GH-100: GitHub Administration

You are planning GitHub account management for a healthcare organization with strict compliance requirements. Which THREE of the following statements accurately describe GitHub Enterprise Managed Users (EMU) accounts? (Choose three.)

EMU accounts can be used for both personal and enterprise repositories.
EMU accounts are managed through an identity provider such as Azure AD.
EMU accounts allow users to create and manage their own credentials.
EMU accounts restrict users to enterprise-related activities only.
EMU accounts are created and managed by individual users.
EMU accounts are owned by the organization and cannot be unlinked.

Correct answer: BDF

Explanation:

Enterprise Managed User accounts are provisioned and authenticated exclusively through your identity provider (for example, Azure AD), so the IdP handles their creation, attribute updates, and deprovisioning. Managed user accounts cannot create public content or interact with repositories outside your enterprise; they're confined to private and internal repos within the enterprise. EMU accounts are owned and controlled by the enterprise (via the IdP) and cannot be converted into or unlinked as personal accounts outside that enterprise.

What distinguishes Enterprise Managed Users (EMUs) from standard GitHub accounts? =

EMUs are fully controlled by an IdP and cannot log in with personal credentials.
EMUs can only be created using email invites.
EMUs are managed in GitHub and use GitHub authentication.
EMUs are only available for GitHub Enterprise Server.

Correct answer: A

Explanation:

EMU accounts are provisioned and authenticated exclusively through your identity provider - users sign in via the IdP and cannot use or manage GitHub-native credentials.

What makes GitHub Apps a more secure choice for automation over OAuth Apps?

GitHub Apps always require two-factor authentication. GH-100 Exam Dumps GH-100 Exam Questions GH-100 PDF Dumps GH-100 VCE Dumps
GitHub Apps can only be installed by organization owners.
GitHub Apps are limited to read-only access and cannot write to repositories.
GitHub Apps authenticate as an app with fine-grained permissions, not as a user.

Correct answer: D

Explanation:

GitHub Apps authenticate as themselves with fine-grained, installation-scoped permissions and short-lived tokens - rather than inheriting a user's broad OAuth scopes - minimizing blast radius and aligning with least-privilege principles.

When comparing fine-grained Personal Access Tokens (PATs) with classic PATs, which of the following statements is accurate?

Fine-grained PATs automatically renew while classic PATs require manual renewal.
Fine-grained PATs permissions can be scoped to specific repositories.
Classic PATs offer more permission controls than fine-grained PATs.
Classic PATs can be restricted to specific organizations, but fine-grained PATs cannot.

Correct answer: B

Explanation:

Fine-grained personal access tokens let you scope permissions down to individual repositories, whereas classic PATs grant access across every repo the user can reach.

What is a key characteristic of GitHub Enterprise Server (GHES) compared to GitHub Enterprise Cloud (GHEC)?

GHES is hosted by GitHub and offers automatic scaling, while GHEC requires self-hosting.
GHEC offers data residency options in regions that GHES does not support.
GHES allows enterprises to have complete control over their hosting environment, including data storage and network security policies.
GHES users cannot integrate with external identity providers for authentication.

Correct answer: C

Explanation:

GitHub Enterprise Server is a self-hosted product you install and manage on your own infrastructure - giving you full control over data storage, network security policies, and the underlying environment.

A team member is unable to push to a repository due to a 403-error related to branch protection.

What should the GitHub Enterprise administrator do first?

Remove the user from the team and re-add them.
Check the user's permissions and rulesets applied to the branch.
Raise a GitHub Support request for permissions issues.
Revert the branch to an earlier state.

Correct answer: B

Explanation:

The administrator should first review the user's repository role and the branch protection rules applied to that branch. A 403 error on push almost always indicates that the user either lacks the necessary write permissions or is not listed among the actors authorized by the branch protection settings.

Which of the following is a benefit of creating a new GitHub organization?

Automatic inheritance of policies from other organizations.
Reduced administrative overhead.
Clear separation of reggs, projects, teams, billing, and organization-specific policies.
Simplified collaboration across all organizations.

Correct answer: C

Explanation:

Creating a new organization gives you a dedicated container for your shared work, letting you isolate repositories, projects, teams, billing settings, and policy configurations on an organization-by-organization basis.

Which of the following actions can a user with Write permissions perform in a GitHub repository?

Manage repository settings, such as labels and GitHub Pages.
Push code to non-protected branches.
Configure branch protection rules.
Delete the repository.

Correct answer: B

Explanation:

Users granted Write permission can push commits to non-protected branches, allowing them to update code without needing administrative rights.

Which of the following is the responsibility of a Team Maintainer in a GitHub organization? (Choose two.)

Modifying organization-wide settings.
Managing nested sub-teams.
Adding or removing team members.
Deleting repositories assigned to the team.

Correct answer: BC

Explanation:

- Team maintainers can manage nested sub-teams - requesting to add or change parent/child teams within the organization's hierarchy. - Team maintainers have permission to add and remove members from their team, controlling day-to-day team membership.

- Team maintainers can manage nested sub-teams - requesting to add or change parent/child teams within the organization's hierarchy.

- Team maintainers have permission to add and remove members from their team, controlling day-to-day team membership.

When a user becomes a member of multiple GitHub organizations, which THREE of the following are important considerations for administrators? (Choose three.)

The user will automatically have the same role across all organizations.
The user's repository access and/or team membership needs to be managed separately for each organization.
The user will need to authorize credentials separately for each SAML-enabled organization.
The user will have different permission levels in each organization.
The user's profile information becomes private to non-organization members.
The user's personal repositories will become accessible to all organizations. GH

Correct answer: BCD

Explanation:

- A user's repository access and team memberships are scoped to each organization, so admins must configure permissions separately per org. - When an organization enforces SAML SSO, each member must authorize their personal access tokens or SSH keys for that org, requiring separate approval for each SAML-enabled organization. - Roles and permission levels (owner, member, billing manager, repository roles, etc.) are assigned on a per-organization basis, so a user often has different permissions in different organizations.

- A user's repository access and team memberships are scoped to each organization, so admins must configure permissions separately per org.

- When an organization enforces SAML SSO, each member must authorize their personal access tokens or SSH keys for that org, requiring separate approval for each SAML-enabled organization.

- Roles and permission levels (owner, member, billing manager, repository roles, etc.) are assigned on a per-organization basis, so a user often has different permissions in different organizations.