01. How does Dependabot use the dependency graph in GitHub Advanced Security (GHAS)?
a) To identify and address security vulnerabilities in the codebase.
b) To automatically update project dependencies to their latest, secure versions.
c) To generate alerts for potential security vulnerabilities in project dependencies.
d) To cross-reference dependency data with the GitHub Advisory Database.
02. How does secret scanning availability differ for public and private repositories on GitHub?
a) Secret scanning is only available for public repositories.
b) Secret scanning is only available for private repositories.
c) Secret scanning is available for both public and private repositories, but the configuration options may differ.
d) Secret scanning is not available for either public or private repositories.
03. What are the permissions and roles required to enable Dependabot alerts on GitHub?
a) Only users with admin access to a repository can enable Dependabot alerts.
b) Only repository maintainers can enable Dependabot alerts.
c) Only users with write access to a repository can enable Dependabot alerts.
d) Any user with access to a repository can enable Dependabot alerts.
04. What is the exportable SBOM format created by the dependency graph on GitHub?
a) CycloneDX.
b) SPDX.
c) SWID.
d) All of the above.
05. Which of the following is NOT an action a user can take when they receive an alert from GitHub Advanced Security (GHAS)?
a) Ignore the alert.
b) Dismiss the alert.
c) Report the alert to GitHub.
d) Investigate the alert and take appropriate action.
06. How does GitHub Advanced Security (GHAS) help integrate security into each step of the software development life cycle?
a) By providing a comprehensive dashboard summarizing the security status of the repository.
b) By automating security checks with every pull request, surfacing issues in the context of the development workflow.
c) By generating alerts for outdated dependencies in a project.
d) By providing access to curated security intelligence from millions of developers and security researchers around the world.
07. What are the default settings for Dependabot alerts in public and private repositories on GitHub?
a) Dependabot alerts are enabled by default for public repositories and disabled by default for private repositories.
b) Dependabot alerts are disabled by default for both public and private repositories.
c) Dependabot alerts are enabled by default for both public and private repositories.
d) Dependabot alerts are disabled by default for public repositories and enabled by default for private repositories.
08. What is the difference between scheduled versus triggered events in code scanning?
a) Scheduled events are more difficult to configure than triggered events.
b) Scheduled events run based on a specified schedule and triggered events run on code events such as a push.
c) Triggered events run less frequently than scheduled events.
d) Scheduled events can only be set up by administrators.
09. When code scanning is enabled, what is one default event that triggers a scan?
a) Creating a new branch.
b) Deleting a branch.
d) Merging a branch.
10. Which two pieces of information should be included in a security advisory?
a) Product affected and severity.
b) Severity and exposure list.
c) Administrator name and severity.
d) Exposures list and administrator name.
The purpose of this Sample Question Set is to provide you with information about the Microsoft GitHub Advanced Security exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the GH-500 certification test. To get familiar with real exam environment, we suggest you try our Sample Microsoft GitHub Advanced Security Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual Microsoft GitHub Advanced Security certification exam.