
Prepare Top Microsoft GH-100 Exam Study Guide Practice Questions Edition
Go to GH-100 Questions - Try GH-100 dumps pdf
NEW QUESTION # 14
You are planning GitHub account management for a healthcare organization with strict compliance requirements. Which THREE of the following statements accurately describe GitHub Enterprise Managed Users (EMU) accounts? (Choose three.)
- A. EMU accounts allow users to create and manage their own credentials.
- B. EMU accounts can be used for both personal and enterprise repositories.
- C. EMU accounts are managed through an identity provider such as Azure AD.
- D. EMU accounts are owned by the organization and cannot be unlinked.
- E. EMU accounts restrict users to enterprise-related activities only
- F. EMU accounts are created and managed by individual users.
Answer: C,D,E
Explanation:
Enterprise Managed User accounts are provisioned and authenticated exclusively through your identity provider (for example, AzureAD), so the IdP handles their creation, attribute updates, and deprovisioning.
Managed user accounts cannot create public content or interact with repositories outside your enterprise; they're confined to private and internal repos within the enterprise.
EMU accounts are owned and controlled by the enterprise (via the IdP) and cannot be converted into or unlinked as personal accounts outside that enterprise.
NEW QUESTION # 15
Which practice helps avoid service disruption when consuming GitHub APIs at scale?
- A. Caching all API responses permanently
- B. Ignoring secondary rate limits
- C. Designing your application to work within GitHub's rate limits
- D. Using multiple tokens to bypass limits
Answer: C
Explanation:
Designing your integration to stay within GitHub's documented rate limits-by batching requests, using conditional requests, handling 429 responses with back-off, and monitoring the X-RateLimit-* headers - ensures you won't be temporarily throttled or cut off when you hit secondary limits.
NEW QUESTION # 16
When comparing a partner identity provider integration with a non-partner identity management solution for GitHub Enterprise Managed Users, which statement is Correct?
- A. The partner identity provider integrations rely on the partner to support the application on the partner IdP.
- B. The non-partner identity provider integrations require manual configuration of SAML 2.0 details.
- C. The partner identity provider integrations support fewer GitHub-supported authentication methods.
- D. The non-partner identity provider integrations can utilize OIDC for authentication.
Answer: B
Explanation:
Non-partner identity provider integrations require you to enter SAML2.0 configuration details by hand - such as the Sign-on URL, Issuer, and X.509 certificate - whereas partner IdPs supply a pre-configured application integration.
NEW QUESTION # 17
You are managing a repository in your organization's GitHub account. A team member asks you to confirm who has access to the repository and their permission levels. Which tool should you use to review and manage repository access?
- A. Branch Protection Rules.
- B. GitHub Actions Logs.
- C. Repository Settings > Manage Access.
- D. GitHub Pages Settings.
Answer: C
Explanation:
Use theRepositorySettingsManageAccess page to view all users and teams with access and their assigned permission levels.
NEW QUESTION # 18
Which Git operation is not included in the Git activity audit log?
- A. Fetch
- B. Push
- C. Delete branch
- D. Clone
Answer: C
Explanation:
Delete branch operations aren't tracked as Git-activity events; the Git activity audit log only records Git events such as clone, fetch (pull), and push.
NEW QUESTION # 19
Which of the following are valid ways to pass data to a reusable workflow in a separate repository?
- A. Use environment variables to pass data directly to the reusable workflow.
- B. Define the secrets in the reusable workflow's repository and reference the secret using the 'secrets' context.
- C. Define inputs in the reusable workflow and pass values from the calling workflow.
- D. Define the secrets in the caller repository and call the reusable workflow using the 'secrets' keyword.
Answer: C,D
Explanation:
You declare namedinputs in the reusable workflow's on.workflow_call block and then pass values from the caller using thewithkeyword, allowing the called workflow to consume those parameters.
You define required secrets in the caller repository and supply them to the reusable workflow via thesecretskeyword in the workflow-call step, ensuring sensitive values are securely passed.
NEW QUESTION # 20
You are using GitHub-hosted runners and need to securely deploy to an internal system. The security team requires that these runners use IP address ranges that would not be shared with other companies. Which of the following approaches would meet their requirements?
- A. GitHub-hosted standard runners, using the IP addresses provided in "actions" from https://api.github.com/meta
- B. GitHub-hosted larger runners with static IP addresses
- C. GitHub-hosted larger runners with Azure private networking
- D. GitHub-hosted standard runners, using the IP addresses provided in "api" from https://api.github.com/meta
Answer: B
Explanation:
GitHub's larger runners let you reserve dedicated static IP addresses for your workflows - so you can allow-list those IPs in your firewall and be sure they aren't shared with any other tenant.
