runs

D.  

Secret validation

Discussion 0
Questions 10

If notification and alert recipients are not customized, which users receive notifications about new Dependabot alerts in an affected repository?

Options:

A.  

Users with Write permissions to the repository

B.  

Users with Admin privileges to the repository

C.  

Users with Maintain privileges to the repository

D.  

Users with Read permissions to the repository

Discussion 0
Questions 11

Assuming security and analysis features are not configured at the repository, organization, or enterprise level, secret scanning is enabled on:

Options:

A.  

Public repositories

B.  

All new repositories within your organization

C.  

User-owned private repositories

D.  

Private repositories

Discussion 0
Questions 12

A dependency has a known vulnerability. What does the warning message include?

Options:

A.  

The security impact of these changes

B.  

An easily understandable visualization of dependency change

C.  

How many projects use these components

D.  

A brief description of the vulnerability

Discussion 0
Questions 13

What YAML syntax do you use to exclude certain files from secret scanning?

Options:

A.  

decrypt_secret.sh

B.  

paths-ignore:

C.  

branches-ignore:

D.  

secret scanning.yml

Discussion 0
Questions 14

Which security feature shows a vulnerable dependency in a pull request?

Options:

A.  

Dependency graph

B.  

Dependency review

C.  

Dependabot alert

D.  

The repository's Security tab

Discussion 0
Questions 15

Which of the following workflow events would trigger a dependency review? (Each answer presents a complete solution. Choose two.)​

Options:

A.  

pull_request

B.  

workflow_dispatch

C.  

trigger

D.  

commit

Discussion 0
Questions 16

Which Dependabot configuration fields are required? (Each answer presents part of the solution. Choose three.)

Options:

A.  

directory

B.  

package-ecosystem

C.  

milestone

D.  

schedule.interval

E.  

allow

Discussion 0
Questions 17

Which of the following tasks can be performed by a security team as a proactive measure to help address secret scanning alerts? (Each answer presents a complete solution. Choose two.)

Options:

A.  

Dismiss alerts that are older than 90 days.

B.  

Configure a webhook to monitor for secret scanning alert events.

C.  

Enable system for cross-domain identity management (SCIM) provisioning for the enterprise.

D.  

Document alternatives to storing secrets in the source code.

Discussion 0
Questions 18

What kind of repository permissions do you need to request a Common Vulnerabilities and Exposures (CVE) identification number for a security advisory?​

Options:

A.  

Maintain

B.  

Admin

C.  

Triage

D.  

Write​

Discussion 0
Questions 19

Where in the repository can you give additional users access to secret scanning alerts?

Options:

A.  

Security

B.  

Settings

C.  

Secrets

D.  

Insights

Discussion 0
Questions 20

What are Dependabot security updates?

Options:

A.  

Automated pull requests that help you update dependencies that have known vulnerabilities

B.  

Automated pull requests that keep your dependencies updated, even when they don’t have any vulnerabilities

C.  

Automated pull requests to update the manifest to the latest version of the dependency

D.  

Compatibility scores to let you know whether updating a dependency could cause breaking changes to your project

Discussion 0
Questions 21

Which key is required in the update settings of the Dependabot configuration file?

Options:

A.  

rebase-strategy

B.  

commit-message

C.  

assignees

D.  

package-ecosystem

Discussion 0
Questions 22

Why should you dismiss a code scanning alert?

Options:

A.  

If you fix the code that triggered the alert

B.  

To prevent developers from introducing new problems

C.  

If it includes an error in code that is used only for testing

D.  

If there is a production error in your code

Discussion 0