Question 5 - Microsoft GH-500 Real Exam Questions [Jan 2026 Update]

Q: 5

– [Configure and Use Secret Scanning] Which of the following is the best way to prevent developers from adding secrets to the repository?

Options

Correct Answer:

Explanation

Push protection for secret scanning is a proactive security feature in GitHub Advanced Security. It scans code for secrets before a push from a local repository is accepted by the remote repository. If a supported secret is detected in the commits being pushed, GitHub blocks the push entirely. This directly prevents secrets from being accidentally committed and stored in the repository's history, which is the most effective way to prevent their exposure. This feature must be enabled at the repository or organization level.

Why Incorrect

A. A CODEOWNERS file defines ownership and enforces reviews for specific code paths; it does not scan for or prevent secrets.

B. Making a repository public drastically increases the risk of secret exposure; it is a visibility setting, not a preventative security control.

C. A security manager is a role with permissions to configure security features like push protection, but the role itself is not the mechanism that prevents the push.

References

1. GitHub Docs

"Push protection for secret scanning": "Secret scanning push protection prevents contributors from pushing code with detected secrets to a repository... When you attempt to push a commit with a detected secret to a protected repository

GitHub will block the push."

Source: GitHub Enterprise Cloud Documentation

About GitHub Advanced Security

Securing your repository

"Push protection for secret scanning".

2. GitHub Docs

"About code owners": "You can use a CODEOWNERS file to define individuals or teams that are responsible for code in a repository."

Source: GitHub Enterprise Cloud Documentation

Repositories

Managing your repository's settings and features

"About code owners".

3. GitHub Docs

"Managing security managers in your organization": "The security manager role gives teams and people the permissions they need to manage security settings and alerts... without granting them full administrative access to the organization."

Source: GitHub Enterprise Cloud Documentation

Organizations and teams

Managing security and analysis settings for your organization

"Managing security managers in your organization".

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE