
[Mar-2026] Download Real Microsoft GH-100 Exam Dumps Test Engine Exam Questions
New GH-100 exam dumps Use Updated Microsoft Exam
Microsoft GH-100 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
NEW QUESTION # 30
A token was used to access an organization's resource via API. What fields in the audit log help determine who used it?
- A. The GitHub Actions runner name
- B. The token ID, requesting IP address, and associated user
- C. The token expiration date
- D. The token's permissions and the geographic region of access
Answer: B
Explanation:
The audit log records the token's identifier (the hashed_token value), the source IP address of the request, and the actor (the user or app) associated with that token, allowing you to trace exactly who used it.
NEW QUESTION # 31
You need GitHub to automatically notify a third-party service any time a new repository is created. You want to avoid writing custom code. The vendor has told you that they have a tool in the GitHub Marketplace. Which type of tool do you need?
- A. GitHub Copilot Extension
- B. GitHub Models
- C. GitHub App
- D. GitHub Action
Answer: C
Explanation:
You need a GitHub App. Marketplace integrations that listen for events like repository.created and send notifications are delivered as GitHub Apps, since they can subscribe to organization-level webhooks without you writing custom code.
NEW QUESTION # 32
Your organization wants to reduce costs. Which of the following actions should you take?
- A. Grant all users admin permissions
- B. Disable SAML SSO for members
- C. Remove all outside collaborators
- D. Regularly audit for inactive users
Answer: D
Explanation:
Regularly auditing for inactive (dormant) users lets you suspend or remove accounts that aren't consuming seats - freeing up licenses and directly lowering your per-user subscription costs.
NEW QUESTION # 33
Which of the following is a key benefit of setting default read permissions across organizations?
- A. Suits environments where all users need write access.
- B. Improves collaboration by allowing users to modify content directly.
- C. Enhances security by minimizing unintended modifications.
- D. Increases efficiency in content creation and updates.
Answer: C
Explanation:
Enforcing a default of Read for organization members ensures they can view content without the ability to push changes, reducing the risk of accidental or unauthorized modifications.
NEW QUESTION # 34
You discover that a secret (e.g., a token or password) was accidentally committed to a GitHub repository. What is the first step you should take to mitigate the risk?
- A. Contact GitHub Support to remove the secret from all forks and clones of the repository.
- B. Rewrite the repository history using git filter-repo or BFG Repo-Cleaner to remove the secret from all commits.
- C. Revoke and/or rotate the secret to render it unusable, then assess whether history rewriting is necessary.
- D. Delete the repository and create a new one to ensure the secret is no longer accessible.
Answer: C
Explanation:
The immediate priority is to revoke or rotate the exposed credential so it can no longer be used; once it's invalidated, you can safely proceed with history-rewriting or other cleanup steps.
NEW QUESTION # 35
Which of the following accurately contrasts a GitHub App and a GitHub Action?
- A. GitHub Apps run only on GitHub-provided virtual machines, while GitHub Actions run only on customer-hosted machines
- B. GitHub Actions can only be used to respond to events within a single repository while GitHub Apps can respond to events from multiple repositories
- C. GitHub Actions are limited to reading repository content only
- D. GitHub Apps can only be used inside .github/workflows
Answer: B
Explanation:
GitHub Actions workflows are defined and triggered within a single repository's context, whereas GitHub Apps are installed at the organization or user level and can subscribe to events across multiple repositories.
NEW QUESTION # 36
What benefit does GitHub Advanced Security provide?
- A. helps developers improve and maintain the security and quality of code
- B. helps organization administrators analyze and configure permissions to the least privilege required
- C. helps enterprise administrators improve and maintain network security for their GitHub Enterprise Server instances
- D. helps organization administrators manage security tokens
Answer: A
Explanation:
GitHub Advanced Security equips developers with built-in code scanning (CodeQL), secret scanning, dependency review, and other AppSec tools - helping them find, fix, and prevent security vulnerabilities while maintaining code quality.
NEW QUESTION # 37
What makes GitHub Apps a more secure choice for automation over OAuth Apps?
- A. GitHub Apps are limited to read-only access and cannot write to repositories.
- B. GitHub Apps always require two-factor authentication.
- C. GitHub Apps authenticate as an app with fine-grained permissions, not as a user.
- D. GitHub Apps can only be installed by organization owners.
Answer: C
Explanation:
GitHub Apps authenticate as themselves with fine-grained, installation-scoped permissions and short-lived tokens - rather than inheriting a user's broad OAuth scopes - minimizing blast radius and aligning with least-privilege principles.
NEW QUESTION # 38
Which events from the audit log are exposed by the GraphQL API? Each answer presents a complete solution. (Choose three.)
- A. promoting users to administrators
- B. cloning of repositories
- C. changes in permissions
- D. pushes to repositories
- E. changes to permissions of a GitHub App
Answer: A,C,E
Explanation:
The GraphQL Audit Log API surfaces entries whenever repository or organization permissions are changed ("Changes permissions").
