nerdexam
Microsoft

AZ-400 · Question #459

You manage code by using GitHub. You need to ensure that repository owners are notified if a new vulnerable dependency or malware is found in their repository. What should you do?

The correct answer is B. Configure Dependabot alerts.. https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts Dependabot alerts tell you that your code depends on a package that is insecure. If your code depends on a package with a security vulnerability, this can cause a range of problems for y

Submitted by cyberguy42· Mar 6, 2026Develop a security and compliance plan

Question

You manage code by using GitHub. You need to ensure that repository owners are notified if a new vulnerable dependency or malware is found in their repository. What should you do?

Options

  • AConfigure CodeQL scanning actions.
  • BConfigure Dependabot alerts.
  • CConfigure branch protection rules for each repository.
  • DSubscribe all the repository owners to the GitHub Advisory Database.

How the community answered

(17 responses)
  • A
    6% (1)
  • B
    88% (15)
  • C
    6% (1)

Explanation

https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts Dependabot alerts tell you that your code depends on a package that is insecure. If your code depends on a package with a security vulnerability, this can cause a range of problems for your project or the people who use it. You should upgrade to a secure version of the package as soon as possible. If your code uses malware, you need to replace the package with a secure alternative.

Community Discussion

No community discussion yet for this question.

Full AZ-400 Practice