nerdexam
ExamsGH-500Questions#116
MicrosoftMicrosoft

GH-500 · Question #116

GH-500 Question #116: Real Exam Question with Answer & Explanation

The correct answer is A: Common Weakness Enumeration (CWE). {"question_number": 9, "correct_answer": "A", "explanation": "CodeQL code scanning alerts are categorized using the Common Weakness Enumeration (CWE) standard, which classifies types of software weaknesses (e.g., CWE-89 for SQL Injection, CWE-79 for XSS). CVE (D) identifies speci

Configure and use Code Scanning with CodeQL

Question

Which of the following formats are used to describe a code scanning alert from CodeQL?

Options

  • ACommon Weakness Enumeration (CWE)
  • BVulnerability Exploitability eXchange (VEX)
  • CGitHub Security Advisory (GHSA)
  • DCommon Vulnerabilities and Exposures (CVE)

Explanation

{"question_number": 9, "correct_answer": "A", "explanation": "CodeQL code scanning alerts are categorized using the Common Weakness Enumeration (CWE) standard, which classifies types of software weaknesses (e.g., CWE-89 for SQL Injection, CWE-79 for XSS). CVE (D) identifies specific known vulnerability instances in software products. GHSA (C) is GitHub's advisory format. VEX (B) is used to communicate exploitability status. CWE is the format CodeQL uses to describe the class of weakness found.", "generated_by": "claude-sonnet", "llm_judge_score": 4}

Topics

#CodeQL Alerts#Code Scanning#CWE#Vulnerability Classification

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GH-500 PracticeBrowse All GH-500 Questions