GitHub Administration Practice Exam 2025: Latest Questions

Your organization wants to require that every commit merged into the default branch is cryptographically verifiable. Which setting best meets this requirement?

A team is creating many new repositories and wants each repo to start with the same baseline: issues enabled, a CODEOWNERS file, a pull request template, and default branch protections. What is the most appropriate GitHub feature to standardize this across new repositories?

You need to ensure that only organization members can create new repositories, while still allowing them to fork repositories within the organization. Where should you configure this control?

A developer reports they cannot merge a pull request even though they have write access. The PR shows 'Waiting for required status checks'. What is the most likely cause?

Your organization wants to reduce the risk of credential leaks in repositories by automatically detecting and notifying when secrets are committed. Which approach best matches this goal using built-in capabilities?

You are managing teams across multiple repositories. You need a structure where a parent team can grant baseline read access to many repos, while a child team adds write access to a smaller subset. Which design is most appropriate?

Your enterprise requires SAML SSO. Users can sign in to GitHub, but attempts to access organization resources fail until the user re-authorizes. What is the correct administrative action to ensure users can access the organization after SSO is enabled?

A workflow needs to deploy to a production environment only after approval by a specific team and only from the default branch. Which combination of features best achieves this with least effort?

Your enterprise wants to centrally manage policies that must apply consistently across hundreds of repositories, including: requiring PR reviews, restricting force pushes, and requiring specific status checks. You also need to target the same policy to multiple repositories without configuring each one individually. What is the best approach?

A compliance team requires an immutable audit trail of administrative actions and access events across the enterprise, and they want to integrate the data with a SIEM for alerting. Which solution best meets this requirement?

Your organization uses GitHub Enterprise Cloud. A new team needs the ability to create repositories only within a specific set of internal repositories, but should not be able to see or access other private repositories in the organization. What is the best approach?

A repository uses branch protection with required status checks. A workflow has been updated, but pull requests show the status check as "Expected — Waiting for status to be reported" and merges are blocked. What is the most likely cause?

You need to allow GitHub Actions workflows to deploy to Azure without storing long-lived cloud credentials in GitHub secrets. Which approach is recommended?

A regulated team must ensure that secret-scanning alerts are triaged by a central security team, while developers can still view alerts in their repositories. Which setup best meets this requirement in GitHub Enterprise Cloud?

Your organization wants to enforce that all repositories use the same issue templates and pull request template. The templates should be centrally managed and automatically available to new repositories. What should you use?

A company needs to prevent GitHub Actions workflows from untrusted public repositories from using the organization’s self-hosted runners. What is the best control?

You need to ensure that code owners must approve changes to files in the /infra directory before merging to the default branch. Which feature should you configure?

An enterprise wants to require SAML single sign-on (SSO) for organization access and ensure that tokens used by third-party tools are tied to SSO authorization. What should you implement?

Your enterprise must prevent repository administrators from disabling required reviews and status checks on the default branch. You want a centrally enforced policy that applies to many repositories and cannot be bypassed by repo admins. What should you use?

A security team needs an auditable, organization-wide way to allow only approved GitHub Apps and OAuth apps to access organization resources. The goal is to block unknown third-party app access by default. What should you configure?

Your GitHub Enterprise Cloud organization must prevent any user from accidentally making a private repository public. You want a centralized setting that applies to all repositories in the organization. What should you configure?

A company wants contributors to assign issues to a specific internal team using @mentions, and to ensure only members of that team can be granted write access to repositories. Which approach best meets the requirement?

After enabling SAML SSO for your organization, several users report they can sign in but cannot access organization resources unless they repeatedly re-authorize. You want to reduce re-authorization friction while keeping SSO enforced. What should you implement?

Your organization wants to standardize CI across hundreds of repositories and ensure updates to the CI logic roll out centrally without copying workflow files into every repository. Which design should you choose?

A security audit requires that no GitHub Actions workflow can access organization secrets unless it is explicitly approved and constrained to approved runner environments. Which configuration best satisfies the requirement?