GitHub Advanced Security Questions and Answers

200 questions organized by topic with detailed explanations

GitHub

GH-500

200 questions

5 topics

Updated May 2026

Describe the GHAS security features and functionality

31 questions8 easy15 medium8 hard~15% of exam

Who can view security data across all repositories in an organization from security overview?Security overview shows no alerts for a repository. What is still possible?A compliance team notices that security overview shows different values for the same historical period when checked a mo...

Configure and use secret scanning

29 questions8 easy13 medium8 hard~15% of exam

If a contributor bypasses repository push protection and chooses `I'll fix it later`, what alert state does GitHub creat...For which repository type does secret scanning run automatically for free?Which activity can repository push protection block when a supported secret is detected?

Configure and use Dependabot and Dependency Review

71 questions18 easy34 medium19 hard~35% of exam

A team wants dependency review to fail only for high or critical vulnerabilities and also enforce license rules. What sh...Which feature shows dependency changes and vulnerability information on the Files changed tab of a pull request?After private registries are configured, some Dependabot version updates fail because manifest processing needs external...

Configure and use Code Scanning with CodeQL

49 questions12 easy25 medium12 hard~25% of exam

Which built-in CodeQL query suite is designed to be more precise and return fewer false positives?What happens if a repository switches from advanced setup to default setup for CodeQL?An organization assigns a self-hosted runner to a repository that already uses code scanning default setup. What must be...

Describe GitHub Advanced Security best practices, results, and how to take corrective measures

20 questions6 easy13 medium1 hard~10% of exam

A developer accepts a Copilot Autofix suggestion for a code scanning alert. What should they verify before merging?A security lead wants to prevent hardcoded credentials from ever reaching repository history. Which control is the best ...What should be used for consistent compliance or auditing reports when security overview dashboard numbers might change ...

All Questions

#	Question	Topic	Difficulty
1	A developer accepts a Copilot Autofix suggestion for a code scanning alert. What should they verify ...	Describe GitHub Advanced Security best practices, results, and how to take corrective measures	medium
2	A team wants dependency review to fail only for high or critical vulnerabilities and also enforce li...	Configure and use Dependabot and Dependency Review	medium
3	Which feature shows dependency changes and vulnerability information on the Files changed tab of a p...	Configure and use Dependabot and Dependency Review	easy
4	After private registries are configured, some Dependabot version updates fail because manifest proce...	Configure and use Dependabot and Dependency Review	hard
5	Who can view security data across all repositories in an organization from security overview?	Describe the GHAS security features and functionality	medium

Sign in to see all 200 questions

Create a free account to browse all questions — completely free during our launch phase.

Sign Up Free Sign In

Ready to test your knowledge?

Take a full GitHub Advanced Security practice test with timed exam simulation.

Start Practice Test