Valid GH-100 Dumps shared by PassLeader for Helping Passing GH-100 Exam! PassLeader now offer the newest GH-100 VCE dumps and GH-100 PDF dumps, the PassLeader GH-100 exam questions have been updated and ANSWERS have been corrected, get the newest PassLeader GH-100 dumps with VCE and PDF here: https://www.passleader.com/gh-100.html (70 Q&As Dumps)
BTW, DOWNLOAD part of PassLeader GH-100 dumps from Cloud Storage: https://drive.google.com/drive/folders/1KNdP–3al8LYXPgNMuUlMbjm0LJsI5ek
NEW QUESTION 1
You are planning GitHub account management for a healthcare organization with strict compliance requirements. Which THREE of the following statements accurately describe GitHub Enterprise Managed Users (EMU) accounts? (Choose three.)
A. EMU accounts can be used for both personal and enterprise repositories.
B. EMU accounts are managed through an identity provider such as Azure AD.
C. EMU accounts allow users to create and manage their own credentials.
D. EMU accounts restrict users to enterprise-related activities only.
E. EMU accounts are created and managed by individual users.
F. EMU accounts are owned by the organization and cannot be unlinked.
Answer: BDF
Explanation:
Enterprise Managed User accounts are provisioned and authenticated exclusively through your identity provider (for example, Azure AD), so the IdP handles their creation, attribute updates, and deprovisioning. Managed user accounts cannot create public content or interact with repositories outside your enterprise; they’re confined to private and internal repos within the enterprise. EMU accounts are owned and controlled by the enterprise (via the IdP) and cannot be converted into or unlinked as personal accounts outside that enterprise.
NEW QUESTION 2
What distinguishes Enterprise Managed Users (EMUs) from standard GitHub accounts?
A. EMUs are fully controlled by an IdP and cannot log in with personal credentials.
B. EMUs can only be created using email invites.
C. EMUs are managed in GitHub and use GitHub authentication.
D. EMUs are only available for GitHub Enterprise Server.
Answer: A
Explanation:
EMU accounts are provisioned and authenticated exclusively through your identity provider – users sign in via the IdP and cannot use or manage GitHub-native credentials.
NEW QUESTION 3
What makes GitHub Apps a more secure choice for automation over OAuth Apps?
A. GitHub Apps always require two-factor authentication.
B. GitHub Apps can only be installed by organization owners.
C. GitHub Apps are limited to read-only access and cannot write to repositories.
D. GitHub Apps authenticate as an app with fine-grained permissions, not as a user.
Answer: D
Explanation:
GitHub Apps authenticate as themselves with fine-grained, installation-scoped permissions and short-lived tokens – rather than inheriting a user’s broad OAuth scopes – minimizing blast radius and aligning with least-privilege principles.
NEW QUESTION 4
When comparing fine-grained Personal Access Tokens (PATs) with classic PATs, which of the following statements is accurate?
A. Fine-grained PATs automatically renew while classic PATs require manual renewal.
B. Fine-grained PATs permissions can be scoped to specific repositories.
C. Classic PATs offer more permission controls than fine-grained PATs.
D. Classic PATs can be restricted to specific organizations, but fine-grained PATs cannot.
Answer: B
Explanation:
Fine-grained personal access tokens let you scope permissions down to individual repositories, whereas classic PATs grant access across every repo the user can reach.
NEW QUESTION 5
What is a key characteristic of GitHub Enterprise Server (GHES) compared to GitHub Enterprise Cloud (GHEC)?
A. GHES is hosted by GitHub and offers automatic scaling, while GHEC requires self-hosting.
B. GHEC offers data residency options in regions that GHES does not support.
C. GHES allows enterprises to have complete control over their hosting environment, including data storage and network security policies.
D. GHES users cannot integrate with external identity providers for authentication.
Answer: C
Explanation:
GitHub Enterprise Server is a self-hosted product you install and manage on your own infrastructure – giving you full control over data storage, network security policies, and the underlying environment.
NEW QUESTION 6
A team member is unable to push to a repository due to a 403-error related to branch protection. What should the GitHub Enterprise administrator do first?
A. Remove the user from the team and re-add them.
B. Check the user’s permissions and rulesets applied to the branch.
C. Raise a GitHub Support request for permissions issues.
D. Revert the branch to an earlier state.
Answer: B
Explanation:
The administrator should first review the user’s repository role and the branch protection rules applied to that branch. A 403 error on push almost always indicates that the user either lacks the necessary write permissions or is not listed among the actors authorized by the branch protection settings.
NEW QUESTION 7
Which of the following is a benefit of creating a new GitHub organization?
A. Automatic inheritance of policies from other organizations.
B. Reduced administrative overhead.
C. Clear separation of reggs, projects, teams, billing, and organization-specific policies.
D. Simplified collaboration across all organizations.
Answer: C
Explanation:
Creating a new organization gives you a dedicated container for your shared work, letting you isolate repositories, projects, teams, billing settings, and policy configurations on an organization-by-organization basis.
NEW QUESTION 8
Which of the following actions can a user with Write permissions perform in a GitHub repository?
