GitHub GH-100 Sample Questions with Explanations

These original sample questions are designed to help you check how the exam topics appear in decision-style prompts. They are not taken from the live exam.

Use these sample questions as a guided self-assessment for GitHub Administration (GH-100) topics such as organizations, teams, repository governance, identity controls, audit logs, enterprise policy, GitHub Apps, runner governance, and least-privilege access. The prompts focus on administrative decisions rather than isolated menu names.

Where these questions fit in the GH-100 guide

The sample set below is part of the GitHub Administration GH-100 guide path:

• GitHub certification hub
• GH-100 exam guide
• GH-100 cheat sheet
• GH-100 study plan
• GH-100 FAQ
• GH-100 resources
• GH-100 glossary

GH-100 administration sample questions

Work through each prompt before opening the explanation. Strong answers usually preserve least privilege, centralized governance, and auditability.

---

Question 1

Topic: Team-based repository access

An organization has 40 repositories and rotating project members. Administrators need access reviews to be simple and want permissions to follow team membership. What is the best approach?

• A. Add every user directly to every repository that might be useful someday.
• B. Grant repository access to teams that map to roles or projects, then manage users through those teams.
• C. Ask developers to share personal access tokens with new project members.
• D. Make all repositories public so access no longer needs to be managed.

Best answer: B

Explanation: Team-based access gives administrators a cleaner control point. Users inherit repository permissions from teams, so onboarding, offboarding, and access review can happen at the team level instead of through scattered direct grants.

Why the other choices are weaker:

• A creates excessive access and makes review harder.
• C breaks individual accountability and credential hygiene.
• D changes visibility instead of solving internal authorization.

What this tests: Organization membership, teams, repository roles, and access-review hygiene.

Related topics: Teams; Repository roles; Least privilege; Access reviews

---

Question 2

Topic: Identity lifecycle enforcement

A regulated company wants enterprise GitHub access to follow its identity-provider lifecycle. When an employee leaves, access should be removed through the central identity process rather than manual repository cleanup. Which control pattern best fits?

• A. Ask repository administrators to remember to remove each user from every repository.
• B. Store a spreadsheet of users and update it after quarterly audits.
• C. Use enterprise identity integration such as SAML single sign-on and automated provisioning where appropriate.
• D. Disable all organization security features so no user is blocked accidentally.

Best answer: C

Explanation: Enterprise identity controls align GitHub access with the organization’s identity system. The exam-style distinction is central lifecycle governance versus ad hoc repository-by-repository cleanup.

Why the other choices are weaker:

• A depends on memory and misses central lifecycle enforcement.
• B is audit evidence at best, not an access-control mechanism.
• D removes safeguards instead of aligning identity and access.

What this tests: Enterprise identity, SSO, provisioning, and offboarding control logic.

Related topics: Enterprise identity; SAML SSO; Provisioning; Offboarding

---

Question 3

Topic: Installing a GitHub App safely

A team wants to install a GitHub App that comments on pull requests. The app requests write access to repository contents, secrets, issues, pull requests, and administration settings. What should an administrator do before approving it?

• A. Approve it for every organization repository because GitHub Apps are always least-privilege by default.
• B. Give the app owner an administrator personal access token instead so setup is simpler.
• C. Disable audit logging so installation events do not create noise.
• D. Review whether the requested permissions and repository scope match the app’s purpose, and approve only the minimum required access.

Best answer: D

Explanation: GitHub App installation is an administrative trust decision. The requested permissions and repository scope should match the integration’s need, and broad write or administration access should be challenged.

Why the other choices are weaker:

• A assumes a safe scope without reviewing the requested permissions.
• B is usually worse because a personal token weakens app scoping and accountability.
• C removes evidence needed for governance and investigation.

What this tests: GitHub App permissions, installation scope, auditability, and least privilege.

Related topics: GitHub Apps; Permissions; Repository scope; Audit logs

Independent study note

Tech Exam Lexicon and IT Mastery are independent study tools. They are not affiliated with, endorsed by, or sponsored by GitHub or any certification body.