GitHub Advanced Security (GH-500) Free Practice Test

Question 1

After defining a secret scanning custom pattern, what is the final step before publishing the pattern?

A. performing a dry run

B. enabling push protection

C. adding additional match requirements

D. defining a custom pattern

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 2

What is the difference between scheduled versus triggered events in code scanning?

A. Scheduled events can only be set up by administrators.

B. Scheduled events run based on a specified schedule and triggered events run on code events such as a push.

C. Triggered events run less frequently than scheduled events.

D. Scheduled events are more difficult to configure than triggered events.

Correct Answer: B

Question 3

In the pull request, how can developers avoid adding new dependencies with known vulnerabilities?

A. Enable Dependabot security updates.

B. Add Dependabot rules.

C. Add a workflow with the dependency review action.

D. Enable Dependabot alerts.

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 4

Which security feature shows a vulnerable dependency in a pull request?

A. Dependabot alert

B. dependency graph

C. the repository's Security tab

D. dependency review

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 5

Where can a user change a repository's code scanning severity threshold that fails a pull request status check?

A. Security tab

B. Settings tab

C. Pull Requests tab

D. Actions tab

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 6

What are Dependabot security updates?

A. automated pull requests that keep your dependencies updated, even when they don't have any vulnerabilities

B. automated pull requests to update the manifest to the latest version of the dependency

C. automated pull requests that help you update dependencies that have known vulnerabilities

D. compatibility scores to let you know whether updating a dependency could cause breaking changes to your project

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 7

What classification is used to categorize Dependabot alerts? Each correct answer presents part of the solution. (Choose three.)

A. Exploit Prediction Scoring System (EPSS)

B. Common Weakness Enumeration (CWE)

C. Static Application Security Testing (SAST)

D. Common Vulnerabilities and Exposures (CVE)

E. GitHub Security Advisory ID (GHSA)

Correct Answer: A,B,D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 8

Where can you use CodeQL analysis for code scanning? Each answer presents part of the solution. (Choose two.)

A. in a workflow

B. in the Files changed tab of the pull request

C. in an external continuous integration (CI) system

D. in a third-party Git repository

Correct Answer: A,C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 9

By default, who will receive an e-mail when a secret has been detected in a repository? Each answer presents a complete solution. (Choose two.)

A. users with the Write repository role

B. users with the Maintain repository role

C. user who committed the secret

D. security analyst

E. users with the Admin repository role

Correct Answer: C,E

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Welcome to TestSimulate

Microsoft GitHub Advanced Security (GH-500) Free Practice Test