Microsoft GH-500 Exam - Topic 4 Question 12 Discussion

Actual exam question for Microsoft's GH-500 exam

Question #: 12
Topic #: 4

-- [Configure and Use Code Scanning]

After investigating a code scanning alert related to injection, you determine that the input is properly sanitized using custom logic. What should be your next step?

ADraft a pull request to update the open-source query.

BIgnore the alert.

COpen an issue in the CodeQL repository.

DDismiss the alert with the reason 'false positive.'

Show Suggested Answer

Suggested Answer: D

When you identify that a code scanning alert is a false positive---such as when your code uses a custom sanitization method not recognized by the analysis---you should dismiss the alert with the reason 'false positive.' This action helps improve the accuracy of future analyses and maintains the relevance of your security alerts.

As per GitHub's documentation:

'If you dismiss a CodeQL alert as a false positive result, for example because the code uses a sanitization library that isn't supported, consider contributing to the CodeQL repository and improving the analysis.'

By dismissing the alert appropriately, you ensure that your codebase's security alerts remain actionable and relevant.

by Johnathon at Apr 03, 2026, 04:19 PM

Limited Time Offer

25%

Off

Get Premium GH-500 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!