Free Practice Questions for GitHub Advanced Security (GH-500) Certification
Study with 355 exam-style practice questions designed to help you prepare for the GitHub Advanced Security (GH-500).
Start Practicing
All Domains
Practice with randomly mixed questions from all topics
Domain Mode
Practice questions from a specific topic area
Quiz History
Exam Details
Key information about GitHub Advanced Security (GH-500)
- Multiple choice
- Ordering
- Matching
Candidates with experience using GitHub Advanced Security (GHAS) to secure code, secrets, and dependencies across the software development lifecycle, familiar with GitHub fundamentals, CI/CD, and secure development concepts.
Exam Topics & Skills Assessed
Skills measured (from the official study guide)
Describe GitHub Security suites, features, and ecosystem(15–20%%)
Understand GitHub Security suites and architecture
- GitHub Security suite structure
- GitHub Security suite navigation
- Code Security
- Secret Protection
- Supply Chain Security
- Security feature availability
- Security Overview features and benefits
Apply secure SDLC and security strategies
- Secret Protection interplay with Code Security
- End-to-end secure SDLC with GitHub Security suites
- Prevention-first security approaches
- Gate-based security strategies
- Security campaigns
Detect, manage, and respond to security alerts
- Vulnerability detection mechanisms
- Secret detection mechanisms
- Security alert management
- Security alert policies
- Security alert workflows
- Dismissing alerts best practices
- Alert remediation responsibilities
Manage access, governance, and supply chain security
- Alert access management
- Alert roles
- Delegated bypass
- Enforcement
- Supply chain security concepts
- Alert information across SDLC
Configure and use Secret Protection (formerly secret scanning)(15–20%%)
Enable and configure Secret Protection
- Enable Secret Protection at repository level
- Enable Secret Protection at organization level
- Configure Secret Protection settings
- Secret Protection feature availability
- Secret Protection for public repositories
- Secret Protection for private/enterprise repositories
Prevent secret exposure
- Push Protection
- Validity checks for secrets
- Prioritized alerting for high-confidence secrets
Manage and respond to Secret Protection alerts
- Secret Protection alert lifecycle
- Responding to secret alerts
- Remediation actions for secret alerts
- Dismissing or ignoring secret alerts
Control access, policies, and customization
- Role-based bypass policies
- Delegated bypass policies
- Configure alert recipients
- Configure alert exclusions
- Custom secret patterns
Configure and use supply chain security (formerly Dependabot/Dependency Review)(15–20%%)
Understand and manage dependency and supply chain risks
- Comprehensive dependency security
- Vulnerability databases
- SBOMs (Software Bill of Materials)
- Dependency graph generation
- Dependency graph interpretation
- SBOM export options
- SBOM formats
- SBOM supply chain context
Detect, prioritize, and respond to supply chain alerts
- Supply chain alerts
- Security updates prioritization
- EPSS scoring
- Remediating supply chain alerts
- Security campaigns for remediation
- Pull requests for remediation
- Auto-dismiss behavior
- Security campaign configuration
Secure dependencies during development
- Dependency Review
- Pre-merge checks
- License validation
- Compliance validation
- Dependency Review configuration
- Advanced dependency update rules
- Dependency grouping
- Auto-dismiss dependency updates
- Dependency update strategies
Configure policies, permissions, and integrations
- Permissions for alert assignment
- Role-based alert assignment
- Workflow management for dependency security
- Workflow management for supply chain security
- External notifications
- Webhooks
- Security integrations
Configure and use Code Security (formerly Code Scanning with CodeQL)(10–15%%)
Understand code scanning approaches and tooling
- Native code scanning options
- Third-party code scanning options
- CodeQL
- Third-party analysis tools
- SARIF file ingestion
- SARIF file management
- SARIF interoperability
Set up and configure Code Security
- Enable code security with GitHub Actions
- Enable code security with external CI systems
- Configure code scanning workflows
- Code scanning workflow templates
- Matrix builds
- Scan frequency definition
Analyze, triage, and remediate code scanning results
- Review scan results
- Dataflow analysis insights
- Alert lifecycles
- Autofix capabilities
- Remediation workflows
- Dismissing alerts
- Managing severity classifications
- Managing category classifications
Optimize and automate Code Security operations
- Advanced configuration
- Customization
- Troubleshooting scan failures
- Troubleshooting performance issues
Security operations: best practices, prioritization, and remediation(15–20%%)
Understand vulnerability context and remediation frameworks
- CVE concepts
- CWE concepts
- GitHub Security Advisory concepts
- End-to-end remediation workflows
- Security alerts
- Security advisories
Prioritize and manage security work at scale
- Defining severity rulesets
- Prioritizing severity rulesets
- Enforcing severity rulesets
- Defining remediation rulesets
- Prioritizing remediation rulesets
- Enforcing remediation rulesets
- Campaign-based remediation strategies
- Bulk alert management
- Automated alert dismissal
- Documentation practices
Customize and optimize security detection
- Customizing CodeQL query suites
- Language-specific analysis
- Tailoring security detection to risk profiles
Collaborate across roles and enforce governance
- Security roles
- Delegated exceptions
- Alert ownership
- Collaboration on alerts
- Collaboration on security campaigns
- Cross-suite rulesets
- Cross-suite policies
- Enforcement mechanisms
Shift left and strengthen preventive security
- Early vulnerability prevention
- Push protection
- Dependency scanning
- Pre-merge analysis
GitHub Security suites administration(10–15%%)
Roll out and manage security features at scale
- Enable GitHub Security Suites at enterprise level
- Enable GitHub Security Suites at organization level
- Enable GitHub Security Suites at repository level
- Feature availability across GitHub Enterprise Cloud
- Feature availability across GitHub Enterprise Server
Configure security features and defaults
- Enable Code Security (CodeQL)
- Enable Secret Protection
- Enable Supply Chain Security
- Define default configurations
- Inheritance behavior
Define governance, access, and Code Security workflows
- Define enterprise security policies
- Define organization security policies
- Define enterprise security rulesets
- Define organization security rulesets
- Configure enforcement boundaries
- Configure bypass permissions
- Configure exceptions
- Define administrator roles
- Define security manager roles
- Define developer roles
- Configure permissions for managing alerts
- Configure permissions for dismissing alerts
Manage CodeQL and security automation
- Enable default CodeQL workflows
- Configure default CodeQL workflows
- Enable custom CodeQL workflows
- Configure custom CodeQL workflows
- Available APIs for security configuration
- Automation methods for security configuration
- Available APIs for governance
- Automation methods for governance
Techniques & products