Free Microsoft GH-500 Actual Exam Questions - Question 15 Discussion
In the pull request, how can developers avoid adding new dependencies with known vulnerabilities?
It’s C because it actively scans the PR before merging, unlike alerts or updates.
Option C makes the most sense to me because adding a workflow with the dependency review action actively checks each PR for issues, stopping vulnerable dependencies before they get merged. That’s more direct than just alerts or updates.
A Dependabot alerts only notify about issues; they don’t block or prevent adding vulnerable dependencies. So A isn’t enough to avoid introducing them during pull requests.
Maybe D here since enabling Dependabot security updates can automatically prevent vulnerable dependencies from staying in the code, not just alerting or reviewing after the fact. It’s more hands-on prevention.
I think C is best here because the dependency review action in a workflow can directly check and block any PRs with vulnerable dependencies before they’re merged. C
D makes sense since enabling Dependabot security updates can automatically fix vulnerabilities, reducing the chance of risky dependencies slipping in during a PR. It’s more proactive than just alerting.
Alerts notify, but C actually stops risky merges. C
Good point about automation. I’d say A is solid too since alerts notify developers immediately, letting them act before merging any risky dependencies. A it is.
A/C? Enabling Dependabot alerts (A) catches vulnerabilities early, while C automates the review process. Both seem proactive compared to just setting rules or updates.
Option C, because adding a workflow helps automate checks; B seems less direct.