Free Microsoft GH-900 Actual Exam Questions - Question 10 Discussion
account?
(Each answer presents a complete solution. Choose three.)
It’s A, C, and D—GitHub’s mobile app can do push 2FA, so it qualifies.
A/D/C? The authenticator app (A) and security keys (D) are definitely legit 2FA methods for GitHub. As for C, if the GitHub mobile app can send push notifications for approval, that counts as a separate second factor from just codes generated by authenticator apps. B is just security questions, which aren’t real 2FA, and E is more about identity management than a direct 2FA method GitHub offers itself. So I’d go with A, C, and D here.
B imo is out because security questions don’t truly count as 2FA—they’re more like a fallback or recovery option. E also feels off since single sign-on isn’t a standalone 2FA method from GitHub’s side; it depends on the external provider’s setup. So that leaves A, C, and D. I agree with the idea that GitHub mobile can act as a separate 2FA method if it uses push notifications to approve sign-ins, which is different from just generating codes like an authenticator app.
I’m thinking C could count if it’s about GitHub’s mobile app sending push notifications for approval, which is different from an authenticator app. E still feels less of a direct 2FA method though.
It’s A, D, and E since SSO can enforce 2FA through the provider.
Option A and D are solid picks since authenticator apps and security keys are standard 2FA methods. E is tricky because single sign-on depends on the identity provider’s 2FA, not GitHub itself.
A, D, and E. I’m skipping B because security questions aren’t really a proper second factor—they’re too easy to guess or bypass. C feels vague since GitHub’s mobile app mostly works with authenticator codes or push notifications which ties back to A or D. Single sign-on (E) can be part of 2FA if it integrates an external provider that enforces it, so it can count as a complete solution depending on setup.
It’s A, D, and C. Security questions aren’t really 2FA since they’re just an extra password step, and single sign-on doesn’t add a second factor by itself.
Can’t use single sign-on for 2FA itself, so A, C, and D.
Luke T.: B tbh, GitHub doesn’t use security questions for 2FA, right? Should we exclude B or is there some context missing about GitHub mobile or single sign-on here?