Microsoft DevOps Engineer Expert AZ-400 Practice Question
Your team hosts a private GitHub repository that contains a Node.js application with several package.json files located in different subfolders. You are tasked with configuring Dependabot to open pull requests only when an update remediates a known vulnerability. Pull requests for routine version bumps that do not address a security issue must be prevented.
Which configuration in the .github/dependabot.yml file will meet this requirement?
Add a single updates block with directory: "/" and add @dependabot ignore version-updates to the dependabot.yml comments.
Add an updates block for each folder containing a package.json file and set security-updates-only: true within each block.
Add an updates block for each folder containing a package.json file and set open-pull-requests-limit: 0 within each block.
Enable 'Dependabot security updates' and disable 'Dependabot version updates' in the repository settings, without creating a dependabot.yml file.
To receive pull requests only for security updates, you must configure a version update schedule in the .github/dependabot.yml file and set open-pull-requests-limit: 0. This limit specifically applies to version updates, effectively stopping Dependabot from opening pull requests for them. It does not affect security updates, which are generated from Dependabot alerts and operate under a separate, non-configurable limit. To scan all necessary folders, an updates block must be defined for each folder containing a manifest. The parameter security-updates-only: true is not a valid option. Disabling version updates in the repository settings would prevent the dependabot.yml from processing version updates entirely, which is not the correct approach. Using @dependabot ignore is for ignoring specific dependencies, not for filtering by update type.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Dependabot and its role in GitHub repositories?
Open an interactive chat with Bash
How does the `open-pull-requests-limit` parameter in the `.github/dependabot.yml` file work?
Open an interactive chat with Bash
Why is `security-updates-only: true` not a valid option in Dependabot configuration?
Open an interactive chat with Bash
Microsoft DevOps Engineer Expert AZ-400
Develop a security and compliance plan
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .