U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft GH-100 Exam - Topic 3 Question 1 Discussion

How does Dependabot determine which security update PRs to open?
B) It uses the dependency graph and Dependabot alerts to open PRs for patched versions.
A) It waits for manual triage of all CVEs.
C) It reads the GitHub Issues and automatically suggests fixes.
D) It compares your codebase to the GitHub Trending list.

Microsoft GH-100 Exam - Topic 3 Question 1 Discussion

Actual exam question for Microsoft's GH-100 exam
Question #: 1
Topic #: 3
[All GH-100 Questions]

How does Dependabot determine which security update PRs to open?

Show Suggested Answer Hide Answer
Suggested Answer: B

Dependabot relies on your repository's enabled Dependency Graph and Dependabot Alerts to identify vulnerable dependencies; it then automatically opens pull requests to update to the patched versions that resolve those alerts.


by Barney at Aug 18, 2025, 04:16 AM

Limited Time Offer

25%

Off

Get Premium GH-100 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Kerry
6 months ago
C sounds interesting, but I doubt it actually does that.
upvoted 0 times
...
Fabiola
6 months ago
Totally agree, B makes the most sense!
upvoted 0 times
...
Laticia
6 months ago
Wait, it doesn't wait for manual triage? That's surprising!
upvoted 0 times
...
Hortencia
7 months ago
D is just wrong, no way it compares to trending lists!
upvoted 0 times
...
Julian
7 months ago
I think it's B, right? Uses the dependency graph.
upvoted 0 times
...
Mollie
7 months ago
I don't recall seeing anything about reading GitHub Issues, so I'm leaning towards option B being the correct answer.
upvoted 0 times
...
Dong
7 months ago
I feel like it might be option A, but that seems too manual for an automated tool like Dependabot.
upvoted 0 times
...
Rose
8 months ago
I remember practicing a question about how Dependabot alerts work, and I think they play a role in opening PRs for security updates.
upvoted 0 times
...
Shawn
8 months ago
I think Dependabot uses the dependency graph to figure out which updates are needed, but I'm not entirely sure.
upvoted 0 times
...
Sharen
8 months ago
I'm a bit confused by this question. I know Dependabot is supposed to automate security updates, but I'm not sure if it actually reads GitHub Issues or compares to the Trending list. I'll have to think about this one.
upvoted 0 times
...
Elroy
8 months ago
Okay, let me think this through. Dependabot uses the dependency graph and alerts to identify security vulnerabilities, so I'm guessing the answer is option B.
upvoted 0 times
...
Amie
8 months ago
Hmm, I'm not entirely sure about this one. I know Dependabot is used for security updates, but I'm not familiar with the details of how it determines which PRs to open.
upvoted 0 times
...
Ma
8 months ago
This seems like a straightforward question about how Dependabot works. I'm pretty confident I can figure this out.
upvoted 0 times
...
Hui
9 months ago
I'm not sure, but option B seems the most plausible. Dependabot probably has a way to identify security issues and suggest updates automatically.
upvoted 0 times
...
Joesph
9 months ago
Option B sounds like the most logical approach. Dependabot using the dependency graph and its own alerts to open PRs for patched versions makes the most sense.
upvoted 0 times
...
Annette
10 months ago
I think Dependabot uses the dependency graph and alerts to open PRs.
upvoted 0 times
...

Save Cancel