Microsoft GH-500 - GitHub Advanced Security Exam
Page: 2 / 15
Total 75 questions
Question #6 (Topic: Topic 1, Describe the GHAS security features and functionality
)
Which of the following benefits do code scanning, secret scanning, and dependency review provide?
A. Automatically raise pull requests, which reduces your exposure to older versions of dependencies.
B. View alerts about dependencies that are known to contain security vulnerabilities.
C. Search for potential security vulnerabilities, detect secrets, and show the full impact of changes to dependencies.
D. Confidentially report security vulnerabilities and privately discuss and fix security vulnerabilities in your repository’s code.
Answer: C
Question #7 (Topic: Topic 1, Describe the GHAS security features and functionality
)
Which alerts do you see in the repository’s Security tab? Each answer presents part of the solution. (Choose three.)
A. secret scanning alerts
B. Dependabot alerts
C. code scanning alerts
D. security status alerts
E. repository permissions
Answer: ABC
Question #8 (Topic: Topic 1, Describe the GHAS security features and functionality
)
A dependency has a known vulnerability. What does the warning message include?
A. an easily understandable visualization of dependency change
B. a brief description of the vulnerability
C. how many projects use these components
D. the security impact of these changes
Answer: B
Question #9 (Topic: Topic 2, Configure and use secret scanning
)
What is the first step you should take to fix an alert in secret scanning?
A. Remove the secret in a commit to the main branch.
B. Archive the repository.
C. Update your dependencies.
D. Revoke the alert if the secret is still valid.
Answer: D
Question #10 (Topic: Topic 2, Configure and use secret scanning
)
Where in the repository can you give additional users access to secret scanning alerts?
A. Secrets
B. Insights
C. Settings
D. Security
Answer: C
