Home
Microsoft
GH-500 Exam Info
GH-500 Exam Questions

Home ❯
Microsoft ❯
GH-500 Exam Info ❯
GH-500 Exam Questions

Ace Microsoft GitHub Advanced Security Exam GH-500: Your Key to Cloud Security Mastery

Ready to elevate your cloud security expertise and stand out in the competitive DevSecOps landscape? Our comprehensive GH-500 practice questions are your secret weapon for conquering the Microsoft GitHub Advanced Security Exam. Crafted by industry veterans, our materials go beyond mere memorization, immersing you in real-world scenarios that sharpen your skills in threat modeling, code scanning, and vulnerability management. Whether you prefer the portability of PDFs, the convenience of web-based tools, or the robust features of desktop software, we've got you covered. Don't let imposter syndrome hold you back â€“ join thousands of successful candidates who've leveraged our resources to land coveted roles in application security and secure DevOps. Time is ticking, and top employers are actively seeking GH-500 certified professionals. Invest in your future today and unlock a world of opportunities in cloud-native security!

Page: 1 /
Total 75 questions

Unlock 75 Premium Questions Get Free Questions & Answers PDF

Question 1

-- [Configure and Use Dependency Management]

Which security feature shows a vulnerable dependency in a pull request?

ADependency graph

BDependency review

CDependabot alert

DThe repository's Security tab

Correct : B

Dependency review runs as part of a pull request and shows which dependencies are being added, removed, or changed --- and highlights vulnerabilities associated with any added packages.

It works in real-time and is specifically designed for use during pull request workflows.

The dependency graph is an overview, Dependabot alerts notify post-merge, and the Security tab shows the aggregated alert list.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

ADependency graph

BDependency review

CDependabot alert

DThe repository's Security tab

0 / 1500

Question 2

-- [Configure and Use Code Scanning]

Who can fix a code scanning alert on a private repository?

AUsers who have the Triage role within the repository

BUsers who have Read permissions within the repository

CUsers who have Write access to the repository

DUsers who have the security manager role within the repository

Correct : C

Comprehensive and Detailed Explanation:

In private repositories, users with write access can fix code scanning alerts. They can do this by committing changes that address the issues identified by the code scanning tools. This level of access ensures that only trusted contributors can modify the code to resolve potential security vulnerabilities.

GitHub Docs

Users with read or triage roles do not have the necessary permissions to make code changes, and the security manager role is primarily focused on managing security settings rather than directly modifying code.

GitHub Docs

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AUsers who have the Triage role within the repository

BUsers who have Read permissions within the repository

CUsers who have Write access to the repository

DUsers who have the security manager role within the repository

0 / 1500

Question 3

-- [Use Code Scanning with CodeQL]

The autobuild step in the CodeQL workflow has failed. What should you do?

ARemove specific build steps.

BCompile the source code.

CRemove the autobuild step from your code scanning workflow and add specific build steps.

DUse CodeQL, which implicitly detects the supported languages in your code base.

Correct : C

If autobuild fails (which attempts to automatically detect how to build your project), you should disable it in your workflow and replace it with explicit build commands, using steps like run: make or run: ./gradlew build.

This ensures CodeQL can still extract and analyze the code correctly.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

ARemove specific build steps.

BCompile the source code.

CRemove the autobuild step from your code scanning workflow and add specific build steps.

DUse CodeQL, which implicitly detects the supported languages in your code base.

0 / 1500

Question 4

-- [Configure and Use Secret Scanning]

Which of the following statements best describes secret scanning push protection?

ACommits that contain secrets are blocked before code is added to the repository.

BSecret scanning alerts must be closed before a branch can be merged into the repository.

CButtons for sensitive actions in the GitHub UI are disabled.

DUsers need to reply to a 2FA challenge before any push events.

Correct : A

Comprehensive and Detailed Explanation:

Secret scanning push protection is a proactive feature that scans for secrets in your code during the push process. If a secret is detected, the push is blocked, preventing the secret from being added to the repository. This helps prevent accidental exposure of sensitive information.

GitHub Docs

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

ACommits that contain secrets are blocked before code is added to the repository.

BSecret scanning alerts must be closed before a branch can be merged into the repository.

CButtons for sensitive actions in the GitHub UI are disabled.

DUsers need to reply to a 2FA challenge before any push events.

0 / 1500

Question 5

-- [Configure and Use Secret Scanning]

Which details do you have to provide to create a custom pattern for secret scanning? (Each answer presents part of the solution. Choose two.)

AThe secret format

BThe name of the pattern

CA list of repositories to scan

DAdditional match requirements for the secret format

Correct : A, B

When defining a custom pattern for secret scanning, two key fields are required:

Name of the pattern: A unique label to identify the pattern

Secret format: A regular expression that defines what the secret looks like (e.g., token format)

You can optionally specify additional match requirements (like required context keywords), but they're not mandatory. Listing repositories is also not part of the required fields during pattern creation.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AThe secret format

BThe name of the pattern

CA list of repositories to scan

DAdditional match requirements for the secret format

0 / 1500

Page: 1 / 15
Total 75 questions

Want to Unlock Everything for
Microsoft GH-500 Exam?

By upgrading to Premium Access, you’ll instantly unlock:

Unlock 75 Premium Questions

Exam Name: GitHub Advanced Security Exam
Exam Code: GH-500
Last Update: 06-Mar-2026
Formats: PDF, Web-based,
Desktop Practice
24/7 Customer Support

Price: $59 (PDF Format)

Get Full Access Now

Marked Questions
GH-500 Exam

GH-500 Exam Question 1
GH-500 Exam Question 2
GH-500 Exam Question 3
GH-500 Exam Question 4
GH-500 Exam Question 5

Download PDF File Demo

Try Web-Based Exam Practice Software Demo

Commenting

In order to participate in the comments you need to be logged-in.
You can sign-up or login