B is the answer.
https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts
Dependabot alerts tell you that your code depends on a package that is insecure.
If your code depends on a package with a security vulnerability, this can cause a range of problems for your project or the people who use it. You should upgrade to a secure version of the package as soon as possible. If your code uses malware, you need to replace the package with a secure alternative.
GitHub sends Dependabot alerts when we detect that your repository uses a vulnerable dependency or malware.
Source: https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts
option a, CodeQL, doesn't seem to support dependency scanning.
B - configure Dependabot. This bot will also be able to do automatic PRs to remediate such problems. Those PRs will require human approval. Here is some info on that: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates
Answer is correct.
https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts#configuration-of-dependabot-alerts
upvoted 4 times
...
This section is not available anymore. Please use the main Exam Page.AZ-400 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
zellck
Highly Voted 1 year, 6 months agohardinxcore
Most Recent 11 months, 1 week agovsvaid
11 months, 3 weeks agoxRiot007
1 year, 4 months ago[Removed]
1 year, 6 months ago