GH-900 — GitHub Foundations Study Guide

What is the primary purpose of GitHub Actions?

• A To replace Git as the primary version control system
• B To provide version control for binary files only
• C To manage user access controls and permissions across organizations
• D To automate workflows and CI/CD pipelines directly within GitHub repositories ✓ Correct

When working with Git, what does the staging area (index) represent?

• A A temporary storage location for changes that are ready to be committed ✓ Correct
• B The main branch where all production code must reside
• C A location where merge conflicts are automatically resolved
• D A backup copy of your repository stored on GitHub servers

Which GitHub feature allows you to propose changes to a repository you don't own?

• A Webhooks
• B Pull Requests ✓ Correct
• C Deploy Keys
• D GitHub Packages

What is the primary difference between a fork and a branch?

• A A branch is created on GitHub while a fork is created locally
• B Forks can only be created by repository administrators
• C A branch can contain multiple commits while a fork contains only one
• D A fork creates an independent copy of the entire repository, while a branch is a pointer to a commit within the same repository ✓ Correct

In GitHub, what does CODEOWNERS file do?

• A It automatically assigns issues to team members based on keywords
• B It defines who must review pull requests before they can be merged ✓ Correct
• C It prevents unauthorized users from accessing sensitive code sections
• D It lists all the financial contributors to the project

What is the purpose of a GitHub branch protection rule?

• A To enforce quality standards before code can be merged into a protected branch, including required reviews and status checks ✓ Correct
• B To prevent all team members except administrators from accessing the branch
• C To automatically delete old branches after 30 days of inactivity
• D To create automatic backups of the branch on external servers

How does GitHub's dependency scanning feature help maintain security?

• A It encrypts all dependencies during transmission across networks
• B It prevents developers from using popular open-source libraries
• C It automatically removes all third-party dependencies from your code
• D It identifies vulnerable dependencies in your project and alerts you to potential security risks ✓ Correct

What is GitHub's approach to handling personal access tokens (PATs)?

• A PATs are less secure than passwords and should be avoided entirely
• B PATs should be treated as secrets, never committed to repositories, and should be rotated regularly for security ✓ Correct
• C PATs can be safely stored in public repositories if they have read-only permissions
• D PATs are automatically revoked after each use and must be regenerated

In a GitHub workflow file, what does the 'on' keyword specify?

• A The GitHub users who have permission to run the workflow
• B The operating system where the workflow will execute
• C The branches where the workflow output will be deployed
• D The events that trigger the workflow to run ✓ Correct

What is the primary function of GitHub Issues?

• A To provide real-time monitoring and alerting for deployed applications
• B To store and manage versioning of binary files
• C To track bugs, feature requests, and tasks in a project with discussion and assignment capabilities ✓ Correct
• D To automatically deploy code to production environments

How does GitHub's secret scanning feature operate?

• A It scans repositories for accidentally committed secrets like API keys and tokens, then alerts users and can revoke exposed credentials ✓ Correct
• B It prevents developers from writing code that contains hardcoded passwords
• C It encrypts all sensitive information in repositories using AES-256 encryption
• D It monitors network traffic to detect unauthorized access attempts

What is the relationship between Git and GitHub?

• A Git is the version control system; GitHub is a hosting platform and collaboration service built on Git ✓ Correct
• B GitHub is an older version of Git used primarily for enterprise deployments
• C Git and GitHub are identical systems with different user interfaces
• D Git requires GitHub to function; GitHub cannot operate independently

In GitHub, what does a 'squash and merge' commit strategy accomplish?

• A It combines multiple commits into a single commit before merging, creating a cleaner commit history ✓ Correct
• B It automatically distributes the merge workload across multiple team members to speed up the process
• C It prevents any merge conflicts from occurring between branches
• D It creates a backup copy of the branch before performing the merge operation

What is the primary purpose of GitHub Discussions?

• A To replace email as the official communication method within organizations
• B To facilitate community conversations, Q&A, and announcements separate from Issues and Pull Requests ✓ Correct
• C To store encrypted messages between team members
• D To track performance metrics and deployment statistics

How should you handle sensitive configuration data in GitHub Actions workflows?

• A Store them in public GitHub wikis that are access-controlled at the organization level
• B Pass them as plain text command-line arguments when triggering workflows manually
• C Use GitHub Secrets to store sensitive data and reference them as masked environment variables in workflow files ✓ Correct
• D Commit them directly to the repository with encryption to ensure they're backed up

What does the git rebase command accomplish that differs from merging?

