Pass4Future also provide interactive practice exam software for preparing Microsoft GitHub Advanced Security (GH-500) Exam effectively. You are welcome to explore sample free Microsoft GH-500 Exam questions below and also try Microsoft GH-500 Exam practice test software.
Do you know that you can access more real Microsoft GH-500 exam questions via Premium Access? ()
-- [Configure and Use Dependency Management]
If notification and alert recipients are not customized, which users receive notifications about new Dependabot alerts in an affected repository?
Answer : A
By default, users with Write, Maintain, or Admin permissions will receive notifications for new Dependabot alerts. However, Write permission is the minimum level needed to be automatically notified. Users with only Read access do not receive alerts unless added explicitly.
-- [Configure and Use Secret Scanning]
Which of the following features helps to prioritize secret scanning alerts that present an immediate risk?
Answer : D
Secret validation checks whether a secret found in your repository is still valid and active with the issuing provider (e.g., AWS, GitHub, Stripe). If a secret is confirmed to be active, the alert is marked as verified, which means it's considered a high-priority issue because it presents an immediate security risk.
This helps teams respond faster to valid, exploitable secrets rather than wasting time on expired or fake tokens.
-- [Use Code Scanning with CodeQL]
When using CodeQL, how does extraction for compiled languages work?
Answer : C
For compiled languages, CodeQL performs extraction by monitoring the normal build process. This means it watches your usual build commands (like make, javac, or dotnet build) and extracts the relevant data from the actual build steps being executed. CodeQL uses this information to construct a semantic database of the application.
This approach ensures that CodeQL captures a precise, real-world representation of the code and its behavior as it is compiled, including platform-specific configurations or conditional logic used during build.
-- [Use Code Scanning with CodeQL]
Which syntax in a query suite tells CodeQL to look for one or more specified .ql files?
Answer : A
In a query suite (a .qls file), the **query** key is used to specify the paths to one or more .ql files that should be included in the suite.
Example:
- query: path/to/query.ql
qls is the file format.
qlpack is used for packaging queries, not in suite syntax.
-- [Configure and Use Code Scanning]
What is required to trigger code scanning on a specified branch?
Answer : D
Comprehensive and Detailed Explanation:
For code scanning to be triggered on a specific branch, the branch must contain the appropriate workflow file, typically located in the .github/workflows directory. This YAML file defines the code scanning configuration and specifies the events that trigger the scan (e.g., push, pull_request).
Without the workflow file in the branch, GitHub Actions will not execute the code scanning process for that branch. The repository's visibility (private or public), the status of secret scanning, or the activity level of developers do not directly influence the triggering of code scanning.