It records when users are elevated to administrative roles ("Promotes users to admin").
It logs alterations to a GitHub App's granted permissions ("Changes permissions of a GitHub App").
NEW QUESTION # 39
You need to contact GitHub Premium Support. What are valid reasons for submitting a support ticket? (Each answer presents a complete solution. Choose two.)
- A. outages on GitHub.com affecting core Git functionality
- B. hardware setup issues or errors
- C. business impact from security issues within your organization
- D. license renewal
Answer: A,C
Explanation:
Business-impact security issues (for example, a critical vulnerability affecting your organization) are classified as High-priority tickets and are covered under your Premium Support SLA.
Outages on GitHub.com that disrupt core Git or web application functionality trigger Urgent-priority responses under Premium Support's SLA.
NEW QUESTION # 40
You want to ensure a secret is automatically available to only workflows in internal and private repositories in the organization. Where do you configure the required access policy?
- A. Actions policies
- B. Runner groups
- C. Rulesets
- D. Organization secret
Answer: D
Explanation:
You set the access policy on the Organization Secret itself - configuring its visibility so it's scoped automatically to only internal and private repositories.
NEW QUESTION # 41
Which of the following is a key benefit of using GitHub Marketplace Apps in an enterprise?
- A. All apps come pre-approved by GitHub's internal security team
- B. They guarantee no downtime during enterprise GitHub maintenance windows
- C. They often include integrations with external services, reducing the need for custom code
- D. Apps eliminate the need for GitHub Actions entirely
Answer: C
Explanation:
GitHub Marketplace Apps come with built-in integrations to external services - so you can plug in things like CI servers, code-quality scanners, or deployment tools without writing and maintaining custom connectors.
NEW QUESTION # 42
What do you need to successfully generate a support bundle on a GitHub Enterprise Server?
- A. Approval from GitHub Support
- B. A custom GitHub Action in the root repo
- C. Administrator SSH access to the appliance
- D. A GitHub App with read:org permissions
Answer: C
Explanation:
You must have administrator-level SSH access to the GitHub Enterprise Server appliance so you can run the ghe-support-bundle command over SSH and capture the bundle locally.
NEW QUESTION # 43
What is the first step when sensitive data is accidentally pushed to a public GitHub repository?
- A. Force push a commit removing the data
- B. Revoke any exposed credentials immediately
- C. Delete the repository
- D. Open an issue to inform users
Answer: B
Explanation:
Revoke and/or rotate the exposed credentials immediately so they can no longer be used - this is the critical first step before you undertake any history-rewriting or cleanup.
NEW QUESTION # 44
You are planning GitHub account management for a healthcare organization with strict compliance requirements. Which THREE of the following statements accurately describe GitHub Enterprise Managed Users (EMU) accounts? (Choose three.)
- A. EMU accounts are owned by the organization and cannot be unlinked.
- B. EMU accounts are created and managed by individual users.
- C. EMU accounts can be used for both personal and enterprise repositories.
- D. EMU accounts allow users to create and manage their own credentials.
- E. EMU accounts restrict users to enterprise-related activities only
- F. EMU accounts are managed through an identity provider such as Azure AD.
Answer: A,E,F
Explanation:
Enterprise Managed User accounts are provisioned and authenticated exclusively through your identity provider (for example, AzureAD), so the IdP handles their creation, attribute updates, and deprovisioning.
Managed user accounts cannot create public content or interact with repositories outside your enterprise; they're confined to private and internal repos within the enterprise.
EMU accounts are owned and controlled by the enterprise (via the IdP) and cannot be converted into or unlinked as personal accounts outside that enterprise.
NEW QUESTION # 45
When a token is used to perform actions across different GitHub resources, how is this reflected in audit logs?
- A. Each API action made with the token generates a separate audit log entry
- B. Only the first repository accessed is recorded
- C. GitHub creates a ZIP archive of all token activity
- D. The audit log stores only the token name and not its actions
Answer: A
Explanation:
Each API call authenticated with a token generates its own audit-log event, so you'll see a distinct entry for every action performed across different resources, each annotated with the token's hashed ID, actor, and source IP.
NEW QUESTION # 46
Our organization is updating its enterprise policies. Which of the following steps should you take to ensure alignment with security requirements?
- A. Implement the new enterprise policies across the organization first and then consult with the security team to identify- any necessary adjustments or retrofits
- B. Implement changes without consulting stakeholders.
- C. Regularly assess and adjust policies based on evolving risks.
- D. Maintain clear documentation of existing policies and policy changes.
Answer: A,D
NEW QUESTION # 47
......
Pass Your GH-100 Dumps as PDF Updated on 2026 With 67 Questions: https://www.prep4sureguide.com/GH-100-prep4sure-exam-guide.html
Verified GH-100 Dumps Q&As - GH-100 Test Engine with Correct Answers: https://drive.google.com/open?id=1oAcSDmNxJE3_u3SjuEYMJKWLJVCNpqID