Question 8 - Microsoft GH-500 Real Exam Questions [Jan 2026 Update]

Q: 8

– [Configure and Use Secret Scanning] Assuming security and analysis features are not configured at the repository, organization, or enterprise level, secret scanning is enabled on:

Options

Correct Answer:

Explanation

By default, GitHub automatically enables secret scanning on all public repositories. This is a free security feature provided to protect the open-source ecosystem from accidental exposure of credentials. The service scans for known secret formats upon every push. For private repositories, secret scanning is part of the GitHub Advanced Security (GHAS) license and must be explicitly enabled at the repository, organization, or enterprise level. Since the scenario specifies that no security features are configured, only the default behavior for public repositories applies.

Why Incorrect

B. All new repositories within your organization: This requires enabling GitHub Advanced Security at the organization level, which contradicts the scenario's premise that no features are configured.

C. User-owned private repositories: Secret scanning for user-owned private repositories is a feature of GitHub Advanced Security, which is not enabled by default and requires a specific plan.

D. Private repositories: This functionality is part of the paid GitHub Advanced Security license and is not enabled by default without explicit configuration.

---

References

1. GitHub Docs

"About secret scanning." This official documentation explicitly states the availability of the feature.

Reference Section: "Availability of secret scanning"

Content: "Secret scanning is available on all public repositories on GitHub.com. Organizations that use GitHub Enterprise Cloud with a license for GitHub Advanced Security can also enable secret scanning on their private and internal repositories." This directly confirms that the feature is on by default only for public repositories.

2. GitHub Docs

"Configuring secret scanning for your repositories." This document details the steps required to enable the feature for private repositories

reinforcing that it is not on by default.

Reference Section: "Enabling GitHub Advanced Security"

Content: "You must enable GitHub Advanced Security for your repository before you can configure secret scanning... Secret scanning is automatically enabled on all public repositories." This shows that an explicit action is needed for private repositories

unlike public ones.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE