U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft GH-500 Exam - Topic 5 Question 2 Discussion

-- [Configure and Use Dependency Management]In the pull request, how can developers avoid adding new dependencies with known vulnerabilities?
C) Add a workflow with the dependency review action.
A) Enable Dependabot alerts.
B) Add Dependabot rules.
D) Enable Dependabot security updates.

Microsoft GH-500 Exam - Topic 5 Question 2 Discussion

Actual exam question for Microsoft's GH-500 exam
Question #: 2
Topic #: 5
[All GH-500 Questions]

-- [Configure and Use Dependency Management]

In the pull request, how can developers avoid adding new dependencies with known vulnerabilities?

Show Suggested Answer Hide Answer
Suggested Answer: C

To detect and block vulnerable dependencies before merge, developers should use the Dependency Review GitHub Action in their pull request workflows. It scans all proposed dependency changes and flags any packages with known vulnerabilities.

This is a preventative measure during development, unlike Dependabot, which reacts after the fact.


by Emile at Aug 15, 2025, 12:08 PM

Limited Time Offer

25%

Off

Get Premium GH-500 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Kenneth
5 months ago
Adding rules is good, but it can get complicated fast.
upvoted 0 times
...
Leota
6 months ago
Totally agree with enabling security updates!
upvoted 0 times
...
Joaquin
6 months ago
Wait, are Dependabot security updates really that reliable?
upvoted 0 times
...
Skye
6 months ago
I think adding a workflow with the dependency review action is more effective.
upvoted 0 times
...
Yvonne
7 months ago
Enabling Dependabot alerts is a must!
upvoted 0 times
...
Alyce
7 months ago
I feel like enabling Dependabot security updates is definitely a good step, but I wonder if it covers everything we need.
upvoted 0 times
...
Cammy
7 months ago
Adding a workflow with the dependency review action sounds familiar, but I’m uncertain if it’s the best option here.
upvoted 0 times
...
Katlyn
7 months ago
I remember practicing with a question about Dependabot rules, but I can't recall if they specifically prevent adding vulnerable dependencies.
upvoted 0 times
...
Wei
8 months ago
I think enabling Dependabot alerts is important, but I'm not sure if that's enough to avoid vulnerabilities.
upvoted 0 times
...
Rikki
8 months ago
I'm feeling pretty confident about this one. I'd go with option D - enabling Dependabot security updates. That should automatically update any dependencies with known issues, right?
upvoted 0 times
...
Yuette
8 months ago
Okay, I've got this. The answer is C - adding a workflow with the dependency review action. That's the best way to catch any new dependencies with known vulnerabilities before they get merged.
upvoted 0 times
...
Selma
8 months ago
Hmm, this one seems a bit tricky. I'm not totally sure about the difference between Dependabot alerts and Dependabot security updates. I'll need to review those options more closely.
upvoted 0 times
...
Kanisha
8 months ago
I think the key here is to use a combination of Dependabot alerts and the dependency review action. Dependabot can help identify known vulnerabilities, while the review action can catch any new dependencies that get added.
upvoted 0 times
...
Yuette
9 months ago
I think D) Enable Dependabot security updates is also important to keep dependencies secure.
upvoted 0 times
...
Alyce
9 months ago
I'd go with C - the dependency review action is a game-changer. Catches those nasty vulnerabilities before they even get in.
upvoted 0 times
Hyun
5 months ago
I’m leaning towards A. Alerts are crucial for awareness.
upvoted 0 times
...
Tran
6 months ago
I like C too! It's super effective.
upvoted 0 times
...
Raina
6 months ago
C is definitely a smart choice. Prevents issues early.
upvoted 0 times
...
Adelaide
7 months ago
D is good for ongoing security, but C feels more proactive.
upvoted 0 times
...
...
Altha
10 months ago
I believe C) Add a workflow with the dependency review action could also be a good option to avoid vulnerabilities.
upvoted 0 times
...
Rochell
10 months ago
I agree with Barb, enabling Dependabot alerts can help avoid adding new dependencies with known vulnerabilities.
upvoted 0 times
...
Karl
10 months ago
Dependabot alerts definitely seem like the way to go! Gotta stay on top of those vulnerabilities, am I right?
upvoted 0 times
Lizbeth
9 months ago
C) Add a workflow with the dependency review action.
upvoted 0 times
...
Daniela
9 months ago
A) Enable Dependabot alerts.
upvoted 0 times
...
Kizzy
9 months ago
A) Enable Dependabot alerts.
upvoted 0 times
...
...
Barb
10 months ago
I think the answer is A) Enable Dependabot alerts.
upvoted 0 times
...

Save Cancel