GitHub Exam GitHub-Advanced-Security Topic 6 Question 2 Discussion

Actual exam question for GitHub's GitHub-Advanced-Security exam

Question #: 2
Topic #: 6

[All GitHub-Advanced-Security Questions]

-- [Configure and Use Secret Scanning]

What is the first step you should take to fix an alert in secret scanning?

AArchive the repository.

BUpdate your dependencies.

CRevoke the alert if the secret is still valid.

DRemove the secret in a commit to the main branch.

Show Suggested Answer

Suggested Answer: C

The first step when you receive a secret scanning alert is to revoke the secret if it is still valid. This ensures the secret can no longer be used maliciously. Only after revoking it should you proceed to remove it from the code history and apply other mitigation steps.

Simply deleting the secret from the code does not remove the risk if it hasn't been revoked --- especially since it may already be exposed in commit history.

by Stevie at May 03, 2025, 01:17 AM

Limited Time Offer

25%

21 days ago

I'm going with B. Updating dependencies can sometimes help resolve security issues like this.

upvoted 0 times

Milly

24 hours ago

I think B is a good choice. Updating dependencies is important for security.

upvoted 0 times

...

Virgina

27 days ago

C seems more logical to me. Revoking the alert if the secret is still valid would be the safest approach.

upvoted 0 times

...

Teri

29 days ago

I think the answer is D. Removing the secret in a commit to the main branch is the first step to fix the alert.

upvoted 0 times

...

Stephaine

1 months ago

I think the first step should be to update your dependencies.

upvoted 0 times

...