Free Practice Questions for Microsoft GH-500 Exam

Validity checks, also called secret validation, allow GitHub to check if a detected secret is still active. If verified as live, the alert is marked as "valid", allowing security teams to prioritize the most critical leaks.

Push protection blocks secrets but does not check their validity. Custom patterns are user-defined and do not include live checks.

The security-extended query suite includes additional CodeQL queries that detect lower severity issues than those in the default security-and-quality suite.

It’s often used when projects want broader visibility into code hygiene and potential weak spots beyond critical vulnerabilities.

The other options listed are paths to language packs, not query suites themselves.