microsoft gh-100 practice test

Exam Title: GitHub Administration

Last update: Nov 27 ,2025
Question 1

You are planning GitHub account management for a healthcare organization with strict compliance
requirements. Which THREE of the following statements accurately describe GitHub Enterprise
Managed Users (EMU) accounts? (Choose three.)

  • A. EMU accounts can be used for both personal and enterprise repositories.
  • B. EMU accounts are managed through an identity provider such as Azure AD.
  • C. EMU accounts allow users to create and manage their own credentials.
  • D. EMU accounts restrict users to enterprise-related activities only
  • E. EMU accounts are created and managed by individual users.
  • F. EMU accounts are owned by the organization and cannot be unlinked.
Answer:

B, D, F


Explanation:
Enterprise Managed User accounts are provisioned and authenticated exclusively through your
identity provider (for example, Azure AD), so the IdP handles their creation, attribute updates, and
deprovisioning.
Managed user accounts cannot create public content or interact with repositories outside your
enterprise; they’re confined to private and internal repos within the enterprise.
EMU accounts are owned and controlled by the enterprise (via the IdP) and cannot be converted into
or unlinked as personal accounts outside that enterprise.

vote your answer:
A
B
C
D
E
F
A 0 B 0 C 0 D 0 E 0 F 0
Comments
Question 2

A GitHub Enterprise administrator is planning to implement SAML SSO across their company. Which
of the following correctly distinguishes enterprise-wide SAML SSO from organization-level SAML
SSO?

  • A. Enterprise-wide SAML SSO requires less initial administrative overhead than organization-level implementation.
  • B. Enterprise-wide SAML SSO allows different organizations to use different authentication methods.
  • C. Enterprise-wide SAML SSO immediately removes users who fail to authenticate via the IdP.
  • D. Enterprise-wide SAML SSO ensures users authenticate through the same IdP across all organizations.
Answer:

D


Explanation:
Enterprise-wide SAML SSO enforces a single IdP across all member organizations—its configuration
overrides any per-organization SAML settings, so everyone must authenticate through the same
provider.

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Question 3

What distinguishes Enterprise Managed Users (EMUs) from standard GitHub accounts?

  • A. EMUs are fully controlled by an IdP and cannot log in with personal credentials
  • B. EMUs can only be created using email invites
  • C. EMUs are managed in GitHub and use GitHub authentication
  • D. EMUs are only available for GitHub Enterprise Server
Answer:

A


Explanation:
EMU accounts are provisioned and authenticated exclusively through your identity provider - users
sign in via the IdP and cannot use or manage GitHub-native credentials.

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Question 4

Your organization is implementing team synchronization. Which of the following should you prioritize
during the setup process?

  • A. Disabling the audit log stream
  • B. Setting an infrequent sync schedule to reduce performance impact
  • C. Allowing manual updates to team memberships
  • D. Clearly define how identity provider groups will align with GitHub teams and roles
Answer:

D


Explanation:
Before you enable team synchronization, you should clearly define how groups in your identity
provider will map to GitHub teams and roles - ensuring that when the sync runs, users land in the
correct teams with the right permissions.

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Question 5

What makes GitHub Apps a more secure choice for automation over OAuth Apps?

  • A. GitHub Apps always require two-factor authentication.
  • B. GitHub Apps can only be installed by organization owners.
  • C. GitHub Apps are limited to read-only access and cannot write to repositories.
  • D. GitHub Apps authenticate as an app with fine-grained permissions, not as a user.
Answer:

D


Explanation:
GitHub Apps authenticate as themselves with fine-grained, installation-scoped permissions and
short-lived tokens - rather than inheriting a user’s broad OAuth scopes - minimizing blast radius and
aligning with least-privilege principles.

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Question 6

Why would a GitHub App be favored over a machine account for automation tasks?

  • A. Machine accounts are required for webhook delivery.
  • B. GitHub Apps provide a higher rate limit ceiling than using a personal access token on a machine account, when they use an install token and are owned by a GitHub Enterprise Cloud licensed enterprise.
  • C. GitHub Apps are limited to a single repository.
  • D. Machine accounts are easier to audit than GitHub Apps.
Answer:

B


Explanation:
GitHub Apps authenticate with short-lived installation tokens scoped to fine-grained permissions
and, when owned by a GitHub Enterprise Cloud organization, enjoy a higher rate limit (15,000
requests/hour) compared to a machine account’s personal access token.

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Question 7

When comparing fine-grained Personal Access Tokens (PATs) with classic PATs, which of the following
statements is accurate?

  • A. Fine-grained PATs automatically renew while classic PATs require manual renewal.
  • B. Fine-grained PATs permissions can be scoped to specific repositories.
  • C. Classic PATs offer more permission controls than fine-grained PATs.
  • D. Classic PATs can be restricted to specific organizations, but fine-grained PATs cannot.
Answer:

B


Explanation:
Fine-grained personal access tokens let you scope permissions down to individual repositories,
whereas classic PATs grant access across every repo the user can reach.

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Question 8

What is the new capability of GitHub's billing dashboard?

  • A. Automatically removes unused users from billing
  • B. Enables tracking of GitHub Copilot usage by user
  • C. Allows self-service plan upgrades
  • D. Offers real-time Slack alerts for billing
Answer:

B


Explanation:
The revamped Billing & Licensing dashboard now includes a dedicated “Copilot” tab that shows per-
user seat assignments, usage counts, and estimated costs for your organization’s GitHub Copilot
licenses, enabling you to track Copilot consumption by individual users.

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Question 9

What is a key characteristic of GitHub Enterprise Server (GHES) compared to GitHub Enterprise Cloud
(GHEC)?

  • A. GHES is hosted by GitHub and offers automatic scaling, while GHEC requires self-hosting.
  • B. GHEC offers data residency options in regions that GHES does not support.
  • C. GHES allows enterprises to have complete control over their hosting environment, including data storage and network security policies.
  • D. GHES users cannot integrate with external identity providers for authentication.
Answer:

C


Explanation:
GitHub Enterprise Server is a self-hosted product you install and manage on your own infrastructure -
giving you full control over data storage, network security policies, and the underlying environment.

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Question 10

Your organization wants to reduce costs. Which of the following actions should you take?

  • A. Grant all users admin permissions
  • B. Remove all outside collaborators
  • C. Regularly audit for inactive users
  • D. Disable SAML SSO for members
Answer:

C


Explanation:
Regularly auditing for inactive (dormant) users lets you suspend or remove accounts that aren’t
consuming seats - freeing up licenses and directly lowering your per-user subscription costs.

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Page 1 out of 6
Viewing questions 1-10 out of 65
Go To
page 2