nerdexam
Microsoft

AZ-400 · Question #479

Drag and Drop Question You have a GitHub repository. You need to configure Dependabot dependency scanning. The solution must meet the following requirements: - Automatically open a pull request to res

The correct answer is Security updates; Version updates. Dependabot Security Updates automatically opens pull requests to resolve security alerts by updating vulnerable dependencies to a safe version, directly addressing the first requirement. Dependabot Version Updates automatically opens pull requests when a newer version of a depend

Submitted by asante_acc· Mar 6, 2026Configure and manage Dependabot for automated dependency management and security vulnerability remediation in GitHub repositories

Question

Drag and Drop Question You have a GitHub repository. You need to configure Dependabot dependency scanning. The solution must meet the following requirements: - Automatically open a pull request to resolve an alert. - Automatically open a pull request when a dependency is updated. What should you enable for each requirement? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Answer:

Exhibit

AZ-400 question #479 exhibit

Answer Area

Drag items

AlertsA dependency graphSecurity updatesVersion updates

Correct arrangement

  • Security updates
  • Version updates

Explanation

Dependabot Security Updates automatically opens pull requests to resolve security alerts by updating vulnerable dependencies to a safe version, directly addressing the first requirement. Dependabot Version Updates automatically opens pull requests when a newer version of a dependency is available (regardless of whether it is a security vulnerability), satisfying the second requirement. These are two distinct Dependabot features configured separately in the dependabot.yml file.

Topics

#Dependabot#GitHub Security#Dependency Scanning#DevSecOps

Community Discussion

No community discussion yet for this question.

Full AZ-400 Practice