Q: 6
What is the primary purpose of creating a security policy in a repository?
Options
Discussion
C tbh, security policy is mainly about disclosure not reviews or secrets stuff.
B tempts me since secret push protection is security related, but I think that's just a settings thing not really covered by the policy doc. B looks close, just not the primary purpose. Open to counterpoints if someone disagrees.
C , B is tempting but that's more push protection, not policy purpose.
C. not seeing how B relates to security policy since that's repo settings.
saw pretty similar problem in my exam. in a practice test, and it focused on disclosure guidelines not code review or secrets. So going with C here since creating a security policy is all about instructing how to report vulnerabilities.
C or B for me. B talks about blocking secrets, which is a security concern too-if the question meant best way to prevent leaks, I'd pick B. But does it say "primary" as in first thing you should do or just the main purpose? That would help decide.
C imo, primary reason is documenting how to disclose vulnerabilities, not code reviews or secrets.
Yeah I get why some might consider B but it has to be C. Responsible disclosure is what security policies focus on.
Pretty straightforward, it's C. Security policy's main role is to tell people how to responsibly report vulnerabilities, not about reviews or secrets management. Official guide and exam practice questions both push that angle. I think C is right but let me know if you read it differently.
No way it's B, C is right since security policy is about disclosure not blocking secrets.
Be respectful. No spam.