A. Manage repository settings, such as labels and GitHub Pages.
B. Push code to non-protected branches.
C. Configure branch protection rules.
D. Delete the repository.
Answer: B
Explanation:
Users granted Write permission can push commits to non-protected branches, allowing them to update code without needing administrative rights.
NEW QUESTION 9
Which of the following is the responsibility of a Team Maintainer in a GitHub organization? (Choose two.)
A. Modifying organization-wide settings.
B. Managing nested sub-teams.
C. Adding or removing team members.
D. Deleting repositories assigned to the team.
Answer: BC
Explanation:
– Team maintainers can manage nested sub-teams – requesting to add or change parent/child teams within the organization’s hierarchy.
– Team maintainers have permission to add and remove members from their team, controlling day-to-day team membership.
NEW QUESTION 10
When a user becomes a member of multiple GitHub organizations, which THREE of the following are important considerations for administrators? (Choose three.)
A. The user will automatically have the same role across all organizations.
B. The user’s repository access and/or team membership needs to be managed separately for each organization.
C. The user will need to authorize credentials separately for each SAML-enabled organization.
D. The user will have different permission levels in each organization.
E. The user’s profile information becomes private to non-organization members.
F. The user’s personal repositories will become accessible to all organizations.
Answer: BCD
Explanation:
– A user’s repository access and team memberships are scoped to each organization, so admins must configure permissions separately per org.
– When an organization enforces SAML SSO, each member must authorize their personal access tokens or SSH keys for that org, requiring separate approval for each SAML-enabled organization.
– Roles and permission levels (owner, member, billing manager, repository roles, etc.) are assigned on a per-organization basis, so a user often has different permissions in different organizations.
NEW QUESTION 11
A token was used to access an organization’s resource via API. What fields in the audit log help determine who used it?
A. The token’s permissions and the geographic region of access.
B. The token expiration date.
C. The GitHub Actions runner name.
D. The token ID, requesting IP address, and associated user.
Answer: D
Explanation:
The audit log records the token’s identifier (the hashed_token value), the source IP address of the request, and the actor (the user or app) associated with that token, allowing you to trace exactly who used it.
NEW QUESTION 12
Which GitHub feature is responsible for tracking dependencies and known vulnerabilities in those dependencies from an advisory database?
A. Repository Insights
B. Dependency Graph
D. Security Policy
D. CodeQL
Answer: B
Explanation:
The Dependency Graph continuously analyzes your repository’s manifest and lock files to build an inventory of direct and transitive dependencies and flags any that match entries in the GitHub Advisory Database, surfacing known vulnerabilities.
NEW QUESTION 13
When a token is used to perform actions across different GitHub resources, how is this reflected in audit logs?
A. Each API action made with the token generates a separate audit log entry.
B. Only the first repository accessed is recorded.
C. GitHub creates a ZIP archive of all token activity.
D. The audit log stores only the token name and not its actions.
Answer: A
Explanation:
Each API call authenticated with a token generates its own audit-log event, so you’ll see a distinct entry for every action performed across different resources, each annotated with the token’s hashed ID, actor, and source IP.
NEW QUESTION 14
How does GitHub handle secrets found via secret scanning in a public repository?
A. It alerts the service provider (e.g., AWS, Stripe).
B. It immediately blocks the commit to protect the secret.
C. It deletes the secret from the repository automatically.
D. It notifies the admin via webhook.
Answer: A
Explanation:
When secret scanning detects a supported credential in a public repository, GitHub notifies the issuing service provider so they can revoke or rotate the exposed secret.
NEW QUESTION 15
Which of the following correctly describes the difference between controlling actions at the enterprise level versus the organization level in GitHub?
A. Enterprise policies and organization policies are independent, with organization policies taking precedence for repositories within the organization.
B. Enterprise policies configure mandatory settings for organizations.
C. Enterprise policies apply only to public repositories, while organization policies apply to public, internal, and private repositories.
D. Enterprise policies can block specific actions, while organization policies can only enable or disable actions entirely.
Answer: B
Explanation:
Enterprise policies let you define and enforce mandatory settings across all member organizations – organization-level policies then operate within the options that the enterprise policy exposes.
NEW QUESTION 16
What is the key benefit of using a GitHub security advisory within a repository?
A. It automatically reverts commits that introduced the vulnerability.
B. It allows maintainers to privately disclose, discuss, and publish vulnerabilities.
C. It flags all forks of the repository as vulnerable.
D. It prevents users from cloning the repository until issues are resolved.
Answer: B
Explanation:
GitHub security advisories let maintainers privately disclose, discuss fixes, and then publish vulnerabilities in a controlled manner within the repository.
NEW QUESTION 17
You discover that a secret (e.g., a token or password) was accidentally committed to a GitHub repository. What is the first step you should take to mitigate the risk?
