GH-500 GitHub Advanced Security Free Demo Questions – Try Before You Buy

Question 1

When does Dependabot alert you of a vulnerability in your software development process?

A

When a pull request adding a vulnerable dependency is opened

B

As soon as a vulnerable dependency is detected

C

As soon as a pull request is opened by a contributor

D

When Dependabot opens a pull request to update a vulnerable dependency

Correct Answer: B

Explanation:

Dependabot alerts are generated as soon as GitHub detects a known vulnerability in one of your
dependencies. GitHub does this by analyzing your repository’s dependency graph and matching it
against vulnerabilities listed in the GitHub Advisory Database. Once a match is found, the system
raises an alert automatically without waiting for a PR or manual action.
This allows organizations to proactively mitigate vulnerabilities as early as possible, based on realtime
detection.

Question 2

When does Dependabot alert you of a vulnerability in your software development process?

A

When a pull request adding a vulnerable dependency is opened

B

As soon as a vulnerable dependency is detected

C

As soon as a pull request is opened by a contributor

D

When Dependabot opens a pull request to update a vulnerable dependency

Correct Answer: B

Explanation:

Dependabot alerts are generated as soon as GitHub detects a known vulnerability in one of your
dependencies. GitHub does this by analyzing your repository’s dependency graph and matching it
against vulnerabilities listed in the GitHub Advisory Database. Once a match is found, the system
raises an alert automatically without waiting for a PR or manual action.
This allows organizations to proactively mitigate vulnerabilities as early as possible, based on realtime
detection.

Question 3

After investigating a code scanning alert related to injection, you determine that the input is properly
sanitized using custom logic. What should be your next step?

A

Draft a pull request to update the open-source query.

B

Ignore the alert.

C

Open an issue in the CodeQL repository

D

Dismiss the alert with the reason "false positive."

Correct Answer: D

Explanation:

When you identify that a code scanning alert is a false positive—such as when your code uses a
custom sanitization method not recognized by the analysis—you should dismiss the alert with the
reason "false positive." This action helps improve the accuracy of future analyses and maintains the
relevance of your security alerts. As per GitHub's documentation:

Demo Microsoft GH-500 Exam Questions

When does Dependabot alert you of a vulnerability in your software development process?

When a pull request adding a vulnerable dependency is opened

As soon as a vulnerable dependency is detected

As soon as a pull request is opened by a contributor

When Dependabot opens a pull request to update a vulnerable dependency

Correct Answer: B

When does Dependabot alert you of a vulnerability in your software development process?

When a pull request adding a vulnerable dependency is opened

As soon as a vulnerable dependency is detected

As soon as a pull request is opened by a contributor

When Dependabot opens a pull request to update a vulnerable dependency

Correct Answer: B

After investigating a code scanning alert related to injection, you determine that the input is properly
sanitized using custom logic. What should be your next step?

Draft a pull request to update the open-source query.

Ignore the alert.

Open an issue in the CodeQL repository

Dismiss the alert with the reason "false positive."

Correct Answer: D

– [Configure and Use Code Scanning]

C. Open an issue in the CodeQL repository.

D. Dismiss the alert with the reason "false positive."

A. Draft a pull request to update the open-source query.

"If you dismiss a CodeQL alert as a false positive result, for example because the code uses a

sanitization library that isn't supported, consider contributing to the CodeQL repository and improving the analysis."

Demo Practice Mode

Demo Microsoft GH-500 Exam Questions

When does Dependabot alert you of a vulnerability in your software development process?

When a pull request adding a vulnerable dependency is opened

As soon as a vulnerable dependency is detected

As soon as a pull request is opened by a contributor

When Dependabot opens a pull request to update a vulnerable dependency

Correct Answer: B

When does Dependabot alert you of a vulnerability in your software development process?

When a pull request adding a vulnerable dependency is opened

As soon as a vulnerable dependency is detected

As soon as a pull request is opened by a contributor

When Dependabot opens a pull request to update a vulnerable dependency

Correct Answer: B

After investigating a code scanning alert related to injection, you determine that the input is properlysanitized using custom logic. What should be your next step?

Draft a pull request to update the open-source query.

Ignore the alert.

Open an issue in the CodeQL repository

Dismiss the alert with the reason "false positive."

Correct Answer: D

– [Configure and Use Code Scanning]

C. Open an issue in the CodeQL repository.

D. Dismiss the alert with the reason "false positive."

A. Draft a pull request to update the open-source query.

"If you dismiss a CodeQL alert as a false positive result, for example because the code uses a

sanitization library that isn't supported, consider contributing to the CodeQL repository and improving the analysis."

Demo Practice Mode

After investigating a code scanning alert related to injection, you determine that the input is properly
sanitized using custom logic. What should be your next step?