NEW QUESTION # 21
What is the first step when sensitive data is accidentally pushed to a public GitHub repository?
- A. Delete the repository
- B. Force push a commit removing the data
- C. Revoke any exposed credentials immediately
- D. Open an issue to inform users
Answer: C
Explanation:
Revoke and/or rotate the exposed credentials immediately so they can no longer be used - this is the critical first step before you undertake any history-rewriting or cleanup.
NEW QUESTION # 22
What is the effect of enforcing a policy that restricts GitHub Actions to only those created by the enterprise?
- A. Only actions created within the enterprise are allowed
- B. Marketplace actions are allowed only with SSO enabled
- C. All public actions are allowed
- D. Actions can only be triggered by organization members
Answer: A
Explanation:
When you enforce the "Allow enterprise actions and reusable workflows" policy, GitHub will block all workflows from using actions or reusable workflows that aren't defined in a repository within your enterprise - so only actions created inside your enterprise are allowed.
NEW QUESTION # 23
Which THREE of the following accurately describe how the SCIM protocol enhances user management in GitHub Enterprise Cloud? (Choose three.)
- A. SCIM deactivates GitHub accounts when users are deleted from the identity provider.
- B. SCIM automates user provisioning when new users are added to the identity provider.
- C. SCIM configures repository permissions based on user roles within the organization.
- D. SCIM generates authentication tokens for accessing GitHub's REST API.
- E. SCIM synchronizes changes to user attributes from the identity provider to GitHub.
- F. SCIM automatically deletes organization repositories when administrators are removed.
Answer: A,E
Explanation:
SCIM automatically updates a user's account on GitHub whenever their profile attributes change in the identity provider.
When a user is removed or deactivated in the IdP, SCIM deactivates (soft-deprovisions) their GitHub account and disables access.
SCIM provisions new GitHub Enterprise Cloud accounts automatically when users are added in the identity provider.
NEW QUESTION # 24
What benefit does GitHub Advanced Security provide?
- A. helps organization administrators analyze and configure permissions to the least privilege required
- B. helps organization administrators manage security tokens
- C. helps developers improve and maintain the security and quality of code
- D. helps enterprise administrators improve and maintain network security for their GitHub Enterprise Server instances
Answer: C
Explanation:
GitHub Advanced Security equips developers with built-in code scanning (CodeQL), secret scanning, dependency review, and other AppSec tools - helping them find, fix, and prevent security vulnerabilities while maintaining code quality.
NEW QUESTION # 25
What additional capability does secret scanning offer for private repositories on GitHub Enterprise Cloud?
- A. Allows custom pattern definitions for internal secret formats.
- B. Revokes GitHub access tokens automatically.
- C. Rewrites history to remove secrets.
- D. Disables any code that contains a secret.
Answer: A
Explanation:
Secret scanning in private repositories on GitHub Enterprise Cloud lets you define and use custom regular-expression patterns - so you can detect internal or proprietary secret formats beyond the default partner-provided types.
NEW QUESTION # 26
When comparing Group SCIM to Team Sync for identity management in GitHub Enterprise, which statement is Correct?
- A. Group SCIM enables centralized user and group management through the IdP.
- B. Team Sync supports more identity providers than Group SCIM.
- C. Team Sync provides more automated user deprovisioning than Group SCIM.
- D. Group SCIM requires less initial configuration than Team Sync.
Answer: A
Explanation:
GroupSCIM lets you manage both user accounts and group memberships centrally in your identity provider - automatically provisioning, updating, and deprovisioning users and groups in GitHub - whereas TeamSync only mirrors IdP group membership into existing GitHub teams.
NEW QUESTION # 27
What is the key benefit of using a GitHub security advisory within a repository?
- A. It allows maintainers to privately disclose, discuss, and publish vulnerabilities.
- B. It prevents users from cloning the repository until issues are resolved.
- C. It flags all forks of the repository as vulnerable.
- D. It automatically reverts commits that introduced the vulnerability.
Answer: A
Explanation:
GitHub security advisories let maintainers privately disclose, discuss fixes, and then publish vulnerabilities in a controlled manner within the repository.
NEW QUESTION # 28
How does GitHub handle secrets found via secret scanning in a public repository?
- A. It notifies the admin via webhook.
- B. It immediately blocks the commit to protect the secret.