A. Contact GitHub Support to remove the secret from all forks and clones of the repository.
B. Revoke and/or rotate the secret to render it unusable, then assess whether history rewriting is necessary.
C. Rewrite the repository history using git filter-repo or BFG Repo-Cleaner to remove the secret from all commits.
D. Delete the repository and create a new one to ensure the secret is no longer accessible.
Answer: B
Explanation:
The immediate priority is to revoke or rotate the exposed credential so it can no longer be used; once it’s invalidated, you can safely proceed with history-rewriting or other cleanup steps.
NEW QUESTION 18
How is CodeQL different from other static analysis tools?
A. It removes insecure code automatically.
B. It allows querying of code semantics using a database-like language.
C. It only works for open-source projects.
D. It runs analysis only after a security breach.
Answer: B
Explanation:
CodeQL differs from traditional static analysis tools by ingesting your code into a queryable database and letting you write QL queries – its own database-style language – to express semantic checks and find patterns across the codebase.
NEW QUESTION 19
What benefit does GitHub Advanced Security provide?
A. helps organization administrators analyze and configure permissions to the least privilege required
B. helps developers improve and maintain the security and quality of code
C. helps enterprise administrators improve and maintain network security for their GitHub Enterprise Server instances
D. helps organization administrators manage security tokens
Answer: B
Explanation:
GitHub Advanced Security equips developers with built-in code scanning (CodeQL), secret scanning, dependency review, and other AppSec tools – helping them find, fix, and prevent security vulnerabilities while maintaining code quality.
NEW QUESTION 20
You are an administrator and need to enforce a policy on forking private and internal repositories. Which options are available for configuring the policy at the enterprise level? (Choose three.)
A. Allow organization owners to administer the setting at the organization level.
B. Allow people who have access to private and internal repositories to fork these repositories.
C. Allow specific people or teams to fork private and internal repositories.
D. Disallow repository owners from administering the setting at the repository level.
E. Disallow forking of private and internal repositories.
Answer: ABE
Explanation:
– You can configure the enterprise policy to allow organization owners to administer the forking setting at the organization level, giving them control over how repos fork within their orgs.
– You can choose to allow any user who already has access to a private or internal repo to fork it.
– You can also set the policy to never allow forking of private or internal repositories across all organizations.
NEW QUESTION 21
What additional capability does secret scanning offer for private repositories on GitHub Enterprise Cloud?
A. Allows custom pattern definitions for internal secret formats.
B. Disables any code that contains a secret.
C. Rewrites history to remove secrets.
D. Revokes GitHub access tokens automatically.
Answer: A
Explanation:
Secret scanning in private repositories on GitHub Enterprise Cloud lets you define and use custom regular-expression patterns – so you can detect internal or proprietary secret formats beyond the default partner-provided types.
NEW QUESTION 22
How does Dependabot determine which security update PRs to open?
A. It waits for manual triage of all CVEs.
B. It uses the dependency graph and Dependabot alerts to open PRs for patched versions.
C. It reads the GitHub Issues and automatically suggests fixes.
D. It compares your codebase to the GitHub Trending list.
Answer: B
Explanation:
Dependabot relies on your repository’s enabled Dependency Graph and Dependabot Alerts to identify vulnerable dependencies; it then automatically opens pull requests to update to the patched versions that resolve those alerts.
NEW QUESTION 23
Which of the following accurately contrasts a GitHub App and a GitHub Action?
A. GitHub Apps can only be used inside .github/workflows.
B. GitHub Actions are limited to reading repository content only.
C. GitHub Apps run only on GitHub-provided virtual machines, while GitHub Actions run only on customer-hosted machines.
D. GitHub Actions can only be used to respond to events within a single repository while GitHub Apps can respond to events from multiple repositories.
Answer: D
Explanation:
GitHub Actions workflows are defined and triggered within a single repository’s context, whereas GitHub Apps are installed at the organization or user level and can subscribe to events across multiple repositories.
NEW QUESTION 24
An organization wants to share a single API key required for their Actions workflows. They need to restrict its use to only a subset of repositories. Where should they configure the secrets to minimize maintenance?
A. Repository secrets.
B. Environment secrets.
C. Organization secrets.
D. Development environment secrets.
Answer: C
Explanation:
By defining the API key as an organization secret, you centralize management and can grant access only to the subset of repositories you choose – eliminating per-repo duplication while enforcing the desired scope.
NEW QUESTION 25
What is the effect of enforcing a policy that restricts GitHub Actions to only those created by the enterprise?
A. Marketplace actions are allowed only with SSO enabled.
B. Actions can only be triggered by organization members.
C. Only actions created within the enterprise are allowed.
D. All public actions are allowed.
Answer: C
Explanation:
When you enforce the “Allow enterprise actions and reusable workflows” policy, GitHub will block all workflows from using actions or reusable workflows that aren’t defined in a repository within your enterprise – so only actions created inside your enterprise are allowed.
NEW QUESTION 26
……
Get the newest PassLeader GH-100 VCE dumps here: https://www.passleader.com/gh-100.html (70 Q&As Dumps)
And, DOWNLOAD the newest PassLeader GH-100 PDF dumps from Cloud Storage for free: https://drive.google.com/drive/folders/1KNdP–3al8LYXPgNMuUlMbjm0LJsI5ek