Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. GitHub
  3. GitHub-Advanced-Security

GitHub GitHub-Advanced-Security Exam (page: 1)
GitHub Advanced Security GHAS
Updated on: 12-Feb-2026

Viewing Page 1 of 16
GitHub-Advanced-Security PDF 75 Questions

­ [Configure and Use Code Scanning]

After investigating a code scanning alert related to injection, you determine that the input is properly sanitized using custom logic.
What should be your next step?

  1. Draft a pull request to update the open-source query.
  2. Ignore the alert.
  3. Open an issue in the CodeQL repository.
  4. Dismiss the alert with the reason "false positive."

Answer(s): D

Explanation:

When you identify that a code scanning alert is a false positive--such as when your code uses a custom sanitization method not recognized by the analysis--you should dismiss the alert with the reason "false positive." This action helps improve the accuracy of future analyses and maintains the relevance of your security alerts.

As per GitHub's documentation:

"If you dismiss a CodeQL alert as a false positive result, for example because the code uses a sanitization library that isn't supported, consider contributing to the CodeQL repository and improving the analysis."

By dismissing the alert appropriately, you ensure that your codebase's security alerts remain actionable and relevant.



­ [Configure and Use Dependency Management]

When does Dependabot alert you of a vulnerability in your software development process?

  1. When a pull request adding a vulnerable dependency is opened
  2. As soon as a vulnerable dependency is detected
  3. As soon as a pull request is opened by a contributor
  4. When Dependabot opens a pull request to update a vulnerable dependency

Answer(s): B

Explanation:

Dependabot alerts are generated as soon as GitHub detects a known vulnerability in one of your dependencies. GitHub does this by analyzing your repository's dependency graph and matching it against vulnerabilities listed in the GitHub Advisory Database. Once a match is found, the system raises an alert automatically without waiting for a PR or manual action.

This allows organizations to proactively mitigate vulnerabilities as early as possible, based on real- time detection.


Reference:

GitHub Docs ­ About Dependabot alerts; Managing alerts in GitHub Dependabot



­ [Configure and Use Dependency Management]

Which of the following is the most complete method for Dependabot to find vulnerabilities in third- party dependencies?

  1. Dependabot reviews manifest files in the repository
  2. CodeQL analyzes the code and raises vulnerabilities in third-party dependencies
  3. A dependency graph is created, and Dependabot compares the graph to the GitHub Advisory database
  4. The build tool finds the vulnerable dependencies and calls the Dependabot API

Answer(s): C

Explanation:

Dependabot builds a dependency graph by analyzing package manifests and lockfiles in your repository. This graph includes both direct and transitive dependencies. It then compares this graph against the GitHub Advisory Database, which includes curated, security-reviewed advisories.

This method provides a comprehensive and automated way to discover all known vulnerabilities across your dependency tree.


Reference:

GitHub Docs ­ About the dependency graph; About Dependabot alerts



­ [Describe the GHAS Security Features and Functionality]

What is a security policy?

  1. An automatic detection of security vulnerabilities and coding errors in new or modified code
  2. A security alert issued to a community in response to a vulnerability
  3. A file in a GitHub repository that provides instructions to users about how to report a security vulnerability
  4. An alert about dependencies that are known to contain security vulnerabilities

Answer(s): C

Explanation:

A security policy is defined by a SECURITY.md file in the root of your repository or .github/ directory. This file informs contributors and security researchers about how to responsibly report vulnerabilities. It improves your project's transparency and ensures timely communication and mitigation of any reported issues.

Adding this file also enables a "Report a vulnerability" button in the repository's Security tab.


Reference:

GitHub Docs ­ Adding a security policy to your repository



­ [Configure GitHub Advanced Security Tools in GitHub Enterprise]

As a repository owner, you want to receive specific notifications, including security alerts, for an individual repository.
Which repository notification setting should you use?

  1. Ignore
  2. Participating and @mentions
  3. All Activity
  4. Custom

Answer(s): D

Explanation:

Using the Custom setting allows you to subscribe to specific event types, such as Dependabot alerts or vulnerability notifications, without being overwhelmed by all repository activity. This is essential for repository maintainers who need fine-grained control over what kinds of events trigger notifications.

This setting is configurable per repository and allows users to stay aware of critical issues while minimizing notification noise.


