Microsoft GH-100 GitHub Administration Exam Practice Test

GitHub App Installation Access Tokens are privileged to the exact permissions you grant the App - down to individual repositories - and rotate automatically, making them the recommended choice for CI/CD automation workflows that demand least‑privilege, fine‑grained access.

GitHub Actions billing for GitHub‑hosted runners is based on the number of minutes consumed and the operating system of the runner - Linux, Windows, and macOS each have different per‑minute rates.

The audit log records the token’s identifier (the hashed_token value), the source IP address of the request, and the actor (the user or app) associated with that token, allowing you to trace exactly who used it.

Dependabot will automatically open a pull request that updates the direct dependency to a version which, in turn, resolves (or removes) the vulnerable transitive dependency—ensuring the fix is applied via your declared dependencies.

The revamped Billing & Licensing dashboard now includes a dedicated “Copilot” tab that shows per‑user seat assignments, usage counts, and estimated costs for your organization’s GitHub Copilot licenses, enabling you to track Copilot consumption by individual users.

Delete branch operations aren’t tracked as Git-activity events; the Git activity audit log only records Git events such as clone, fetch (pull), and push.

Before you enable team synchronization, you should clearly define how groups in your identity provider will map to GitHub teams and roles - ensuring that when the sync runs, users land in the correct teams with the right permissions.

You set the access policy on the Organization Secret itself - configuring its visibility so it’s scoped automatically to only internal and private repositories.

By defining the API key as an organization secret, you centralize management and can grant access only to the subset of repositories you choose - eliminating per‑repo duplication while enforcing the desired scope.

When you enforce the “Allow enterprise actions and reusable workflows” policy, GitHub will block all workflows from using actions or reusable workflows that aren’t defined in a repository within your enterprise - so only actions created inside your enterprise are allowed.

GitHub Advanced Security equips developers with built‑in code scanning (CodeQL), secret scanning, dependency review, and other AppSec tools - helping them find, fix, and prevent security vulnerabilities while maintaining code quality.

The administrator should first review the user’s repository role and the branch protection rules applied to that branch. A 403 error on push almost always indicates that the user either lacks the necessary write permissions or is not listed among the actors authorized by the branch protection settings.

GitHub Marketplace Apps come with built‑in integrations to external services - so you can plug in things like CI servers, code-quality scanners, or deployment tools without writing and maintaining custom connectors.

You must have administrator‑level SSH access to the GitHub Enterprise Server appliance so you can run the ghe-support-bundle command over SSH and capture the bundle locally.

In the organization’s runner group settings, switch the access from “All repositories” to “Selected repositories” and then explicitly choose which repos may use those runners.

The Dependency Graph continuously analyzes your repository’s manifest and lock files to build an inventory of direct and transitive dependencies and flags any that match entries in the GitHub Advisory Database, surfacing known vulnerabilities.

Users granted Write permission can push commits to non‑protected branches, allowing them to update code without needing administrative rights.

CodeQL differs from traditional static analysis tools by ingesting your code into a queryable database and letting you write QL queries - its own database‑style language - to express semantic checks and find patterns across the codebase.

Run the ghe-support-bundle command over SSH on your appliance and redirect its output to a file. For example:

ssh -p 122 admin@ghe.avocado.corp -- 'ghe-support-bundle -o' > support-bundle.tgz

This invokes the built‑in support‑bundle utility on your GitHub Enterprise Server instance and captures the resulting archive locally.