• A It removes all commit history from a branch before merging into main
• B It creates multiple branches from a single commit point for parallel development
• C It replays commits from one branch on top of another, creating a linear history instead of a merge commit ✓ Correct
• D It automatically resolves merge conflicts without user intervention

What is the purpose of GitHub's code scanning feature?

• A To enforce consistent code formatting across all developers' machines
• B To track the time spent by developers on each code file
• C To automatically analyze code for security vulnerabilities, bugs, and quality issues using SAST tools ✓ Correct
• D To monitor network traffic between development and production servers

In GitHub, what is the significance of the .gitignore file?

• A It encrypts certain files to prevent unauthorized access
• B It specifies which files and directories Git should not track, preventing unintended commits of build artifacts and sensitive files ✓ Correct
• C It lists the names of developers who are ignored in code reviews
• D It automatically deletes files from the repository that match specified patterns

What does GitHub's required status checks feature enforce?

• A All developers must have administrator privileges before creating new branches
• B External CI/CD checks must pass before a pull request can be merged into a protected branch ✓ Correct
• C Users must complete a security training course before accessing the repository
• D Every commit message must contain a specific keyword or pattern

How does GitHub's collaborative features enable distributed team development?

• A Through pull requests, code reviews, discussions, and branch protection rules that facilitate asynchronous collaboration and maintain code quality standards ✓ Correct
• B By forcing all developers to work on the same computer simultaneously
• C Through centralized approval workflows that require in-person meetings
• D By preventing developers from working on different features at the same time

What is a GitHub workflow and how does it differ from an action?

• A A workflow is a manual process while an action is fully automated
• B An action is a collection of workflows that are executed together
• C Workflows can only run on Linux while actions run on any operating system
• D A workflow is an automated process defined in YAML that orchestrates multiple actions to accomplish a task ✓ Correct

When using git, what does the HEAD reference point to?

• A The current commit you are working on, typically the tip of your checked-out branch ✓ Correct
• B The main branch of the repository
• C The most recently created tag in the repository
• D The file that Git uses to track merge conflicts

What is the purpose of GitHub's README.md file?

• A To provide documentation about the project, including setup instructions, usage, and contribution guidelines ✓ Correct
• B To store database credentials for production systems
• C To list all the bugs and issues that have been discovered in the project
• D To define the license restrictions that prevent all external use of the code

How does GitHub handle access control at the repository level?

• A Through IP address whitelisting that prevents access from unapproved networks
• B By allowing only the repository creator to access any files
• C By requiring all developers to use the same password for every repository
• D Through granular permissions (read, write, admin) assigned to users or teams with different access levels for different roles ✓ Correct

What does a GitHub runner do in the context of Actions?

• A It compresses repository data to reduce storage costs
• B It is a server that executes workflow jobs when triggered by specified events ✓ Correct
• C It monitors repository activity and sends notifications to team members
• D It automatically fixes code issues identified during code scanning

What is the primary purpose of GitHub as a version control platform?

• A To provide cloud storage for all types of files
• B To manage and store code repositories with full version history and collaboration features ✓ Correct
• C To serve as a replacement for continuous integration tools
• D To replace traditional project management software

In GitHub, what does a 'fork' allow you to do?

• A Create a permanent copy of a repository under your own account for independent development ✓ Correct
• B Split a single repository into multiple independent repositories
• C Merge multiple branches into a single unified branch automatically
• D Temporarily lock a repository to prevent other users from making changes

Which of the following best describes the purpose of a pull request in GitHub?

• A A mechanism to request and review code changes before merging them into the main branch ✓ Correct
• B A feature that prevents unauthorized access to sensitive repository information
• C A method to download code from a remote repository to your local machine
• D A tool for automatically deploying code to production environments

What is the primary function of GitHub Actions in the development workflow?

• A To automate tasks such as testing, building, and deploying code based on triggering events ✓ Correct
• B To provide a graphical user interface for managing repositories
• C To store encrypted credentials for authentication purposes
• D To manually create and manage branches in a repository

When should you use a branch in GitHub?

• A When you need to create backups of your code
• B Every time you make any change to a single file in the repository
• C Only when you need to work on experimental features or bug fixes without affecting the main codebase ✓ Correct
• D When you want to prevent other developers from accessing a repository

What role does a CODEOWNERS file play in GitHub repository management?

• A It determines who has legal ownership of the code in a repository
• B It specifies which users or teams should review pull requests that affect specific files or directories ✓ Correct
• C It restricts access to the repository based on file ownership
• D It automatically assigns all issues to designated team members

In GitHub, what is the significance of the default branch?

