GH-500 Question #13: Real Exam Question with Answer & Explanation

The correct answer is D: Revoke the alert if the secret is still valid.. {"question_number": 10, "correct_answer": "D", "explanation": "The first and most critical step when a secret scanning alert fires is to revoke the exposed secret if it is still valid. Revoking immediately prevents any attacker who may have already found the exposed credential fr

Implement and manage secret scanning

Question

What is the first step you should take to fix an alert in secret scanning?

Options

ARemove the secret in a commit to the main branch.
BArchive the repository.
CUpdate your dependencies.
DRevoke the alert if the secret is still valid.

Explanation

{"question_number": 10, "correct_answer": "D", "explanation": "The first and most critical step when a secret scanning alert fires is to revoke the exposed secret if it is still valid. Revoking immediately prevents any attacker who may have already found the exposed credential from using it to gain unauthorized access. Only after revocation should you remove the secret from the codebase (A). Archiving the repository (B) does not neutralize the threat, and updating dependencies (C) addresses Dependabot alerts, not secret scanning. Revocation stops the immediate damage; code cleanup prevents future exposure.", "generated_by": "claude-sonnet", "llm_judge_score": 4}

Topics

#secret scanning#alert remediation#security workflow#GitHub Advanced Security

Community Discussion

No community discussion yet for this question.

Full GH-500 Practice Browse All GH-500 Questions