Free Microsoft GH-100 Actual Exam Questions - Question 2 Discussion

C imo, since security policies often enforce who can push to a repo, controlling changes directly.

B, since the main goal of a security policy is to provide a clear channel for reporting security issues in open source projects, which is crucial for responsible disclosure. The other options don’t really cover that aspect.

Actually, option A doesn’t really fit since security policies aren’t mainly for communicating rules to end users, especially in private repos. Option C and D are more about access control or dependency management, which isn’t the main purpose of a security policy. The best call remains B because it’s specifically about providing a clear way for collaborators or researchers to report vulnerabilities responsibly. That’s the core reason projects put these policies in place.

It’s B because a security policy mainly helps open source projects manage vulnerability reports safely. The other options don’t really focus on secure reporting or disclosure.

Maybe B, because it helps security reporting for open source projects.