Microsoft Exam GH-500 Topic 5 Question 2 Discussion

Actual exam question for Microsoft's GH-500 exam

Question #: 2
Topic #: 5

[All GH-500 Questions]

-- [Configure and Use Dependency Management]

In the pull request, how can developers avoid adding new dependencies with known vulnerabilities?

AEnable Dependabot alerts.

BAdd Dependabot rules.

CAdd a workflow with the dependency review action.

DEnable Dependabot security updates.

Show Suggested Answer

Suggested Answer: C

To detect and block vulnerable dependencies before merge, developers should use the Dependency Review GitHub Action in their pull request workflows. It scans all proposed dependency changes and flags any packages with known vulnerabilities.

This is a preventative measure during development, unlike Dependabot, which reacts after the fact.

by Emile at Aug 15, 2025, 12:08 PM

Limited Time Offer

25%

Off

Get Premium GH-500 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!