GH-100 Microsoft Exam Questions and Free Practice Test

Question 13

Which of the following is the responsibility of a Team Maintainer in a GitHub organization? (Choose two.)

A. Modifying organization-wide settings.

B. Managing nested sub-teams.

C. Adding or removing team members.

D. Deleting repositories assigned to the team.

Correct Answer:BC
Team maintainers can manage nested sub‑teams - requesting to add or change parent/child teams within the organization's hierarchy.
Team maintainers have permission to add and remove members from their team, controlling day‑to‑day team membership.

Question 14

You want to ensure a secret is automatically available to only workflows in internal and private repositories in the organization. Where do you configure the required access policy?

A. Actions policies

B. Runner groups

C. Rulesets

D. Organization secret

Correct Answer:D
You set the access policy on the Organization Secret itself - configuring its visibility so it??s scoped automatically to only internal and private repositories.

Question 15

You are planning GitHub account management for a healthcare organization with strict compliance requirements. Which THREE of the following statements accurately describe GitHub Enterprise Managed Users (EMU) accounts? (Choose three.)

A. EMU accounts can be used for both personal and enterprise repositories.

B. EMU accounts are managed through an identity provider such as Azure AD.

C. EMU accountsallow users to create and manage their own credentials.

D. EMU accounts restrict users to enterprise-related activities only

E. EMU accounts are created and managed by individual users.

F. EMU accounts are owned by the organization and cannot be unlinked.

Correct Answer:BDF
Enterprise Managed User accounts are provisioned and authenticated exclusively through your identity provider (for example, Azure AD), so the IdP handles their creation, attribute updates, and deprovisioning.
Managed user accounts cannot create public content or interact with repositories outside your enterprise; they're confined to private and internal repos within the enterprise.
EMU accounts are owned and controlled by the enterprise (via the IdP) and cannot be converted into or unlinked as personal accounts outside that enterprise.

Question 16

How is CodeQL different from other static analysis tools?

A. It removes insecure code automatically

B. It allows querying of code semantics using a database-like language.

C. It only works for open-source projects.

D. It runs analysis only after a security breach.

Correct Answer:B
CodeQL differs from traditional static analysis tools by ingesting your code into a queryable database and letting you write QL queries - its own database‑style language - to express semantic checks and find patterns across the codebase.

Question 17

What makes GitHub Apps a more secure choice for automation over OAuth Apps?

A. GitHub Apps always require two-factor authentication.

B. GitHub Apps can only be installed by organization owners.

C. GitHub Apps are limited to read-only access and cannot write to repositories.

D. GitHub Apps authenticate as an appwithfine-grained permissions, not as a user.

Correct Answer:D
GitHub Apps authenticate as themselves with fine?grained, installation?scoped permissions and short?lived tokens - rather than inheriting a user's broad OAuth scopes - minimizing blast radius and aligning with least?privilege principles.

Question 18

Which THREE of the following accurately describe how the SCIM protocol enhances user management in GitHub Enterprise Cloud? (Choose three.)

A. SCIM synchronizes changes to user attributes from the identity provider to GitHub.

B. SCIM deactivates GitHub accounts when users are deleted from the identity provider.

C. SCIM automatically deletes organization repositories when administrators are removed.

D. SCIM automates user provisioning when new users are added to the identity provider.

E. SCIM generates authentication tokens for accessing GitHub's REST API.

F. SCIM configures repository permissions based on user roles within the organization.

Correct Answer:AB
SCIM automatically updates a user's account on GitHub whenever their profile attributes change in the identity provider.
When a user is removed or deactivated in the IdP, SCIM deactivates (soft?deprovisions) their GitHub account and disables access.
SCIM provisions new GitHub Enterprise Cloud accounts automatically when users are added in the identity provider.

START GH-100 EXAM