Microsoft GH-100 Exam Topics
Microsoft GH-100 Exam Overview :
| Exam Name: | GitHub Administration |
| Exam Code: | GH-100 |
| Certifications: | Microsoft GitHub Certifications |
| Actual Exam Duration: | 100 minutes |
| See Expected Questions: | Microsoft GH-100 Expected Questions in Actual Exam |
Microsoft GH-100 Exam Objectives :
| Section | Weight | Objectives |
|---|---|---|
| Support GitHub Enterprise for users and key stakeholders | 15% | Support GitHub Enterprise for users and key stakeholders Distinguish problems that can be solved by an administrator from those that need GitHub Support Describe how to generate support bundles and diagnostics Describe how GitHub’s products and services are used within the enterprise to identify underutilized features, integrations in use, most active teams, and repositories Recommend standards for developer workflows, including code collaboration (fork-and-pull versus branching), branching, branch protection rules, code owners, the code review process, automation, and release strategy Explain the tooling ecosystem at the enterprise Explain the enterprise’s CI/CD strategy Discuss how to recommend tooling and workflows to teams within an enterprise Explain how GitHub APIs can be used to extend the capabilities of the administrator from the user interface, such as querying or storing the audit log Locate an asset from the GitHub Marketplace for a specific need (i.e., find the Azure Pipelines GitHub App in the Marketplace, install it, and configure it to deploy your code) Contrast a GitHub App and an action (i.e., their permissions, how they’re built, how they’re consumed) List the benefits and risks of using apps and actions from the GitHub Marketplace |
| Manage user identities and GitHub authentication | 20% | Manage user identities and GitHub authentication List the implications of enabling SAML single sign-on (SSO) for an individual organization versus all organizations in an enterprise account List the steps to enable and enforce SAML SSO for a single organization and multiple organizations using enterprise accounts Explain how to require two-factor authentication (2FA) for an organization Explain how to choose supported identity providers Describe how identity management and authorization works on GitHub List the consequences of a user’s membership in the instance, an organization, or multiple organizations Describe the authentication and authorization model (specifically, how users get to the system, and how they’re granted access to specific things within GitHub) List the supported SCIM providers (Azure, Okta, self-created) Describe how the SCIM protocol works and how GitHub supports it Describe how Team synchronization works Contrast team synchronization and SCIM |
| Describe how GitHub is deployed, distributed, and licensed | 5% | Contrast the capabilities of GitHub Enterprise Server (GHES), GitHub Enterprise Cloud (GHEC), and GitHub AE (GHAE) Describe GitHub Enterprise Cloud (GHEC) Describe GitHub Enterprise Server (GHES) Describe GitHub AE Differentiate how products are billed, including seat licenses, GitHub Actions, and GitHub Packages Describe pricing for GitHub Actions Describe pricing and support options for organizations Describe how to find statistics of license usage for a specific organization Describe how to find statistics of license usage for machine accounts and peripheral services Explain the consumption of metered products given a report (i.e., GitHub Actions minutes or storage for GitHub Packages) |
| Manage access and permissions based on membership | 20% | Define a GitHub organization Explain the benefits and costs of deploying a single organization versus multiple organizations Describe how to set default read permissions versus default write permissions across organizations Describe Team sync through AD Explain maintainability; writing scripts against multiple orgs and multiple access rights Describe how to adjust enterprise policies and organization permissions in alignment with a company’s trust and control position Describe enterprise permissions and policies Define a GitHub organization List the possible roles of an organization member Contrast permissions for organization members, owners, and billing managers Describe the di?erence between being an organization member and an outside collaborator List the consequences of a user’s membership in an instance or organization Explain how to give a user the minimum required permissions for repository, organization, or team access. List the benefits and the drawbacks of creating a new organization Describe team permissions Define Teams in a GitHub organization List the possible roles of a team member Describe the di?erent permission models Repository permissions Explain the actions of a user given a list of their permissions, such as repository role, team membership, or organization membership (https://github.com/organizations/<ORG_NAME>/settings/member_privileges) List the repository membership options Explain audit access to a repository |
