Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

GH-500 by Microsoft - Page 1 | ExamCademy

Mode Selection

Sort:

Question 1

Question 2

Question 3

Question 4

Question 5

That's the end of the Preview

Create a free account to unlock all questions for this exam.

Log In / Sign Up

Know a question that should be here? Contribute to this exam

Which patterns are secret scanning validity checks available to?

A high entropy strings
B custom patterns
C push protection patterns
D partner patterns

What happens when you enable secret scanning on a private repository?

A Repository administrators can view Dependabot alerts.
B Dependency review, secret scanning, and code scanning are enabled.
C Your team is subscribed to security alerts.
D GitHub performs a read-only analysis on the repository.

You are a maintainer of a repository and Dependabot notifies you of a vulnerability. Where could the vulnerability have been disclosed? (Each answer presents part of the solution. Choose two.)

A in the National Vulnerability Database
B in the dependency graph
C in security advisories reported on GitHub
D in manifest and lock files

Which of the following tasks can be performed by a security team as a proactive measure to help address secret scanning alerts? Each answer presents a complete solution. (Choose two.)

A Enable system for cross-domain identity management (SCIM) provisioning for the enterprise.
B Document alternatives to storing secrets in the source code.
C Dismiss alerts that are older than 90 days.
D Configure a webhook to monitor for secret scanning alert events.

Which of the following statements most accurately describes push protection for secret scanning custom patterns?

A Push protection is enabled by default for new custom patterns.
B Push protection must be enabled for all, or none, of a repository’s custom patterns.
C Push protection is not available for custom patterns.
D Push protection is an opt-in experience for each custom pattern.