GH-500 · Question #23
GH-500 Question #23: Real Exam Question with Answer & Explanation
The correct answer is A: GitHub personal access token. {"question_number": 8, "question": "Which of the following would raise secret scanning alerts?", "correct_answer": "A. GitHub personal access token", "explanation": "Secret scanning is designed to detect credentials, tokens, API keys, and other sensitive strings that should never
Question
Which of the following would raise secret scanning alerts?
Options
- AGitHub personal access token
- Bserver-side request forgery
- Ccross site scripting (XSS)
- Dstructured query language (SQL) injection
Explanation
{"question_number": 8, "question": "Which of the following would raise secret scanning alerts?", "correct_answer": "A. GitHub personal access token", "explanation": "Secret scanning is designed to detect credentials, tokens, API keys, and other sensitive strings that should never be committed to a repository. A GitHub personal access token (PAT) is exactly this type of secret and will trigger an alert. XSS, SQL injection, and server-side request forgery (SSRF) are code vulnerabilities - not secrets - and are detected by code scanning tools like CodeQL, not secret scanning.", "generated_by": "claude-sonnet", "llm_judge_score": 3}
Topics
Community Discussion
No community discussion yet for this question.