| Enable secure software development and ensure compliance | 15% | Enable secure software development and ensure compliance Explain how GitHub supports the enterprise’s security posture Describe scrubbing sensitive data from a Git repository (filter-branch/BFG) Describe scrubbing sensitive data from GitHub (contacting support) Explain how to choose a policy based on how much control is required Explain the impacts of choosing a specific set of policies Define organization policies Define enterprise policies Describe how to use the audit log APIs (Rest and GraphQL) to explain a missing asset Define the use case for audit logs Describe security and compliance concepts with GitHub Explain how to provide reports for auditing Define and explain the importance of the security features of a GitHub repository Explain the importance of a security policy Define a vulnerability Describe a vulnerable dependency Explain the importance of secret scanning Explain the importance of code scanning Describe automated code scanning (CodeQL) Explain the dependency graph Explain the importance of a security advisory Describe Dependabot Detect and fix outdated dependencies with security vulnerabilities Describe security vulnerability alerts Create and implement a security response plan that addresses sensitive data on a GitHub repository Describe how to use SSH keys and Deploy keys to access repository data API access and integrations List supported access tokens (e.g. PAT, Installation Tokens, OAuth and GitHub app OAuth tokens, Device Tokens, Refresh tokens) Explain how to find a token’s rate limits Describe GitHub Apps, their repository permissions, user permissions, and event subscriptions Describe OAuth Apps, their permissions, and event subscriptions Contrast the use of a personal access token (PAT) or a GitHub App for authenticating a machine account Describe the use of machine accounts versus GitHub apps Explain how to approve or deny user-created GitHub Apps and OAuth apps based on a security policy Define an enterprise managed user (EMU) |
| Manage GitHub Actions | 20% | Distribute actions and workflows to the enterprise Identify reuse templates for actions and workflows Define an approach for managing and leveraging reusable components (i.e., repos for storage, naming conventions for files/folders, plans for ongoing maintenance) Define how to distribute actions for an enterprise Explain how to control access to actions within the enterprise Configure organizational use policies for GitHub Actions Manage runners for the enterprise Describe the effects of configuring IP allow lists on GitHub-hosted and self-hosted runners Configure IP allow lists on internal applications and systems to allow interaction with GitHub-hosted runners List the effects and potential abuse vectors of enabling self-hosted runners on public repositories Select appropriate runners to support workloads (i.e., using a self-hosted versus GitHub-hosted runner, choosing supported operating systems) Contrast GitHub-hosted and self-hosted runners Configure self-hosted runners for enterprise use (i.e., including proxies, labels, networking) Manage self-hosted runners using groups (i.e., managing access, moving runners into and between groups) Monitor, troubleshoot, and update self-hosted runners Manage encrypted secrets in the enterprise Identify the scope of encrypted secrets Explain how to access encrypted secrets within actions and workflows Explain how to manage organization-level encrypted secrets Describe how to manage repository-level encrypted secrets Describe how to use third-party vaults |
| Manage GitHub Packages | 5% | Describe which GitHub Packages are supported Describe how to access, write, and share GitHub Packages Describe how to use GitHub Packages in workflows (i.e., with GitHub Actions or other CI/CD tools) Explain the differences and use cases between GitHub Packages and releases |
| Official Information | https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/gh-100?wt.mc_id=certifications_github_blog_wwl |
Updates in the Microsoft GH-100 Exam Topics:
Microsoft GH-100 exam questions and practice test are the best ways to get fully prepared. Study4exam's trusted preparation material consists of both practice questions and practice test. To pass the actual Microsoft GitHub Certifications GH-100 exam on the first attempt, you need to put in hard work on these questions as they cover all updated Microsoft GH-100 exam topics included in the official syllabus. Besides studying actual questions, you should take the Microsoft GH-100 practice test for self-assessment and actual exam simulation. Revise actual exam questions and remove your mistakes with the GitHub Administration GH-100 exam practice test. Online and Windows-based formats of the GH-100 exam practice test are available for self-assessment.
Our Features
- 50000+ Customers feedbacks involved in Products
- Customize your exam based on your objectives
- User-Friendly interface
- Exam History and Progress reports
- Self-Assessment Features
- Various Learning Modes