Microsoft Certification
60 practice questions with correct answers and detailed explanations. Use this guide to review concepts before taking the practice exam.
The Microsoft GitHub Administration (GH-100) certification validates professional expertise in Microsoft technologies. This study guide covers all 60 practice questions from our GH-100 practice test, complete with correct answers and explanations to help you understand each concept thoroughly.
Review each question and explanation below, then test yourself with the full interactive practice exam to measure your readiness.
When implementing GitHub Advanced Security for your organization, which feature provides real-time scanning for secrets in public repositories?
Secret scanning with push protection is the GitHub Advanced Security feature that scans for secrets and prevents them from being committed to public repositories in real-time.
What is the primary purpose of GitHub's organization-level audit log?
The organization audit log records all actions taken by organization members, providing visibility into administrative activities, security events, and user actions for compliance and security monitoring purposes.
You need to ensure that all pull requests in a critical repository require approval from at least one member of a designated team. Which GitHub feature should you configure?
A CODEOWNERS file combined with branch protection rules requiring code owner review ensures that pull requests must be approved by members of the designated team before merging.
When configuring SSO for GitHub Enterprise Cloud, which authentication method allows you to manage user access through your existing identity provider?
SAML (Security Assertion Markup Language) SSO integrates GitHub with external identity providers, enabling centralized user management and access control through your organization's existing authentication system.
Which of the following best describes the purpose of GitHub's outside collaborator role in an organization?
Outside collaborators can be granted access to specific repositories without becoming organization members, providing granular control over who can access particular projects while maintaining organization membership boundaries.
You are configuring a branch protection rule that requires status checks to pass before merging. Which scenario best requires this protection?
Status checks in branch protection rules require that continuous integration and other automated checks pass before a pull request can be merged, ensuring code quality and build integrity.
What is the maximum duration for a GitHub personal access token's validity in the classic token type?
Classic personal access tokens (PATs) do not have an expiration limit and remain valid indefinitely until manually revoked, whereas fine-grained tokens support optional expiration dates.
When implementing GitHub's dependency management strategy, which tool automatically creates pull requests to update vulnerable dependencies?
Dependabot automatically detects outdated and vulnerable dependencies in your repositories and creates pull requests to update them, helping maintain security and compatibility.
Your organization needs to enforce that all repositories have specific repository protection rules. Which administrative approach provides the most comprehensive enforcement?
Organization-level settings and policies allow administrators to set default rules and enforcement mechanisms that apply across multiple repositories, ensuring consistent security practices organization-wide.
When configuring IP allow lists for your GitHub Enterprise instance, what is the primary security benefit?
IP allow lists restrict access to GitHub infrastructure from specific IP address ranges, adding a network-level security control that complements authentication mechanisms.
You need to audit which organization members have elevated permissions. Where would you find this information?
The organization members and teams management section displays member roles, permissions, and team assignments, allowing administrators to audit access levels across the organization.
In GitHub Advanced Security, what does CodeQL analysis primarily focus on detecting?
CodeQL is a semantic analysis engine that performs static application security testing (SAST) to identify security vulnerabilities, bugs, and code quality issues in source code.
Which permission level is required to create and manage GitHub Actions secrets at the organization level?
Only organization owners can create and manage organization-level secrets in GitHub Actions, ensuring that sensitive credentials are controlled at the highest administrative level.
You are implementing GitHub for a large enterprise with multiple teams. What is the recommended approach for organizing repositories and teams?
A multi-organization structure aligned with business units provides better security boundaries, clearer access control, and improved management of large enterprise implementations while teams manage access within organizations.
When configuring required reviews for pull requests, what does the 'dismiss stale review' setting control?
The 'dismiss stale review' setting ensures that approvals must be renewed after new commits are added to a pull request, maintaining code review integrity and preventing outdated approvals.
What is the primary advantage of using GitHub's enterprise-managed users (EMU) feature?
Enterprise-managed users allow organizations to manage user identities centrally through their identity provider (IdP) with automatic provisioning, deprovisioning, and synchronized access control.
You need to prevent accidental deletion of a critical repository. Which GitHub feature provides this protection?
Repository deletion can be restricted by limiting admin access and configuring organization policies that prevent repository deletion or require additional confirmation steps.
When implementing GitHub Actions for continuous integration, which component defines the workflow execution conditions and job definitions?
GitHub Actions workflows are defined in YAML files stored in the .github/workflows directory, specifying triggers, jobs, steps, and execution logic for automated processes.
What is the scope of permissions when using fine-grained personal access tokens compared to classic tokens?
Fine-grained personal access tokens offer repository-specific and resource-specific permissions, allowing administrators to grant only the minimum necessary access compared to the broader scopes of classic tokens.
