Online Access Free GH-500 Exam Questions

Which CodeQL query suite provides queries of lower severity than the default query suite?

• A.github/codeql/cpp/ql/src@main
• B.security-extended
• C.github/codeql-go/ql/src@main

You are a maintainer of a repository and Dependabot notifies you of a vulnerability. Where could the vulnerability have been disclosed? (Each answer presents part of the solution. Choose two.)

• A.In security advisories reported on GitHub
• B.In manifest and lock files
• C.In the dependency graph
• D.In the National Vulnerability Database

Secret scanning will scan:

• A.The GitHub repository.
• B.Any Git repository.
• C.A continuous integration system.
• D.External services.

Assuming that notification settings and Dependabot alert recipients have not been customized, which user account setting should you use to get an alert when a vulnerability is detected in one of your repositories?

• A.Enable all for Dependabot alerts
• B.Enable all for Dependency graph
• C.Enable all in existing repositories
• D.Enable by default for new public repositories

How do I configure a webhook to monitor key scan alert events? What are the steps of this operation?

• A.Dismiss alerts that are older than 90 days.
• B.Enable system for cross-domain identity management (SCIM) provisioning for the enterprise.
• C.Configure a webhook to monitor for secret scanning alert events.
• D.Document alternatives to storing secrets in the source code.