New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft GH-500 Exam - Topic 2 Question 6 Discussion

Actual exam question for Microsoft's GH-500 exam
Question #: 6
Topic #: 2
[All GH-500 Questions]

-- [Configure and Use Code Scanning]

After investigating a code scanning alert related to injection, you determine that the input is properly sanitized using custom logic. What should be your next step?

Show Suggested Answer Hide Answer
Suggested Answer: D

When you identify that a code scanning alert is a false positive---such as when your code uses a custom sanitization method not recognized by the analysis---you should dismiss the alert with the reason 'false positive.' This action helps improve the accuracy of future analyses and maintains the relevance of your security alerts.

As per GitHub's documentation:

'If you dismiss a CodeQL alert as a false positive result, for example because the code uses a sanitization library that isn't supported, consider contributing to the CodeQL repository and improving the analysis.'

By dismissing the alert appropriately, you ensure that your codebase's security alerts remain actionable and relevant.


by Nell at Aug 13, 2025, 02:55 PM

Limited Time Offer

25%

Off

Get Premium GH-500 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Nelida
2 months ago
Wait, are we sure it's a false positive? What if there's a hidden flaw?
upvoted 0 times
...
Jin
2 months ago
Agree with D, no need to clutter the repo with unnecessary issues.
upvoted 0 times
...
Polly
2 months ago
I think D is the way to go, it's a false positive.
upvoted 0 times
...
Ezekiel
3 months ago
Ignoring the alert seems risky, better to document it somehow.
upvoted 0 times
...
Omega
3 months ago
A pull request could help improve the query for everyone, though!
upvoted 0 times
...
Micaela
3 months ago
I’m leaning towards dismissing it, but I wonder if we should still report it to the CodeQL team to improve their queries.
upvoted 0 times
...
Ming
4 months ago
I feel like drafting a pull request could be useful, but it seems like a lot of work for just one alert. Maybe dismissing it is simpler?
upvoted 0 times
...
Wai
4 months ago
I remember a similar question where we had to decide whether to ignore an alert or not. I think we should document our findings somehow, maybe by opening an issue?
upvoted 0 times
...
Lavonda
4 months ago
I think if the input is sanitized, we might be able to dismiss the alert, but I'm not entirely sure if 'false positive' is the right reason.
upvoted 0 times
...
Leandro
4 months ago
Hmm, I'm not sure about this one. I'll need to think it through carefully and consider the implications of each option before deciding.
upvoted 0 times
...
Daniel
4 months ago
I'm pretty confident that the right answer is to dismiss the alert as a false positive. The question states the input is properly sanitized, so there's no need to take any further action.
upvoted 0 times
...
Janine
5 months ago
I'm a bit confused here. If the input is already sanitized, should I just ignore the alert or is there something else I should do?
upvoted 0 times
...
Aja
5 months ago
Okay, I think I've got this. Since the input is properly sanitized, I should open an issue in the CodeQL repository to report the false positive.
upvoted 0 times
...
Thora
5 months ago
Hmm, this one seems tricky. I'll need to carefully review the details to determine the best next step.
upvoted 0 times
...
Yong
6 months ago
B is tempting, but that's just asking for trouble down the line. I'd go with D to stay on the safe side.
upvoted 0 times
Naomi
2 months ago
A could improve the query for everyone.
upvoted 0 times
...
Keena
2 months ago
C might be useful for future reference.
upvoted 0 times
...
Rodrigo
3 months ago
I agree, B could lead to issues later.
upvoted 0 times
...
Elsa
3 months ago
D seems like the safest option.
upvoted 0 times
...
...
Reynalda
7 months ago
I disagree, I think we should dismiss the alert as a false positive.
upvoted 0 times
...
Dalene
7 months ago
I would go with option C as well, it's better to be safe than sorry.
upvoted 0 times
...
Nickie
7 months ago
I think the correct answer is D. If the input is properly sanitized, then the alert is a false positive and should be dismissed.
upvoted 0 times
Charolette
6 months ago
User1: I think the correct answer is D.
upvoted 0 times
...
...
Eladia
7 months ago
I agree with Lonny, it's important to report the findings.
upvoted 0 times
...
Lonny
7 months ago
I think we should open an issue in the CodeQL repository.
upvoted 0 times
...

Save Cancel