GH-500 GitHub Advanced Security Free Demo Questions – Try Before You Buy

Question 1

As a repository owner, you want to receive specific notifications, including security alerts, for an
individual repository. Which repository notification setting should you use?

A

Ignore

B

Participating and @mentions

C

All Activity

D

Custom

Correct Answer: D

Explanation:

This setting is configurable per repository and allows users to stay aware of critical issues while
minimizing notification noise.
Page 6
Using the Custom setting allows you to subscribe to specific event types, such as Dependabot alerts
or vulnerability notifications, without being overwhelmed by all repository activity. This is essential
for repository maintainers who need fine-grained control over what kinds of events trigger
noti ficati ons.

Question 2

What is a security policy?

A

An automatic detection of security vulnerabilities and coding errors in new or modified code

B

B. A security alert issued to a community in response to a vulnerability

C

A file in a GitHub repository that provides instructions to users about how to report a security
vulnerability

D

An alert about dependencies that are known to contain security vulnerabilities
Adding this file also enables a “Report a vulnerability” button in the repository’s Security tab.

Correct Answer: C

Explanation:

A security policy is defined by a SECURITY.md file in the root of your repository or .github/ directory.
This file informs contributors and security researchers about how to responsibly report
vulnerabilities. It improves your project’s transparency and ensures timely communication and
mitigation of any reported issues.A security policy is defined by a SECURITY.md file in the root of your repository or .github/ directory.
This file informs contributors and security researchers about how to responsibly report
vulnerabilities. It improves your project’s transparency and ensures timely communication and
mitigation of any reported issues.A security policy is defined by a SECURITY.md file in the root of your repository or .github/ directory.
This file informs contributors and security researchers about how to responsibly report
vulnerabilities. It improves your project’s transparency and ensures timely communication and
mitigation of any reported issues.

Question 3

Which of the following is the most complete method for Dependabot to find vulnerabilities in thirdparty
dependencies?

A

An automatic detection of security vulnerabilities and coding errors in new or modified code

B

CodeQL analyzes the code and raises vulnerabilities in third-party dependencies

C

A dependency graph is created, and Dependabot compares the graph to the GitHub Advisory
database

D

The build tool finds the vulnerable dependencies and calls the Dependabot API

Correct Answer: C

Explanation:

Dependabot builds a dependency graph by analyzing package manifests and lockfiles in your
repository. This graph includes both direct and transitive dependencies. It then compares this graph
against the GitHub Advisory Database, which includes curated, security-reviewed advisories.

Demo Microsoft GH-500 Exam Questions

As a repository owner, you want to receive specific notifications, including security alerts, for an
individual repository. Which repository notification setting should you use?

Ignore

Participating and @mentions

All Activity

Custom

Correct Answer: D

What is a security policy?

An automatic detection of security vulnerabilities and coding errors in new or modified code

B. A security alert issued to a community in response to a vulnerability

A file in a GitHub repository that provides instructions to users about how to report a security
vulnerability

An alert about dependencies that are known to contain security vulnerabilities
Adding this file also enables a “Report a vulnerability” button in the repository’s Security tab.

Correct Answer: C

Which of the following is the most complete method for Dependabot to find vulnerabilities in thirdparty
dependencies?

An automatic detection of security vulnerabilities and coding errors in new or modified code

CodeQL analyzes the code and raises vulnerabilities in third-party dependencies

A dependency graph is created, and Dependabot compares the graph to the GitHub Advisory
database

The build tool finds the vulnerable dependencies and calls the Dependabot API

Correct Answer: C

Dependabot builds a dependency graph by analyzing package manifests and lockfiles in your
repository. This graph includes both direct and transitive dependencies. It then compares this graph
against the GitHub Advisory Database, which includes curated, security-reviewed advisories.

This method provides a comprehensive and automated way to discover all known vulnerabilities
across your dependency tree.

Demo Practice Mode

Demo Microsoft GH-500 Exam Questions

As a repository owner, you want to receive specific notifications, including security alerts, for anindividual repository. Which repository notification setting should you use?

Ignore

Participating and @mentions

All Activity

Custom

Correct Answer: D

What is a security policy?

An automatic detection of security vulnerabilities and coding errors in new or modified code

B. A security alert issued to a community in response to a vulnerability

A file in a GitHub repository that provides instructions to users about how to report a securityvulnerability

An alert about dependencies that are known to contain security vulnerabilitiesAdding this file also enables a “Report a vulnerability” button in the repository’s Security tab.

Correct Answer: C

Which of the following is the most complete method for Dependabot to find vulnerabilities in thirdpartydependencies?

An automatic detection of security vulnerabilities and coding errors in new or modified code

CodeQL analyzes the code and raises vulnerabilities in third-party dependencies

A dependency graph is created, and Dependabot compares the graph to the GitHub Advisorydatabase

The build tool finds the vulnerable dependencies and calls the Dependabot API

Correct Answer: C

Dependabot builds a dependency graph by analyzing package manifests and lockfiles in yourrepository. This graph includes both direct and transitive dependencies. It then compares this graphagainst the GitHub Advisory Database, which includes curated, security-reviewed advisories.

This method provides a comprehensive and automated way to discover all known vulnerabilitiesacross your dependency tree.

Demo Practice Mode

As a repository owner, you want to receive specific notifications, including security alerts, for an
individual repository. Which repository notification setting should you use?

A file in a GitHub repository that provides instructions to users about how to report a security
vulnerability

An alert about dependencies that are known to contain security vulnerabilities
Adding this file also enables a “Report a vulnerability” button in the repository’s Security tab.

Which of the following is the most complete method for Dependabot to find vulnerabilities in thirdparty
dependencies?

A dependency graph is created, and Dependabot compares the graph to the GitHub Advisory
database

Dependabot builds a dependency graph by analyzing package manifests and lockfiles in your
repository. This graph includes both direct and transitive dependencies. It then compares this graph
against the GitHub Advisory Database, which includes curated, security-reviewed advisories.

This method provides a comprehensive and automated way to discover all known vulnerabilities
across your dependency tree.