DumpsBox
Home/microsoft/Free Microsoft GH-100 Actual Exam Questions/Question 14
← Back to Exam

Free Microsoft GH-100 Actual Exam Questions - Question 14 Discussion

Question No. 14
In a GitHub repository using Dependabot, which of the following best describes the purpose of the
.github/dependabot.yml file?
Select one option, then reveal solution.
US
HF
Haris F.
2026-02-20

A, since it defines when and what dependencies Dependabot checks and updates.

0
AF
Ali F.
2026-02-16

Probably A, since dependabot.yml mainly sets how updates are managed and scheduled.

0
AF
Ali F.
2026-02-13

A/C? The file sets up the schedule and directories, but C mentions scanning secrets, which is a separate GitHub feature. So A fits better as it’s about update configs, not security scans.

0
LS
Luke S.
2026-02-11

Maybe A, since B and D don't really fit Dependabot's update management role.

0
LS
Luke S.
2026-02-04

Option A, since dependabot.yml defines where and how often to check for updates.

0
LS
Luke S.
2026-02-02

It’s definitely not B or D since those options don’t really align with what Dependabot does. The file’s main role is to tell Dependabot where to look and how often, so A makes the most sense. C is tempting but secret scanning is a separate feature outside of this config. The yml is all about organizing update checks by ecosystem and schedule, so A nails it from a practical standpoint.

0
LS
Luke S.
2026-01-31

It’s A because dependabot.yml is all about configuring when and what dependencies to check, not about excluding SHAs or encrypting anything. That setup file controls the update process directly.

0
LS
Luke S.
2026-01-28

A/C? C seems off since secret scanning isn’t the dependabot.yml’s job, and D looks unrelated too. A fits best because it sets schedules and ecosystems, while B sounds incorrect about SHAs.

0
LS
Luke S.
2026-01-26

Probably A, since dependabot.yml mainly sets update schedules and config details.

0
VN
Vikas N.
2026-01-26

Maybe B isn’t right since Dependabot doesn’t really exclude commits by SHA. The yml file is more for setting up when and how updates run, which fits A better here.

0
AF
Amir F.
2026-01-24

D imo, encrypting versions in the repo sounds way too complicated and unnecessary. The file’s main job is clearly about managing update checks and schedules, which points to A as the best fit.

0
AF
Amir F.
2026-01-21

Makes sense to rule out B, C, and D since Dependabot mainly deals with update settings. So, A is the clear choice here.

0
RG
Rayan G.
2026-01-17

B tbh I picked A at first, but then I thought about the other options. B sounds off because Dependabot doesn't really exclude commits by SHA; it’s more about update configurations. C and D just don’t fit how Dependabot works—it’s not about scanning secrets or encrypting versions. So A still makes the most sense as it deals with setting schedules and ecosystems for updates.

0
AU
Ash U.
2026-01-13

Definitely A. That file sets up how and when Dependabot checks for updates and where it looks in your repo.

0