Question 1

Why would someone choose to configure a security policy?

ATo communicate corporate security and compliance policies for end users on a private repository.

BTo provide information on an open source repository for open source collaborators and researchers that may need to report and disclose sensitive security findings to maintainers securely.

CTo prevent anyone from pushing to the repository without approval.

DTo define which open source packages are permitted for use as part of that repository.

Answer : B

A security policy (the SECURITY.md file) lets maintainers of an open source repository provide clear, private instructions for collaborators and external researchers on how to report and disclose security vulnerabilities responsibly.

Question 2

Your organization wants to reduce costs. Which of the following actions should you take?

AGrant all users admin permissions

BRemove all outside collaborators

CRegularly audit for inactive users

DDisable SAML SSO for members

Answer : C

Regularly auditing for inactive (dormant) users lets you suspend or remove accounts that aren't consuming seats - freeing up licenses and directly lowering your per-user subscription costs.

Question 3

You need GitHub to automatically notify a third-party service any time a new repository is created. You want to avoid writing custom code. The vendor has told you that they have a tool in the GitHub Marketplace. Which type of tool do you need?

AGitHub App

BGitHub Copilot Extension

CGitHub Models

DGitHub Action

Answer : A

You need a GitHub App. Marketplace integrations that listen for events like repository.created and send notifications are delivered as GitHub Apps, since they can subscribe to organization-level webhooks without you writing custom code.

Question 4

A team member is unable to push to a repository due to a 403-error related to branch protection. What should the GitHub Enterprise administrator do first?

ARemove the user from the team and re-add them

BCheck the user's permissions and rulesets applied to the branch

CRaise a GitHub Support request for permissions issues

DRevert the branch to an earlier state

Answer : B

The administrator should first review the user's repository role and the branch protection rules applied to that branch. A 403 error on push almost always indicates that the user either lacks the necessary write permissions or is not listed among the actors authorized by the branch protection settings.

Question 5

What is the key benefit of using a GitHub security advisory within a repository?

AIt automatically reverts commits that introduced the vulnerability.

BIt allows maintainers to privately disclose, discuss, and publish vulnerabilities.

CIt flags all forks of the repository as vulnerable.

DIt prevents users from cloning the repository until issues are resolved.

Answer : B

GitHub security advisories let maintainers privately disclose, discuss fixes, and then publish vulnerabilities in a controlled manner within the repository.

Free Practice Questions for Microsoft GH-100 Exam

Question 1

Question 2

Question 3

Question 4

Question 5