Your organization needs to enforce that commits are signed with GPG keys before merging. How should you implement this requirement?
Branch protection rules include an option to require commits to be signed with verified signatures (GPG, S/MIME, or SSH), preventing merging of unsigned commits.
When configuring GitHub's webhook functionality, what information is essential to specify for security purposes?
Secure webhook configuration requires specifying the URL, a secret token that GitHub uses to sign payloads (enabling verification that webhooks come from GitHub), and selecting which events trigger the webhook.
What does the 'require up-to-date branches' branch protection rule enforce?
This rule requires pull request branches to be up-to-date with the base branch (containing all latest commits) before merging, preventing merge conflicts and ensuring integration with recent changes.
In GitHub Enterprise, what is the primary purpose of the clustering feature?
GitHub Enterprise clustering distributes the application across multiple nodes, providing high availability, fault tolerance, and load balancing to ensure continuous service availability.
Which scenario best describes when you would use a GitHub organization's 'Base role' setting?
The base role setting in organization settings defines the default permission level (member, maintainer, owner) that applies to all members, simplifying permission management across the organization.
What is the primary purpose of GitHub's SAML single sign-on (SSO) configuration at the enterprise level?
SAML SSO at the enterprise level allows administrators to manage user access through a central identity provider, ensuring consistent authentication policies across the entire organization.
When configuring GitHub Enterprise Server (GHES), which component is responsible for handling background jobs and webhooks?
The job worker processes background jobs, webhooks, and asynchronous tasks in GitHub Enterprise Server, operating separately from the web tier to ensure performance isolation.
What is the correct method to transfer a repository from one GitHub organization to another while preserving its history and pull requests?
GitHub provides a built-in repository transfer feature that safely moves a repository to a new organization while preserving all commit history, branches, issues, and pull requests.
In GitHub, what does the term 'outside collaborator' refer to?
Outside collaborators are individuals external to an organization who receive direct repository access without being organization members, useful for contractors or open-source contributors.
Which of the following best describes the purpose of GitHub's token expiration policy?
Token expiration policies require personal access tokens and GitHub App tokens to be refreshed regularly, minimizing security risks associated with token compromise over extended periods.
What is the recommended approach for managing secrets across multiple repositories within a GitHub organization?
Organization secrets allow administrators to create secrets at the organization level and make them available to selected repositories, reducing duplication while maintaining security and access control.
In GitHub Enterprise Server, what is the purpose of the 'Replica' configuration?
A GitHub Enterprise Server replica is a high-availability configuration that maintains a synchronized copy of the primary instance, handling read operations and providing failover capability.
What is the primary benefit of using branch protection rules in GitHub?
Branch protection rules enforce governance by requiring pull request reviews, status check validations, and other prerequisites before code can be merged into protected branches like main.
When managing GitHub Enterprise Server backups, which utility is recommended for creating consistent snapshots?
The github-backup utility is the official tool for creating consistent, incremental backups of GHES, managing repositories, user data, and configuration while maintaining data integrity.
What does the 'Require code reviews before merging' branch protection setting specifically enforce?
This setting requires at least one (configurable) approving review before merge, with options to dismiss stale reviews and prevent author self-approval for enhanced code quality.
In the context of GitHub administration, what is a 'runner' in GitHub Actions?
Runners are execution environments that run GitHub Actions workflows. GitHub-hosted runners are managed by GitHub, while self-hosted runners can be deployed on your own infrastructure.
What is the impact of enabling 'Require status checks to pass before merging' on a protected branch?
This branch protection rule ensures that pull requests can only be merged after specified status checks (like CI/CD pipelines) successfully complete, maintaining code quality standards.
Which permission level in GitHub allows a user to create and manage teams within an organization?
Only organization owners have the authority to create and manage teams, assign members to teams, and manage team permissions across the organization.
What is the primary security consideration when implementing self-hosted runners for GitHub Actions?
Self-hosted runners pose security risks if not properly configured; they should be isolated, use short-lived credentials, and potentially run on ephemeral machines to prevent compromise.
In GitHub, what is the purpose of a 'deploy key'?
Deploy keys are SSH keys that grant automated systems (like CI/CD pipelines) read-only or read-write access to a repository without requiring personal credentials or organization membership.
What is the difference between GitHub's 'Code owners' feature and branch protection rules?
Code owners (CODEOWNERS file) designates required reviewers for changes in specific paths, automatically requesting reviews; branch protection rules enforce broader merge policies including approval counts and CI requirements.
When configuring GitHub Enterprise Server networking, which port is typically used for Git operations over SSH?
GitHub Enterprise Server uses port 22 for SSH Git operations, port 80 for HTTP (optionally redirecting to HTTPS), and port 443 for secure HTTPS and Git operations.
What does the 'Require branches to be up to date before merging' branch protection setting accomplish?