• A It determines the license type for the entire repository
• B It serves as the primary branch from which deployments occur and represents the production-ready code ✓ Correct
• C It automatically deletes old commits to save storage space
• D It is the only branch that can contain executable code

What does GitHub Copilot primarily assist developers with?

• A Creating and scheduling automated backups of repositories
• B Managing user permissions and access control across repositories
• C Automatically fixing all security vulnerabilities in code
• D Providing AI-powered code suggestions and autocompletion based on context and comments ✓ Correct

Which security feature should you use to prevent exposing sensitive information like API keys in repositories?

• A Commit signing with GPG keys
• B Branch protection rules that scan for credentials
• C Public repository settings that automatically encrypt all files
• D GitHub Secrets, which encrypts sensitive data and makes it available only to workflows and deployments ✓ Correct

What is the primary benefit of using GitHub's issue tracking system?

• A It provides a private messaging system for team communication
• B It replaces the need for pull request reviews entirely
• C It enables teams to organize, prioritize, and track work items and bugs in a centralized location linked to the codebase ✓ Correct
• D It automatically fixes all reported bugs without developer intervention

In GitHub, what does a 'merge conflict' occur and how should it typically be resolved?

• A When two branches modify the same lines of code, requiring manual review and selection of the correct changes before merging ✓ Correct
• B When two developers attempt to push changes at exactly the same time
• C When a pull request has too many commits and should be rejected automatically
• D When a repository reaches its maximum storage capacity and must be archived

What is the main purpose of branch protection rules in GitHub?

• A To limit the number of commits that can be made to a repository
• B To enforce code quality standards by requiring reviews, status checks, and preventing direct pushes to protected branches ✓ Correct
• C To encrypt all data stored in a branch
• D To automatically delete branches that haven't been updated in 30 days

Which of the following correctly describes the relationship between commits and branches in Git?

• A Commits and branches are identical concepts used interchangeably in version control
• B Commits are snapshots of code changes, while branches are pointers to specific commits that allow parallel development ✓ Correct
• C Branches are saved versions of entire repositories, while commits are temporary changes
• D Branches store only metadata while commits store the actual code changes in a separate system

What should you include in a well-written commit message according to GitHub best practices?

• A Automated timestamps and system-generated identifiers only
• B A concise subject line describing what changed, optionally followed by a detailed explanation of why the change was made ✓ Correct
• C The names of all files modified and their exact line numbers
• D A list of all team members who approved the change

In a GitHub workflow, what is the recommended sequence for integrating changes from a feature branch?

• A Create a pull request before making any changes to get approval first
• B Push directly to main, then create a pull request to document the changes
• C Create a branch, make changes, push to remote, open a pull request, undergo review, resolve feedback, and merge to main ✓ Correct
• D Merge to main immediately, then open a pull request for post-merge review

What is GitHub Dependabot primarily designed to do?

• A Monitor server uptime and send notifications when services are down
• B Automatically delete unused branches from repositories
• C Manage user permissions and enforce multi-factor authentication across organizations
• D Automatically detect and create pull requests to update outdated dependencies and patch security vulnerabilities ✓ Correct

What does GitHub's code scanning feature primarily help developers identify?

• A Potential security vulnerabilities and coding errors using automated analysis without requiring manual security reviews ✓ Correct
• B The exact number of lines of code written by each developer
• C Comments that don't match the actual code implementation
• D Unused variables that consume memory in production environments

In GitHub, what is the primary purpose of using labels on issues and pull requests?

• A To encrypt sensitive information in issue descriptions
• B To automatically assign issues to specific developers based on their expertise
• C To categorize and organize work items for easier filtering, prioritization, and status tracking across teams ✓ Correct
• D To prevent issues from being closed by unauthorized users

What is the difference between 'clone' and 'fork' operations in GitHub?

• A Fork requires elevated permissions while clone requires no authentication
• B Clone is permanent while fork is temporary and automatically deleted
• C Clone creates a local copy on your machine under your Git configuration, while fork creates a separate repository on GitHub under your account ✓ Correct
• D Fork is used only by administrators, while clone can be used by any developer

How do GitHub repository templates assist development teams?

• A They provide pre-configured repository structures, workflows, and documentation that accelerate project setup and standardize team practices ✓ Correct
• B They automatically generate all code for new projects without developer input
• C They enforce the same branch naming conventions across all repositories
• D They prevent developers from modifying workflows or documentation files

What role does the GitHub API play in GitHub ecosystem integration?

• A It restricts direct access to repositories to only approved applications
• B It stores encrypted backups of all repositories on GitHub servers
• C It provides a simple web interface for managing repositories through a browser
• D It enables external applications and tools to programmatically interact with GitHub data and automate complex workflows beyond built-in features ✓ Correct

In GitHub, what does creating a 'draft pull request' indicate?

