Enable secure software development and ensure compliance Questions
Practice questions for Enable secure software development and ensure compliance topic in GitHub Administration. 31 questions covering this domain.
A team on GitHub Team wants to use artifact attestations for a private repository. What else is required?
An administrator must explain why an asset went missing and needs a programmatic audit trail they can also use for reporting. Which GH-100 exam object...
A security lead wants an organization-wide view of trends, insights, and the repositories at greatest risk. Which feature should the administrator poi...
Which GitHub feature lets you explore the packages a repository depends on and the repositories or packages that depend on it?
A repository owner wants security researchers to have a documented way to report vulnerabilities privately. Which GitHub feature should they add?
A workflow needs machine authentication with minimal permissions and short-lived credentials that are not tied to a single user account. What is the b...
A supported credential is leaked in a public repository, and the security team wants the service provider to be informed quickly. Which feature handle...
A team wants to catch vulnerable dependency changes during pull request review, before the code is merged. Which feature should the administrator enab...
Maintainers of a public repository find a vulnerability and want to coordinate a private fix before disclosure. Which GitHub feature should they use?
A reviewer wants to see whether a pull request introduces risky or vulnerable dependency changes before merge. Which feature should be enabled?
An automation script starts receiving 403 responses after an enterprise administrator blocks classic personal access tokens. What is the most likely e...
A developer bypasses push protection and completes the push anyway. What does GitHub do next?
A compliance team needs an SPDX-compatible software bill of materials for a repository. Which GitHub feature can provide that export?
A monitoring tool only needs to inspect the current GitHub API rate state. Which request can it make without consuming primary rate limit?
A developer accidentally pushes a supported secret to a public repository from the command line. Which statement about push protection for users is co...
Developers occasionally have a legitimate reason to override push protection, but leadership wants approved exceptions instead of ad hoc bypasses. Whi...
A private repository wants a documented disclosure process and a way for researchers to report vulnerabilities privately. Which feature should be adde...
A developer creates a personal access token and tries to use it to administer a repository they cannot open in the GitHub UI. What happens?
A developer wants to see both what a repository depends on and what depends on that repository. Which feature provides that relationship view?
An automation team wants to replace classic PATs with fine-grained PATs everywhere. Which limitation still requires planning for exceptions?
Sign in to see all 31 questions
Create a free account to browse all questions — completely free during our launch phase.