DUMPS
BASE
EXAM DUMPS
MICROSOFT
GH-500
28% OFF Automatically For You
GitHub Advanced Security
, 1.After investigating a code scanning alert related to injection, you determine that the
input is properly sanitized using custom logic.
What should be your next step?
A. Draft a pull request to update the open-source query.
B. Ignore the alert.
C. Open an issue in the CodeQL repository.
D. Dismiss the alert with the reason "false positive."
Answer: D
Explanation:
When you identify that a code scanning alert is a false positive?such as when your
code uses a custom sanitization method not recognized by the analysis?you should
dismiss the alert with the reason "false positive." This action helps improve the
accuracy of future analyses and maintains the relevance of your security alerts.
ly
th
As per GitHub's documentation:
oo
"If you dismiss a CodeQL alert as a false positive result, for example because the
m
S
code uses a sanitization library that isn't supported, consider contributing to the
m
xa
CodeQL repository and improving the analysis."
E
00
By dismissing the alert appropriately, you ensure that your codebase's security alerts
-5
H
remain actionable and relevant.
G
e
th
s
as
P
2.When does Dependabot alert you of a vulnerability in your software development
ou
Y
process?
p
el
A. When a pull request adding a vulnerable dependency is opened
-H
2)
B. As soon as a vulnerable dependency is detected
0
8.
C. As soon as a pull request is opened by a contributor
(V
ps
D. When Dependabot opens a pull request to update a vulnerable dependency
um
Answer: B
D
00
Explanation:
-5
H
Dependabot alerts are generated as soon as GitHub detects a known vulnerability in
G
ft
one of your dependencies. GitHub does this by analyzing your repository’s
so
ro
dependency graph and matching it against vulnerabilities listed in the GitHub Advisory
ic
M
Database. Once a match is found, the system raises an alert automatically without
waiting for a PR or manual action.
This allows organizations to proactively mitigate vulnerabilities as early as possible,
based on real-time detection.
Reference: GitHub Docs C About Dependabot alerts; Managing alerts in GitHub
Dependabot
3.Which of the following is the most complete method for Dependabot to find
vulnerabilities in third-party dependencies?
A. Dependabot reviews manifest files in the repository
BASE
EXAM DUMPS
MICROSOFT
GH-500
28% OFF Automatically For You
GitHub Advanced Security
, 1.After investigating a code scanning alert related to injection, you determine that the
input is properly sanitized using custom logic.
What should be your next step?
A. Draft a pull request to update the open-source query.
B. Ignore the alert.
C. Open an issue in the CodeQL repository.
D. Dismiss the alert with the reason "false positive."
Answer: D
Explanation:
When you identify that a code scanning alert is a false positive?such as when your
code uses a custom sanitization method not recognized by the analysis?you should
dismiss the alert with the reason "false positive." This action helps improve the
accuracy of future analyses and maintains the relevance of your security alerts.
ly
th
As per GitHub's documentation:
oo
"If you dismiss a CodeQL alert as a false positive result, for example because the
m
S
code uses a sanitization library that isn't supported, consider contributing to the
m
xa
CodeQL repository and improving the analysis."
E
00
By dismissing the alert appropriately, you ensure that your codebase's security alerts
-5
H
remain actionable and relevant.
G
e
th
s
as
P
2.When does Dependabot alert you of a vulnerability in your software development
ou
Y
process?
p
el
A. When a pull request adding a vulnerable dependency is opened
-H
2)
B. As soon as a vulnerable dependency is detected
0
8.
C. As soon as a pull request is opened by a contributor
(V
ps
D. When Dependabot opens a pull request to update a vulnerable dependency
um
Answer: B
D
00
Explanation:
-5
H
Dependabot alerts are generated as soon as GitHub detects a known vulnerability in
G
ft
one of your dependencies. GitHub does this by analyzing your repository’s
so
ro
dependency graph and matching it against vulnerabilities listed in the GitHub Advisory
ic
M
Database. Once a match is found, the system raises an alert automatically without
waiting for a PR or manual action.
This allows organizations to proactively mitigate vulnerabilities as early as possible,
based on real-time detection.
Reference: GitHub Docs C About Dependabot alerts; Managing alerts in GitHub
Dependabot
3.Which of the following is the most complete method for Dependabot to find
vulnerabilities in third-party dependencies?
A. Dependabot reviews manifest files in the repository