- C. It alerts the service provider (e.g., AWS, Stripe).
- D. It deletes the secret from the repository automatically.
Answer: C
Explanation:
When secret scanning detects a supported credential in a public repository, GitHub notifies the issuing service provider so they can revoke or rotate the exposed secret.
NEW QUESTION # 29
In a GitHub repository using Dependabot, which of the following best describes the purpose of the .github/dependabot.yml file?
- A. It lists commit SHAs to exclude from automatic pull requests.
- B. It enables GitHub to scan for secrets in dependency files.
- C. It encrypts dependency versions before storing them in the repo.
- D. It configures scheduling, package ecosystems, and target directories for update checks.
Answer: D
Explanation:
The .github/dependabot.yml file defines Dependabot's package-ecosystem, the directories to inspect, and the update schedule (daily/weekly/monthly), controlling when and where Dependabot checks for new versions.
NEW QUESTION # 30
Which of the following is a key benefit of setting default read permissions across organizations?
- A. Increases efficiency in content creation and updates.
- B. Improves collaboration by allowing users to modify content directly.
- C. Enhances security by minimizing unintended modifications.
- D. Suits environments where all users need write access.
Answer: C
Explanation:
Enforcing a default of Read for organization members ensures they can view content without the ability to push changes, reducing the risk of accidental or unauthorized modifications.
NEW QUESTION # 31
Your enterprise has multiple organizations, and you want to ensure consistent security policies across all teams. Which feature should you use?
- A. Assigning admin permissions to all team members.
- B. Outside collaborators for all repositories.
- C. Enterprise-level teams with inherited enterprise policies.
- D. Organization-specific teams with custom policies.
Answer: C
Explanation:
By using enterprise-level teams with inherited enterprise policies, you can group members across all your organizations and enforce the same security settings globally - ensuring every team abides by the enterprise's mandatory policies.
NEW QUESTION # 32
Which of the following is the responsibility of an Organization Owner in GitHub? (Choose three.)
- A. Create repositories without approval from other members.
- B. Manage organization settings, such as configuration and default permissions.
- C. View and manage organization billing information.
- D. Access repositories only if explicitly granted by a team maintainer.
Answer: A,B,C
Explanation:
Organization owners can view and edit billing information for the organization.
Organization owners may create new repositories in the organization without needing approval from other members.
Organization owners have full administrative control over organization settings, including configuring default repository permissions.
NEW QUESTION # 33
Your organization wants to reduce costs. Which of the following actions should you take?
- A. Regularly audit for inactive users
- B. Remove all outside collaborators
- C. Grant all users admin permissions
- D. Disable SAML SSO for members
Answer: A
Explanation:
Regularly auditing for inactive (dormant) users lets you suspend or remove accounts that aren't consuming seats - freeing up licenses and directly lowering your per-user subscription costs.
NEW QUESTION # 34
What makes GitHub Apps a more secure choice for automation over OAuth Apps?
- A. GitHub Apps are limited to read-only access and cannot write to repositories.
- B. GitHub Apps can only be installed by organization owners.
- C. GitHub Apps authenticate as an app with fine-grained permissions, not as a user.
- D. GitHub Apps always require two-factor authentication.
Answer: C
Explanation:
GitHub Apps authenticate as themselves with fine-grained, installation-scoped permissions and short-lived tokens - rather than inheriting a user's broad OAuth scopes - minimizing blast radius and aligning with least-privilege principles.
NEW QUESTION # 35
Which feature is unique to self-hosted runners?
- A. Execute scripts before and after a job
- B. Dynamic scaling
- C. GPU support
- D. Automatic updates to the operating system
Answer: A
Explanation:
Self-hosted runners support custom pre- and post-job scripts via runner hooks, letting you run arbitrary scripts before a job starts and after it finishes - capabilities not available on GitHub-hosted runners.
NEW QUESTION # 36
An organization wants to share a single API key required for their Actions workflows. They need to restrict its use to only a subset of repositories. Where should they configure the secrets to minimize maintenance?
- A. Repository secrets
- B. Environment secrets
- C. Organization secrets
- D. Development environment secrets
Answer: C
Explanation:
By defining the API key as an organization secret, you centralize management and can grant access only to the subset of repositories you choose - eliminating per-repo duplication while enforcing the desired scope.
NEW QUESTION # 37
......
Microsoft GH-100 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
Free GitHub Administrator GH-100 Exam Question: https://testking.prep4sureexam.com/GH-100-dumps-torrent.html