• A That the pull request has been rejected and cannot be modified
• B That the pull request is scheduled to be automatically merged at a specific time
• C That the pull request is still under development and not ready for review, preventing automatic merging and signaling work-in-progress status ✓ Correct
• D That the pull request requires signatures from all team members before proceeding

What is the primary function of the README.md file in a GitHub repository?

• A To configure build and deployment automation for the project
• B To store the source code for the entire application
• C To list all contributors and their compensation amounts
• D To provide essential project documentation including description, setup instructions, and usage guidelines for users and developers ✓ Correct

How does GitHub's community standards feature help maintain healthy open-source projects?

• A By providing templates and guidance for creating code of conduct, contributing guidelines, and documentation that foster inclusive and collaborative communities ✓ Correct
• B By preventing all forks of a repository to protect project integrity
• C By automatically removing any pull requests that don't follow specific coding standards
• D By restricting project access to developers who have completed formal training

What is the main advantage of using GitHub's built-in CI/CD capabilities with GitHub Actions instead of external tools?

• A External CI/CD tools are significantly more expensive and less reliable than GitHub Actions
• B Direct integration within the same platform reduces context switching, simplifies secret management, and enables seamless access to GitHub events and APIs ✓ Correct
• C GitHub Actions supports all programming languages while external tools support only JavaScript
• D Only GitHub Actions can deploy code to cloud providers and container registries

What is the primary purpose of GitHub Actions?

• A To manage user permissions and access control
• B To store and version control large binary files
• C To automate workflows and CI/CD pipelines directly within your repository ✓ Correct
• D To create and manage GitHub organization settings

Which of the following best describes a GitHub workflow file?

• A A markdown document that documents your project's development process
• B A compiled binary that runs on GitHub servers to execute tasks
• C A YAML configuration file that defines automated processes triggered by specific events ✓ Correct
• D A template repository used to standardize new project creation

What is a GitHub Secret, and why is it important in Actions workflows?

• A A type of branch protection rule that requires additional authentication steps
• B An encrypted variable that securely stores sensitive information and prevents exposure of credentials in logs ✓ Correct
• C A private key used only for encrypting repository data at rest
• D A backup copy of your repository code stored on encrypted servers

When using GitHub for collaborative development, what is the recommended approach for managing multiple features in parallel?

• A Use GitHub Discussions to coordinate feature development without creating branches
• B Maintain separate repositories for each feature and manually sync code periodically
• C Commit all changes directly to the main branch to avoid merge conflicts
• D Create separate branches for each feature and use pull requests to integrate changes ✓ Correct

What does the GitHub CLI (gh) tool primarily enable you to do?

• A Interact with GitHub repositories and manage workflows from your terminal or command line ✓ Correct
• B Create and host static websites using GitHub Pages
• C Configure advanced encryption settings for private repositories
• D Automatically generate documentation from code comments

In the context of GitHub, what is the primary function of a CODEOWNERS file?

• A To define which users have administrative access to billing settings
• B To automatically assign issues to specific team members based on issue labels
• C To restrict which file types can be committed to the repository
• D To specify which individuals or teams should review pull requests for specific files or directories ✓ Correct

Which GitHub feature allows you to track issues, organize tasks, and visualize project progress using a Kanban-style board?

• A GitHub Discussions
• B GitHub Milestones
• C GitHub Projects ✓ Correct
• D GitHub Releases

What is the difference between a GitHub Issue and a GitHub Discussion?

• A There is no functional difference; they are interchangeable features with different names
• B Issues can only be created by repository maintainers; Discussions can be created by anyone
• C Discussions are for private team conversations; Issues are public announcements
• D Issues are for bug reports and feature requests; Discussions are for asking questions and having conversations ✓ Correct

When configuring branch protection rules, what is the significance of requiring status checks to pass before merging?

• A It ensures that only the repository owner can approve pull requests
• B It guarantees that automated tests and CI/CD workflows must succeed before code is merged into the protected branch ✓ Correct
• C It automatically backs up the repository to an external storage location before allowing merges
• D It prevents contributors from creating new branches without permission

What is GitHub's semantic versioning convention often referred to as, and how does it benefit release management?

• A File organization; it standardizes how documentation should be structured in repositories
• B Branch naming; it determines which development strategies should be used
• C Commit messaging; it helps automate the generation of changelog entries
• D Release tagging; it allows you to quickly identify breaking changes and compatibility requirements ✓ Correct