Free Microsoft GH-500 Actual Exam Questions - Question 4 Discussion
Which of the following formats are used to describe a Dependabot alert? (Each answer presents a
complete solution. Choose two.)
A/C? CWE is pretty common for categorizing types of weaknesses, which makes sense for describing alerts. CVE is definitely used to ID specific vulnerabilities, so that’s a solid pick too. VEX feels more like detailed exploit info rather than the alert format itself, and EPSS seems more predictive than descriptive. So I’d go with A and C here.
C imo, CVE is definitely used to identify vulnerabilities clearly. D also fits because VEX deals with sharing exploitability info, which is relevant to alerts.
D imo, since VEX is designed for vulnerability info exchange, and C because CVE is the main identifier for vulnerabilities. CWE and EPSS don’t typically label Dependabot alerts directly.
Carlos E.: Guessing A and C, since CWE highlights weakness types and CVE IDs actual vulnerabilities.
A/C? CVE is standard for alerts, but CWE is also pretty common in vulnerability descriptions, so maybe it's these two instead of VEX. D feels a bit too niche for Dependabot alerts.
Maybe C and D. CVE is pretty standard for vulnerabilities, and I’ve seen VEX mentioned with vulnerability info too. Not sure about the others for Dependabot though.