
[Nov-2025] Updated Microsoft GH-500 Dumps – PDF & Online Engine
GH-500.pdf - Questions Answers PDF Sample Questions Reliable
NEW QUESTION # 39
What is the purpose of the SECURITY.md file in a GitHub repository?
- A. contributing.md
- B. readme.md
- C. support.md
- D. security.md
Answer: D
Explanation:
The correct place to look is the SECURITY.md file. This file provides contributors and security researchers with instructions on how to responsibly report vulnerabilities. It may include contact methods, preferred communication channels (e.g., security team email), and disclosure guidelines.
This file is considered a GitHub best practice and, when present, activates a "Report a vulnerability" button in the repository's Security tab.
NEW QUESTION # 40
What combination of security measures helps to mitigate risks throughout the SDLC (Software Development Life Cycle)?
- A. Confidentially report security vulnerabilities and privately discuss and fix security vulnerabilities in your repository's code
- B. View alerts about dependencies that are known to contain security vulnerabilities
- C. Automatically raise pull requests, which reduces your exposure to older versions of dependencies
- D. Search for potential security vulnerabilities, detect secrets, and show the full impact of changes to dependencies
Answer: D
Explanation:
These three features provide a complete layer of defense:
Code scanning identifies security flaws in your source code
Secret scanning detects exposed credentials
Dependency review shows the impact of package changes during a pull request Together, they give developers actionable insight into risk and coverage throughout the SDLC.
NEW QUESTION # 41
A secret scanning alert should be closed as "used in tests" when a secret is:
- A. Not a secret in the production environment.
- B. In the readme.md file.
- C. In a test file.
- D. Solely used for tests.
Answer: D
Explanation:
If a secret is intentionally used in a test environment and poses no real-world security risk, you may close the alert with the reason "used in tests". This helps reduce noise and clarify that the alert was reviewed and accepted as non-critical.
Just being in a test file isn't enough unless its purpose is purely for testing.
NEW QUESTION # 42
What happens when you enable secret scanning on a private repository?
- A. Repository administrators can view Dependabot alerts.
- B. GitHub performs a read-only analysis on the repository.
- C. Dependency review, secret scanning, and code scanning are enabled.
- D. Your team is subscribed to security alerts.
Answer: B
Explanation:
When secret scanning is enabled on a private repository, GitHub performs a read-only analysis of the repository's contents. This includes the entire Git history and files to identify strings that match known secret patterns or custom-defined patterns.
GitHub does not alter the repository, and enabling secret scanning does not automatically enable code scanning or dependency review - each must be configured separately.
NEW QUESTION # 43
Where can you find a deleted line of code that contained a secret value?
- A. Commits
- B. Dependency graph
- C. Insights
- D. Issues
Answer: A
Explanation:
Secrets committed and then deleted are still accessible in the repository's Git history. To locate them, navigate to the Commits tab. GitHub's secret scanning can detect secrets in both current and historical commits, which is why remediation should also include revoking the secret, not just removing it from the latest code.
NEW QUESTION # 44
What is a prerequisite to define a custom pattern for a repository?
- A. Specify additional match criteria
- B. Enable secret scanning
- C. Change the repository visibility to Internal
- D. Close other secret scanning alerts
Answer: B
Explanation:
You must enable secret scanning before defining custom patterns. Secret scanning provides the foundational capability for detecting exposed credentials, and custom patterns build upon that by allowing organizations to specify their own regex-based patterns for secrets unique to their environment.
Without enabling secret scanning, GitHub will not process or apply custom patterns.
NEW QUESTION # 45
The autobuild step in the CodeQL workflow has failed. What should you do?
- A. Compile the source code.
- B. Use CodeQL, which implicitly detects the supported languages in your code base.
- C. Remove the autobuild step from your code scanning workflow and add specific build steps.
- D. Remove specific build steps.
Answer: C
Explanation:
If autobuild fails (which attempts to automatically detect how to build your project), you should disable it in your workflow and replace it with explicit build commands, using steps like run: make or run: ./gradlew build.
This ensures CodeQL can still extract and analyze the code correctly.
NEW QUESTION # 46
How do I configure a webhook to monitor key scan alert events? What are the steps of this operation?
- A. Dismiss alerts that are older than 90 days.
- B. Configure a webhook to monitor for secret scanning alert events.
- C. Document alternatives to storing secrets in the source code.
- D. Enable system for cross-domain identity management (SCIM) provisioning for the enterprise.
Answer: B,C
Explanation:
To proactively address secret scanning:
Webhooks can be configured to listen for secret scanning events. This allows automation, logging, or alerting in real-time when secrets are detected.
Documenting secure development practices (like using environment variables or secret managers) helps reduce the likelihood of developers committing secrets in the first place.
Dismissal based on age is not a best practice without triage. SCIM deals with user provisioning, not scanning alerts.
NEW QUESTION # 47
What does code scanning do?
