Microsoft GH-100 Exam Syllabus
Start Free GH-100 Exam Practice After Reviewing the Topics
Before starting your GH-100 exam preparation, it is recommended to review the complete Microsoft GitHub Administration exam syllabus and carefully go through the exam objectives listed below. Once you understand the exam structure and objectives, you should practice using our free GH-100 questions. We also provide premium GH-100 practice test, fully updated according to the latest exam objectives, to help you accurately assess your preparedness for the actual exam.
Microsoft GH-100 Exam Objectives
| Section | Weight | Objectives |
|---|---|---|
| Support GitHub Enterprise for users and key stakeholders | 15% | Support GitHub Enterprise for users and key stakeholders Distinguish problems that can be solved by an administrator from those that need GitHub Support Describe how to generate support bundles and diagnostics Describe how GitHub’s products and services are used within the enterprise to identify underutilized features, integrations in use, most active teams, and repositories Recommend standards for developer workflows, including code collaboration (fork-and-pull versus branching), branching, branch protection rules, code owners, the code review process, automation, and release strategy Explain the tooling ecosystem at the enterprise Explain the enterprise’s CI/CD strategy Discuss how to recommend tooling and workflows to teams within an enterprise Explain how GitHub APIs can be used to extend the capabilities of the administrator from the user interface, such as querying or storing the audit log Locate an asset from the GitHub Marketplace for a specific need (i.e., find the Azure Pipelines GitHub App in the Marketplace, install it, and configure it to deploy your code) Contrast a GitHub App and an action (i.e., their permissions, how they’re built, how they’re consumed) List the benefits and risks of using apps and actions from the GitHub Marketplace |
| Manage user identities and GitHub authentication | 20% | Manage user identities and GitHub authentication List the implications of enabling SAML single sign-on (SSO) for an individual organization versus all organizations in an enterprise account List the steps to enable and enforce SAML SSO for a single organization and multiple organizations using enterprise accounts Explain how to require two-factor authentication (2FA) for an organization Explain how to choose supported identity providers Describe how identity management and authorization works on GitHub List the consequences of a user’s membership in the instance, an organization, or multiple organizations Describe the authentication and authorization model (specifically, how users get to the system, and how they’re granted access to specific things within GitHub) List the supported SCIM providers (Azure, Okta, self-created) Describe how the SCIM protocol works and how GitHub supports it Describe how Team synchronization works Contrast team synchronization and SCIM |
| Describe how GitHub is deployed, distributed, and licensed | 5% | Contrast the capabilities of GitHub Enterprise Server (GHES), GitHub Enterprise Cloud (GHEC), and GitHub AE (GHAE) Describe GitHub Enterprise Cloud (GHEC) Describe GitHub Enterprise Server (GHES) Describe GitHub AE Differentiate how products are billed, including seat licenses, GitHub Actions, and GitHub Packages Describe pricing for GitHub Actions Describe pricing and support options for organizations Describe how to find statistics of license usage for a specific organization Describe how to find statistics of license usage for machine accounts and peripheral services Explain the consumption of metered products given a report (i.e., GitHub Actions minutes or storage for GitHub Packages) |
| Manage access and permissions based on membership | 20% | Define a GitHub organization Explain the benefits and costs of deploying a single organization versus multiple organizations Describe how to set default read permissions versus default write permissions across organizations Describe Team sync through AD Explain maintainability; writing scripts against multiple orgs and multiple access rights Describe how to adjust enterprise policies and organization permissions in alignment with a company’s trust and control position Describe enterprise permissions and policies Define a GitHub organization List the possible roles of an organization member Contrast permissions for organization members, owners, and billing managers Describe the di?erence between being an organization member and an outside collaborator List the consequences of a user’s membership in an instance or organization Explain how to give a user the minimum required permissions for repository, organization, or team access. List the benefits and the drawbacks of creating a new organization Describe team permissions Define Teams in a GitHub organization List the possible roles of a team member Describe the di?erent permission models Repository permissions Explain the actions of a user given a list of their permissions, such as repository role, team membership, or organization membership (https://github.com/organizations/<ORG_NAME>/settings/member_privileges) List the repository membership options Explain audit access to a repository |
| Enable secure software development and ensure compliance | 15% | Enable secure software development and ensure compliance Explain how GitHub supports the enterprise’s security posture Describe scrubbing sensitive data from a Git repository (filter-branch/BFG) Describe scrubbing sensitive data from GitHub (contacting support) Explain how to choose a policy based on how much control is required Explain the impacts of choosing a specific set of policies Define organization policies Define enterprise policies Describe how to use the audit log APIs (Rest and GraphQL) to explain a missing asset Define the use case for audit logs Describe security and compliance concepts with GitHub Explain how to provide reports for auditing Define and explain the importance of the security features of a GitHub repository Explain the importance of a security policy Define a vulnerability Describe a vulnerable dependency Explain the importance of secret scanning Explain the importance of code scanning Describe automated code scanning (CodeQL) Explain the dependency graph Explain the importance of a security advisory Describe Dependabot Detect and fix outdated dependencies with security vulnerabilities Describe security vulnerability alerts Create and implement a security response plan that addresses sensitive data on a GitHub repository Describe how to use SSH keys and Deploy keys to access repository data API access and integrations List supported access tokens (e.g. PAT, Installation Tokens, OAuth and GitHub app OAuth tokens, Device Tokens, Refresh tokens) Explain how to find a token’s rate limits Describe GitHub Apps, their repository permissions, user permissions, and event subscriptions Describe OAuth Apps, their permissions, and event subscriptions Contrast the use of a personal access token (PAT) or a GitHub App for authenticating a machine account Describe the use of machine accounts versus GitHub apps Explain how to approve or deny user-created GitHub Apps and OAuth apps based on a security policy Define an enterprise managed user (EMU) |
| Manage GitHub Actions | 20% | Distribute actions and workflows to the enterprise Identify reuse templates for actions and workflows Define an approach for managing and leveraging reusable components (i.e., repos for storage, naming conventions for files/folders, plans for ongoing maintenance) Define how to distribute actions for an enterprise Explain how to control access to actions within the enterprise Configure organizational use policies for GitHub Actions Manage runners for the enterprise Describe the effects of configuring IP allow lists on GitHub-hosted and self-hosted runners Configure IP allow lists on internal applications and systems to allow interaction with GitHub-hosted runners List the effects and potential abuse vectors of enabling self-hosted runners on public repositories Select appropriate runners to support workloads (i.e., using a self-hosted versus GitHub-hosted runner, choosing supported operating systems) Contrast GitHub-hosted and self-hosted runners Configure self-hosted runners for enterprise use (i.e., including proxies, labels, networking) Manage self-hosted runners using groups (i.e., managing access, moving runners into and between groups) Monitor, troubleshoot, and update self-hosted runners Manage encrypted secrets in the enterprise Identify the scope of encrypted secrets Explain how to access encrypted secrets within actions and workflows Explain how to manage organization-level encrypted secrets Describe how to manage repository-level encrypted secrets Describe how to use third-party vaults |
| Manage GitHub Packages | 5% | Describe which GitHub Packages are supported Describe how to access, write, and share GitHub Packages Describe how to use GitHub Packages in workflows (i.e., with GitHub Actions or other CI/CD tools) Explain the differences and use cases between GitHub Packages and releases |
| Official Information | https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/gh-100?wt.mc_id=certifications_github_blog_wwl |
Our Features
- 50000+ Customers feedbacks involved in Products
- Customize your exam based on your objectives
- User-Friendly interface
- Exam History and Progress reports
- Self-Assessment Features
- Various Learning Modes