Microsoft GH-100 Exam Practice Test Instant Access

Question 1

You are planning GitHub account management for a healthcare organization with strict compliance requirements. Which THREE of the following statements accurately describe GitHub Enterprise Managed Users (EMU) accounts? (Choose three.)

AEMU accounts can be used for both personal and enterprise repositories.

BEMU accounts are managed through an identity provider such as Azure AD.

CEMU accounts allow users to create and manage their own credentials.

DEMU accounts restrict users to enterprise-related activities only

EEMU accounts are created and managed by individual users.

FEMU accounts are owned by the organization and cannot be unlinked.

Answer : B, D, F

Enterprise Managed User accounts are provisioned and authenticated exclusively through your identity provider (for example, AzureAD), so the IdP handles their creation, attribute updates, and deprovisioning.

Managed user accounts cannot create public content or interact with repositories outside your enterprise; they're confined to private and internal repos within the enterprise.

EMU accounts are owned and controlled by the enterprise (via the IdP) and cannot be converted into or unlinked as personal accounts outside that enterprise.

Question 2

You discover that a secret (e.g., a token or password) was accidentally committed to a GitHub repository. What is the first step you should take to mitigate the risk?

AContact GitHub Support to remove the secret from all forks and clones of the repository.

BRevoke and/or rotate the secret to render it unusable, then assess whether history rewriting is necessary.

CRewrite the repository history using git filter-repo or BFG Repo-Cleaner to remove the secret from all commits.

DDelete the repository and create a new one to ensure the secret is no longer accessible.

Answer : B

The immediate priority is to revoke or rotate the exposed credential so it can no longer be used; once it's invalidated, you can safely proceed with history-rewriting or other cleanup steps.

Question 3

What will happen if Dependabot discovers a vulnerable transitive dependency in a repository?

AIt creates a pull request to update the direct dependency to a version that resolves the vulnerability.

BIt opens a pull request to update the affected package directly, regardless of version compatibility.

CIt automatically removes the package from the repository.

DIt sends an email to the repository owner but does not alter code.

Answer : A

Dependabot will automatically open a pull request that updates the direct dependency to a version which, in turn, resolves (or removes) the vulnerable transitive dependency---ensuring the fix is applied via your declared dependencies.

Question 4

Why would someone choose to configure a security policy?

ATo communicate corporate security and compliance policies for end users on a private repository.

BTo provide information on an open source repository for open source collaborators and researchers that may need to report and disclose sensitive security findings to maintainers securely.

CTo prevent anyone from pushing to the repository without approval.

DTo define which open source packages are permitted for use as part of that repository.

Answer : B

A security policy (the SECURITY.md file) lets maintainers of an open source repository provide clear, private instructions for collaborators and external researchers on how to report and disclose security vulnerabilities responsibly.

Question 5

Which THREE of the following accurately describe how the SCIM protocol enhances user management in GitHub Enterprise Cloud? (Choose three.)

ASCIM synchronizes changes to user attributes from the identity provider to GitHub.

BSCIM deactivates GitHub accounts when users are deleted from the identity provider.

CSCIM automatically deletes organization repositories when administrators are removed.

DSCIM automates user provisioning when new users are added to the identity provider.

ESCIM generates authentication tokens for accessing GitHub's REST API.

FSCIM configures repository permissions based on user roles within the organization.

Answer : A, B

SCIM automatically updates a user's account on GitHub whenever their profile attributes change in the identity provider.

When a user is removed or deactivated in the IdP, SCIM deactivates (soft-deprovisions) their GitHub account and disables access.

SCIM provisions new GitHub Enterprise Cloud accounts automatically when users are added in the identity provider.

Question 6

How is CodeQL different from other static analysis tools?

A It removes insecure code automatically

BIt allows querying of code semantics using a database-like language.

CIt only works for open-source projects.

DIt runs analysis only after a security breach.

Answer : B

CodeQL differs from traditional static analysis tools by ingesting your code into a queryable database and letting you write QL queries - its own database-style language - to express semantic checks and find patterns across the codebase.

Question 7

Which factor affects GitHub Actions pricing for GitHub-hosted runners on GitHub Enterprise Cloud?

ANumber of workflows defined in .github/workflows/

BNumber of contributors to the repository Explanation:Incorrect. Contributor count does not impact billing for Actions

CTotal number of repositories using Actions

DOperating system used in the runner environment

Answer : D

GitHub Actions billing for GitHub-hosted runners is based on the number of minutes consumed and the operating system of the runner - Linux, Windows, and macOS each have different per-minute rates.

Microsoft GitHub Administration GH-100 Exam Practice Test