- A. It prevents code pushes with vulnerabilities as a pre-receive hook
- B. It contacts maintainers to ask them to create security advisories if a vulnerability is found
- C. It analyzes a GitHub repository to find security vulnerabilities
- D. It scans your entire Git history on branches present in your GitHub repository for any secrets
Answer: C
Explanation:
Code scanning is a static analysis feature that examines your source code to identify security vulnerabilities and coding errors. It runs either on every push, pull request, or a scheduled time depending on the workflow configuration.
It does not automatically contact maintainers, scan full Git history, or block pushes unless explicitly configured to do so.
NEW QUESTION # 48
When secret scanning detects a set of credentials on a public repository, what does GitHub do?
- A. It scans the contents of the commits for additional secrets.
- B. It displays a public alert in the Security tab of the repository.
- C. It sends a notification to repository members.
- D. It notifies the service provider who issued the secret.
Answer: D
Explanation:
When a public repository contains credentials that match known secret formats, GitHub will automatically notify the service provider that issued the secret. This process is known as "secret scanning partner notification". The provider may then revoke the secret or contact the user directly.
GitHub does not publicly display the alert and does not send internal repository notifications for public detections.
NEW QUESTION # 49
Where can you view code scanning results from CodeQL analysis?
- A. At Security advisories
- B. The repository's code scanning alerts
- C. A CodeQL query pack
- D. A CodeQL database
Answer: B
Explanation:
All results from CodeQL analysis appear under the repository's code scanning alerts tab. This section is part of the Security tab and provides a list of all current, fixed, and dismissed alerts found by CodeQL.
A CodeQL database is used internally during scanning but does not display results. Query packs contain rules, not results. Security advisories are for published vulnerabilities, not per-repo findings.
NEW QUESTION # 50
Which CodeQL query suite provides queries of lower severity than the default query suite?
- A. github/codeql/cpp/ql/src@main
- B. security-extended
- C. github/codeql-go/ql/src@main
Answer: B
Explanation:
The security-extended query suite includes additional CodeQL queries that detect lower severity issues than those in the default security-and-quality suite.
It's often used when projects want broader visibility into code hygiene and potential weak spots beyond critical vulnerabilities.
The other options listed are paths to language packs, not query suites themselves.
NEW QUESTION # 51
In a private repository, what minimum requirements does GitHub need to generate a dependency graph? (Each answer presents part of the solution. Choose two.)
- A. Read-only access to the dependency manifest and lock files for a repository
- B. Read-only access to all the repository's files
- C. Dependency graph enabled at the organization level for all new private repositories
- D. Write access to the dependency manifest and lock files for an enterprise
Answer: A,C
Explanation:
Comprehensive and Detailed Explanation:
To generate a dependency graph for a private repository, GitHub requires:
Dependency graph enabled: The repository must have the dependency graph feature enabled. This can be configured at the organization level to apply to all new private repositories.
Access to manifest and lock files: GitHub needs read-only access to the repository's dependency manifest and lock files (e.g., package.json, requirements.txt) to identify and map dependencies.
NEW QUESTION # 52
When using the advanced CodeQL code scanning setup, what is the name of the workflow file?
- A. codeql-analysis.yml
- B. codeql-workflow.yml
- C. codeql-scan.yml
- D. codeql-config.yml
Answer: A
Explanation:
Comprehensive and Detailed Explanation:
In the advanced setup for CodeQL code scanning, GitHub generates a workflow file named codeql-analysis.yml. This file is located in the .github/workflows directory of your repository. It defines the configuration for the CodeQL analysis, including the languages to analyze, the events that trigger the analysis, and the steps to perform during the workflow.
NEW QUESTION # 53
Which of the following statements best describes secret scanning push protection?
- A. Commits that contain secrets are blocked before code is added to the repository.
- B. Users need to reply to a 2FA challenge before any push events.
- C. Buttons for sensitive actions in the GitHub UI are disabled.
- D. Secret scanning alerts must be closed before a branch can be merged into the repository.
Answer: A
Explanation:
Comprehensive and Detailed Explanation:
Secret scanning push protection is a proactive feature that scans for secrets in your code during the push process. If a secret is detected, the push is blocked, preventing the secret from being added to the repository. This helps prevent accidental exposure of sensitive information.
GitHub Docs
NEW QUESTION # 54
Which of the following statements most accurately describes push protection for secret scanning custom patterns?
- A. Push protection must be enabled for all, or none, of a repository's custom patterns.
- B. Push protection is an opt-in experience for each custom pattern.
- C. Push protection is not available for custom patterns.
- D. Push protection is enabled by default for new custom patterns.
Answer: B
Explanation:
Comprehensive and Detailed Explanation:
Push protection for secret scanning custom patterns is an opt-in feature. This means that for each custom pattern defined in a repository, maintainers can choose to enable or disable push protection individually. This provides flexibility, allowing teams to enforce push protection on sensitive patterns while leaving it disabled for others.
NEW QUESTION # 55
......
Microsoft GH-500 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
Microsoft GH-500 Dumps PDF Are going to be The Best Score: https://www.actualvce.com/Microsoft/GH-500-valid-vce-dumps.html
GitHub Administrator GH-500 Exam and Certification Test Engine: https://drive.google.com/open?id=1YwpGgo3pKX5NCYQOA-Kp3V88Qu9bKVAb