Free Microsoft GH-100 Actual Exam Questions - Question 8 Discussion
organization runner group?
Maybe D is the better pick here because it’s about setting the overall policy to restrict access only to selected repos. C lets you pick repos, but if the policy isn’t set to limit access, then all repos might still connect. So D seems like the critical switch that activates the restriction, making sure only the chosen repos get runner access. Without D, even if you pick repos in C, the runners might remain open to others by default.
Not A, the meta API isn’t designed for access control here. The real control comes from setting repo permissions directly in the runner group, so C makes more sense to me.
B imo, adding a label to the runner group helps organize and identify runners for specific tasks or repos, making it easier to control access indirectly. It’s less about strict access control but still useful.
Makes sense that both C and D work hand in hand, but I’d say C is the more direct way to limit access since it’s where you actually pick the repos. D just flips the switch to enable the restriction overall. Without C, there’s no list to enforce. So, option C feels like the key step here.
C/D for sure. Without setting repos in the runner group (C), the policy in D can’t narrow access effectively. Both work together, but C actually names the repos allowed.
It’s C because the runner group settings actually define which repos get access. Without this, the policy in D won’t have anything specific to enforce. D just changes the overall policy mode.
D/C? The "Only selected repositories" policy in D is what actually restricts access org-wide, while C just lets you pick repos but doesn’t enforce the restriction unless D is set. So D feels more crucial.
C/D? The runner group settings (C) definitely let you pick repos, but the policies in D might be necessary to enforce that restriction at a higher level. Without enabling "Only selected repositories" in policies, the runner group settings might not fully restrict access. So it feels like both play a role—C sets the repos, D locks it down. Options A and B don’t really match the functionality needed here.
Option C since runner group settings let you pick repos that can use the runners.
C/D? I’m thinking C works because the runner group settings allow you to specify which repos can use those runners. D sounds like it’s about broader policies, but maybe not specific to runner groups. A and B don’t seem relevant since labels or the meta API aren’t about access control. From what I’ve seen, the runner group itself controls repo access directly.
C also makes sense because you can set repo access directly in runner group settings.
I think the answer is D. Setting Actions Policies to "Only selected repositories" should restrict runner group access to specific repos. The other options don’t seem directly related to limiting repo access. Anyone else?