This rule ensures that pull request branches are synchronized with the base branch after status checks pass, preventing merges on stale code and reducing integration conflicts.
In GitHub organization management, what is the primary purpose of using organization-level webhooks?
Organization webhooks send notifications about org-level events to a specified URL, enabling integration with external systems for automation and monitoring beyond individual repository events.
What is the recommended approach for managing personal access tokens (PATs) in a GitHub organization?
Best practices include scoping tokens to least privilege, enabling expiration, storing in secure secret management systems, monitoring usage, and rotating tokens if compromised.
When a GitHub organization requires SAML SSO enforcement, what happens to existing personal access tokens?
When SAML SSO is enforced, new personal access tokens require authorization against the identity provider, and existing tokens must be individually authorized or will lose API access.
What is the purpose of GitHub's 'Dependabot' security feature?
Dependabot automatically monitors dependencies for vulnerabilities and available updates, creating pull requests to keep projects secure and current with minimal manual intervention.
In GitHub Enterprise Server, what is the purpose of configuring a 'GitHub Enterprise Server Cluster'?
A GHES cluster spreads load across multiple nodes, providing high availability through automatic failover, improved performance, and fault tolerance for critical deployments.
What is the correct procedure for revoking a user's access to a GitHub organization?
Users are removed from organizations through the Members section in Organization Settings, immediately revoking their access to organization repositories while preserving their GitHub account.
When managing GitHub Actions secrets, what is the scope limitation for organization-level secrets compared to repository-level secrets?
Organization secrets can be restricted to specific repositories, environments, or both, providing granular access control beyond repository secrets which are isolated to a single repository.
What is the primary advantage of using GitHub's 'Required status checks' feature in conjunction with branch protection?
Required status checks enforce that specified CI/CD checks (tests, linting, security scans) must pass before merge, ensuring code quality standards are met automatically.
When configuring SAML single sign-on (SSO) for a GitHub Enterprise organization, what is the primary purpose of the Identity Provider (IdP) metadata URL?
The IdP metadata URL contains the IdP's public certificate, single sign-on URL, and other configuration details that GitHub needs to validate SAML responses. This is essential for establishing trust between GitHub and the IdP.
What is the difference between organization-level and team-level permissions in GitHub?
Organization permissions establish baseline access rules across the organization, while team permissions allow fine-grained control over which team members have specific access levels to particular repositories. Teams enable better security segmentation.
You need to ensure that all commits in your organization's repositories are signed with GPG keys. Which GitHub feature should you configure?
Branch protection rules can be configured to require all commits to be signed before merging to protected branches. This ensures code provenance and prevents unauthorized commits from being merged.
When using GitHub Actions in an enterprise environment, what is the primary benefit of using self-hosted runners instead of GitHub-hosted runners?
Self-hosted runners provide control over the compute environment and can access internal systems (databases, artifact repositories) that GitHub-hosted runners cannot reach, making them essential for enterprise workflows with legacy system integration.
How should you handle GitHub Enterprise license management when you need to temporarily increase the number of seats for seasonal projects?
The proper process is to contact GitHub support to adjust your license allocation, which updates your enterprise license. Once updated, you manage the actual seat usage by adding or removing members from organizations.
In a GitHub organization with multiple teams, you want to prevent accidental deletion of critical repositories. What is the most effective administrative control?
Restricting the admin role at the repository level and requiring explicit confirmation for deletions at the organization level provides layered protection against accidental deletion. Branch protection rules protect branches, not repositories.
What should you verify when auditing GitHub Actions security in your organization?
Security audit best practices for Actions include using least-privilege permissions, leveraging secrets management, vetting third-party actions, and reviewing action source code. This prevents credential exposure and unauthorized access.
When configuring IP whitelisting for GitHub Enterprise Server, which type of network traffic does this primarily protect?
IP whitelisting for GitHub Enterprise Server restricts access to the web interface and management console, protecting administrative and user access. It does not inherently control git protocol traffic or webhook deliveries.
You discover that a GitHub organization member has created a personal access token (PAT) with a very long expiration period (several years). What is the best practice for remediating this security concern?
The proper remediation includes enforcing expiration policies at the organization level, reviewing existing tokens for compliance, revoking non-compliant tokens, and providing member education on secure token practices. Password rotation does not invalidate tokens.
What is the correct order of precedence for GitHub repository access permissions, from most restrictive to least restrictive?
Repository roles follow this hierarchy from most to least restrictive: Admin (full control) > Maintain (admin except delete/settings) > Write (push/merge) > Triage (manage issues/PRs) > Pull (read-only). Understanding this hierarchy is essential for proper access control.
You've reviewed all 60 questions. Take the interactive practice exam to simulate the real test environment.
▶ Start Practice Exam — Free