GH-500 by Microsoft Actual Free Exam Questions And Answers

Question 1

Which of the following formats are used to describe a code scanning alert from CodeQL?

A. Common Vulnerabilities and Exposures (CVE)

B. Vulnerability Exploitability eXchange (VEX)

C. GitHub Security Advisory (GHSA)

D. Common Weakness Enumeration (CWE)

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 2

Which of the following formats are used to describe a Dependabot alert? Each answer presents a complete solution. (Choose two.)

A. Exploit Prediction Scoring System (EPSS)

B. Common Vulnerabilities and Exposures (CVE)

C. Vulnerability Exploitability eXchange (VEX)

D. Common Weakness Enumeration (CWE)

Discussion 0

Correct Answer: C,D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 3

Assuming that no custom Dependabot behavior is configured, who has the ability to merge a pull request created via Dependabot security updates?

A. an enterprise administrator

B. a user who has write access to the repository

C. a user who has read access to the repository

D. a repository member of an enterprise organization

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 4

Which of the following benefits do code scanning, secret scanning, and dependency review provide?

A. Search for potential security vulnerabilities, detect secrets, and show the full impact of changes to dependencies.

B. Automatically raise pull requests, which reduces your exposure to older versions of dependencies.

C. Confidentially report security vulnerabilities and privately discuss and fix security vulnerabilities in your repository's code.

D. View alerts about dependencies that are known to contain security vulnerabilities.

Discussion 0

Correct Answer: A Vote an answer

Question 5

What classification is used to categorize Dependabot alerts? Each correct answer presents part of the solution. (Choose three.)

A. Exploit Prediction Scoring System (EPSS)

B. Common Vulnerabilities and Exposures (CVE)

C. GitHub Security Advisory ID (GHSA)

D. Static Application Security Testing (SAST)

E. Common Weakness Enumeration (CWE)

Discussion 0

Correct Answer: A,B,E Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 6

Which Dependabot configuration fields are required? Each answer presents part of the solution.
(Choose three.)

A. package-ecosystem

B. allow

C. directory

D. milestone

E. schedule.interval

Discussion 0

Correct Answer: A,C,E Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 7

By default, what is the minimum role needed to bypass push protection in a repository?

A. Write

B. Admin

C. Triage

D. Maintain

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 8

To be compatible with code scanning, what data format must third-party code scanning tools use for output?

A. ESLint

B. YAML

C. Static Analysis Results Interchange Format (SARIF)

D. comma separated values (CSV)

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 9

Using advanced setup, which code scanning configuration would help detect vulnerabilities before they are added to a shared branch?

A. on:
schedule:

B. on:
workflow_dispatch:

C. on:
issues:

D. on:
pull_request:

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Microsoft GitHub Advanced Security - GH-500 Exam Practice Test

Contact Us

Useful Links

Latest Updated