Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft GH-500 Exam - Topic 4 Question 7 Discussion

Actual exam question for Microsoft's GH-500 exam
Question #: 7
Topic #: 4
[All GH-500 Questions]

-- [Configure and Use Dependency Management]

Which of the following options would close a Dependabot alert?

Show Suggested Answer Hide Answer
Suggested Answer: A

A Dependabot alert is only marked as resolved when the related vulnerability is no longer present in your code --- specifically after you merge a pull request that updates the vulnerable dependency.

Simply viewing alerts or graphs does not affect their status. Ignoring the alert by leaving the repo unchanged keeps the vulnerability active and unresolved.


by Troy at Nov 20, 2025, 06:04 AM

Limited Time Offer

25%

Off

Get Premium GH-500 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Valentin
2 days ago
I think A is the correct answer. Pull requests are key.
upvoted 0 times
...
Deangelo
7 days ago
Totally agree, A) is the only way to fix it!
upvoted 0 times
...
Ernestine
25 days ago
Wait, leaving it as is (D) actually counts? That seems wrong!
upvoted 0 times
...
Dustin
1 month ago
C) doesn't close anything either, just shows the graph.
upvoted 0 times
...
Deonna
1 month ago
C) Viewing the dependency graph? Nah, that's not gonna fix the problem. You gotta take action!
upvoted 0 times
...
Eleni
1 month ago
A) Creating a pull request to resolve the vulnerability is the way to go. Gotta stay on top of those security issues!
upvoted 0 times
...
Hyman
2 months ago
Haha, I bet the answer is not D) Leaving the repository in its current state. That would be like ignoring the problem and hoping it goes away!
upvoted 0 times
...
Kattie
2 months ago
B) Viewing the Dependabot alert on the Dependabot alerts tab of your repository
upvoted 0 times
...
Gertude
2 months ago
I’m a bit confused; I thought just viewing the alerts wouldn’t help, but I can't remember if it was B or C that was mentioned in the study material.
upvoted 0 times
...
Malcom
2 months ago
I practiced a similar question last week, and I feel like creating a pull request is definitely the way to go, so A seems solid.
upvoted 0 times
...
Vilma
2 months ago
I'm not entirely sure, but I remember something about just viewing alerts not actually closing them, so maybe B and C aren't correct?
upvoted 0 times
...
Veta
2 months ago
I think option A is the right choice because resolving the vulnerability is what Dependabot is all about, right?
upvoted 0 times
...
Augustine
3 months ago
A feels like the right answer to me. Resolving the underlying issue by creating a PR is the most effective way to close the alert, rather than just viewing it.
upvoted 0 times
...
Kallie
3 months ago
Okay, let me think this through. I know Dependabot alerts are about vulnerabilities, so leaving the repo as-is doesn't seem right. I'm leaning towards A, but I want to make sure I understand the other choices first.
upvoted 0 times
...
Elke
3 months ago
I think B) is just for viewing, not closing.
upvoted 0 times
...
Yun
3 months ago
A) Creating a pull request to resolve the vulnerability that will be approved and merged
upvoted 0 times
...
Edna
3 months ago
A) is definitely the right choice!
upvoted 0 times
...
Mollie
4 months ago
B and C are just for viewing, not fixing.
upvoted 0 times
...
In
4 months ago
Hmm, I'm a bit confused. I'm not sure if viewing the alert or the dependency graph would actually close it. I'll need to double-check the options.
upvoted 0 times
...
Jenelle
4 months ago
I think the answer is A. Creating a pull request to resolve the vulnerability seems like the best way to close a Dependabot alert.
upvoted 0 times
Lonny
4 months ago
Exactly, just viewing won't help at all.
upvoted 0 times
...
...

Save Cancel