Reference:

GitHub Docs ­ Configuring notifications; Managing security alerts



Viewing Page 1 of 16



Share your comments for GitHub GitHub-Advanced-Security exam with other users:

Ted 6/21/2023 11:11:00 PM

just paid and downlaod the 2 exams using the 50% sale discount. so far i was able to download the pdf and the test engine. all looks good.
GERMANY


Paul K 11/27/2023 2:28:00 AM

i think it should be a,c. option d goes against the principle of building anything custom unless there are no work arounds available
INDIA


ph 6/16/2023 12:41:00 AM

very legible
Anonymous


sephs2001 7/31/2023 10:42:00 PM

is this exam accurate or helpful?
Anonymous


ash 7/11/2023 3:00:00 AM

please upload dump, i have exam in 2 days
INDIA


Sneha 8/17/2023 6:29:00 PM

this is useful
CANADA


sachin 12/27/2023 2:45:00 PM

question 232 answer should be perimeter not netowrk layer. wrong answer selected
Anonymous


tomAws 7/18/2023 5:05:00 AM

nice questions
BRAZIL


Rahul 6/11/2023 2:07:00 AM

hi team, could you please provide this dump ?
INDIA


TeamOraTech 12/5/2023 9:49:00 AM

very helpful to clear the exam and understand the concept.
Anonymous


Curtis 7/12/2023 8:20:00 PM

i think it is great that you are helping people when they need it. thanks.
UNITED STATES


sam 7/17/2023 6:22:00 PM

cannot evaluate yet
Anonymous


nutz 7/20/2023 1:54:00 AM

a laptops wireless antenna is most likely located in the bezel of the lid
UNITED STATES


rajesh soni 1/17/2024 6:53:00 AM

good examplae to learn basic
INDIA


Tanya 10/25/2023 7:07:00 AM

this is useful information
Anonymous


Nasir Mahmood 12/11/2023 7:32:00 AM

looks usefull
Anonymous


Jason 9/30/2023 1:07:00 PM

question 81 should be c.
CANADA


TestPD1 8/10/2023 12:22:00 PM

question 18 : response isnt a ?
EUROPEAN UNION


ally 8/19/2023 5:31:00 PM

plaese add questions
TURKEY


DIA 10/7/2023 5:59:00 AM

is dumps still valid ?
FRANCE


Annie 7/7/2023 8:33:00 AM

thanks for this
EUROPEAN UNION


arnie 9/17/2023 6:38:00 AM

please upload questions
Anonymous


Tanuj Rana 7/22/2023 2:33:00 AM

please upload the question dump for professional machinelearning
Anonymous


Future practitioner 8/10/2023 1:26:00 PM

question 4 answer is c. this site shows the correct answer as b. "adopt a consumption model" is clearly a cost optimization design principle. looks like im done using this site to study!!!
Anonymous


Ace 8/3/2023 10:37:00 AM

number 52 answer is d
UNITED STATES


Nathan 12/17/2023 12:04:00 PM

just started preparing for my exam , and this site is so much help
Anonymous


Corey 12/29/2023 5:06:00 PM

question 35 is incorrect, the correct answer is c, it even states so: explanation: when a vm is infected with ransomware, you should not restore the vm to the infected vm. this is because the ransomware will still be present on the vm, and it will encrypt the files again. you should also not restore the vm to any vm within the companys subscription. this is because the ransomware could spread to other vms in the subscription. the best way to restore a vm that is infected with ransomware is to restore it to a new azure vm. this will ensure that the ransomware is not present on the new vm.
Anonymous


Rajender 10/18/2023 3:54:00 AM

i would like to take psm1 exam.
Anonymous


Blessious Phiri 8/14/2023 9:53:00 AM

cbd and pdb are key to the database
SOUTH AFRICA


Alkaed 10/19/2022 10:41:00 AM

the purchase and download process is very much streamlined. the xengine application is very nice and user-friendly but there is always room for improvement.
NETHERLANDS


Dave Gregen 9/4/2023 3:17:00 PM

please upload p_sapea_2023
SWEDEN


Sarah 6/13/2023 1:42:00 PM

anyone use this? the question dont seem to follow other formats and terminology i have been studying im getting worried
CANADA


Shuv 10/3/2023 8:19:00 AM

good questions
UNITED STATES


Reb974 8/5/2023 1:44:00 AM

hello are these questions valid for ms-102
CANADA