Free Microsoft GH-100 Actual Exam Questions
Dumps Box (DumpsBox) offers up-to-date practice exam questions for GH-100 certification exam which are developed and validated by Microsoft subject domain experts certified in Microsoft GH-100 . These practice questions are update regularly as we keep an eye on any recent changes in GH-100 syllabus, and when there is update our team quickly adjusts the questions. This commitment to providing the best quality exam prep material to certification aspirants is what makes DumpsBox.com the best certification exam prep website. On top of that, our strong, yet strictly moderated, community based feedback keeps the content clean and current. Each question has helpful community discussion that provides it extra perspective and introduces helpful resources for better exam preparation. This also saves students from other outdated practice questions or illicit exam dumps that can have adverse affects on career. Browse through our Microsoft GH-100 exam questions and pass your exam on first try.
during the setup process?
C/D? I’m between C and D since allowing manual updates could help fix errors quickly, but without the clear mapping in D, manual updates might just cause confusion. So D feels safer overall.
It’s D because without a clear mapping from identity provider groups to GitHub teams, you risk inconsistent permissions. Sync frequency or manual updates don’t solve the root problem of alignment.
C imo, since security policies often enforce who can push to a repo, controlling changes directly.
B, since the main goal of a security policy is to provide a clear channel for reporting security issues in open source projects, which is crucial for responsible disclosure. The other options don’t really cover that aspect.
solution. (Choose three.)
It’s D for sure, since GitHub Apps have specific permissions that need tracking. Also A makes sense because any permission changes impact security directly. B is a solid pick because promoting users to admins is a critical event to log and expose via API. Pushing to repos (C) and cloning (E) are more day-to-day actions, so they wouldn’t be in the audit log events exposed by GraphQL. This is less about normal activity and more about admin and security-level events that matter for auditing purposes.
A, B, D. I agree that pushes and cloning are regular activities, not really audit-level events for security. Changes in permissions (A), promoting users to admins (B), and GitHub App permission changes (D) are all major security-related actions that an audit log would track through the API. These seem like the logical choices for what the GraphQL API would expose for audits.
team requires that these runners use IP address ranges that would not be shared with other
companies. Which of the following approaches would meet their requirements?
D imo, static IPs would solve the exclusivity issue, but I don’t think GitHub-hosted runners actually support static IPs yet. So even if it sounds right, it probably won’t work in practice.
Not B, because those IPs are public and shared across many users, so they won’t meet strict security needs for exclusive IP ranges. The others try to limit exposure more.
Premium Support can help you with:
C imo, because setting up hardware isn’t something GitHub Premium Support would handle—GitHub’s focus is mainly on software and platform issues. A also feels off since writing scripts is more user-driven, not really their support area. So between B and D, without clear Enterprise Server context, D seems safer as integrating third-party apps is more of a typical support scenario for GitHub.com users.
Maybe D since Premium Support often helps with software integration issues, which fits better than installation or hardware stuff. They usually don’t get into scripting or physical setups.
A looks right to me too. EMUs use the company’s IdP for auth, so no personal GitHub passwords involved. That’s the key difference from normal accounts.
Maybe A makes the most sense since EMUs are tied to an external IdP, so users don’t have personal GitHub passwords. B and C don’t really match what I know about EMUs.
Makes sense to rule out D since owners have overarching access by default, so that can’t be right. A is definitely a responsibility because managing billing is a core task for org owners. C fits as well since owners control the settings and permissions. B seems plausible because owners typically don’t need approvals from other members to create repositories, even if some policies apply later. So I’d go with A, B, and C too.
C imo, since managing org settings is a core Owner duty. D can be ruled out because owners have default access, so no need for explicit permission. That leaves A and B as likely picks too.
organization runner group?
Maybe D is the better pick here because it’s about setting the overall policy to restrict access only to selected repos. C lets you pick repos, but if the policy isn’t set to limit access, then all repos might still connect. So D seems like the critical switch that activates the restriction, making sure only the chosen repos get runner access. Without D, even if you pick repos in C, the runners might remain open to others by default.
Not A, the meta API isn’t designed for access control here. The real control comes from setting repo permissions directly in the runner group, so C makes more sense to me.
Deleting the repo (D) sounds like an easy fix, but it doesn’t stop someone who already forked or cloned it from accessing the sensitive data. The exposed credentials could still be out there, so revoking them immediately (A) is crucial to prevent any further damage. After that, cleaning up the history with a force push or using tools to scrub the data would be next steps, but they’re secondary to blocking any potential misuse.
It’s A for me. Even if you remove the data from the repo later, those credentials or keys might already be compromised. Revoking them immediately stops anyone from using the leaked info, which is the biggest risk right away. You can’t rely on deleting or rewriting history to protect you if someone’s already grabbed the data. Better safe than sorry—cut off access first, then clean up after.
It’s B because GitHub Apps get better rate limits especially under an enterprise license, unlike machine accounts that use personal tokens and share limits. Plus, apps have scoped permissions which adds control.
D is wrong because machine accounts often share creds, making audits harder, not easier.
repository. What is the first step you should take to mitigate the risk?
Maybe D is a bit extreme as a first step since deleting the repo won’t stop someone from having already cloned it or accessed the secret elsewhere. GitHub support can’t magically scrub all copies either. The priority should be to revoke or rotate the secret first so it can’t be used anymore, then deal with cleaning the history. So B still feels like the safest move to stop any immediate damage before worrying about history rewriting or repo deletion.
B/C? Revoking the secret first is critical to stop any immediate misuse, then cleaning the history comes next to avoid exposure later. Deleting or contacting GitHub won’t stop current leaks quickly enough.
(GHEC)?
Option C stands out because GHES is about self-hosting, so you get to manage your data and security policies directly. Options A and D don’t really fit since GitHub hosts GHEC, not GHES, and GHES can integrate with external identity providers. B is more about cloud features. So C really nails the main difference here.
Probably C, since GHES is meant for self-hosting and full control over infrastructure.
two.)
Team Maintainers definitely handle membership, so C for sure, plus B since they organize sub-teams.
C, B. Maintainers typically manage the team roster and handle sub-teams directly. They don’t control org-wide things or delete repos, so those options can be ruled out pretty confidently.
.github/dependabot.yml file?
A, since it defines when and what dependencies Dependabot checks and updates.
Probably A, since dependabot.yml mainly sets how updates are managed and scheduled.
Option B stands out because GitHub Marketplace Apps are designed to easily integrate tools enterprises already use, which saves time and effort on custom development. Options A and C are overstatements—there’s no promise of zero downtime or that apps replace GitHub Actions altogether. D is also misleading since not every app is pre-approved by GitHub's security team; many still require their own security checks by the company using them. So B fits best from a practical enterprise perspective.
It’s B. These apps usually help connect GitHub to other tools without writing extra code, which is super handy for enterprises. The other options either overpromise or aren’t accurate.