Microsoft GH-500 Exam - Topic 2 Question 15 Discussion

Actual exam question for Microsoft's GH-500 exam

Question #: 15
Topic #: 2

-- [Configure and Use Dependency Management]

You have enabled security updates for a repository. When does GitHub mark a Dependabot alert as resolved for that repository?

AWhen Dependabot creates a pull request to update dependencies

BWhen you dismiss the Dependabot alert

CWhen the pull request checks are successful

DWhen you merge a pull request that contains a security update

Show Suggested Answer

Suggested Answer: D

A Dependabot alert is marked as resolved only after the related pull request is merged into the repository. This indicates that the vulnerable dependency has been officially replaced with a secure version in the active codebase.

Simply generating a PR or passing checks does not change the alert status; merging is the key step.

by Tarra at May 11, 2026, 03:06 AM

Limited Time Offer

25%

Off

Get Premium GH-500 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Eura

14 days ago

I think Dependabot marks the alert as resolved when you merge a pull request that contains a security update, so I’m leaning towards option D.

upvoted 0 times

...