100+ Free GitHub Administration Practice Questions

Pass your GitHub Administration Certification (GH-100) exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately

Not publicly published Pass Rate

100+ Questions

100% Free

1 / 100

Question 1

Score: 0/0

Which GitHub deployment option keeps repositories on customer-owned infrastructure that the customer patches and upgrades?

GitHub Enterprise Cloud

GitHub Enterprise Server

GitHub Team

GitHub Free for Organizations

to track

2026 Statistics

Key Facts: GitHub Administration Exam

Total Questions

GitHub certification format

100 min

Exam Duration

Microsoft Learn GH-100 page

700/1000

Passing Score

GitHub certification scaled scoring

$99

Exam Fee

GitHub examregistration.github.com

2 years

Certification Validity

GitHub credential program

6-12 mo

Recommended Experience

Microsoft Learn GH-100 page

The GitHub Administration (GH-100) exam runs 100 minutes with 75 questions and a scaled passing score of approximately 700/1000 (~70%). It costs US$99 through Pearson VUE and the credential is valid for 2 years from the pass date. The exam targets administrators with about 6-12 months of GitHub Enterprise hands-on experience and weights heaviest on enterprise structure, authentication, repository governance, Actions administration, security and compliance, and platform operations across GitHub Enterprise Cloud (GHEC), GitHub Enterprise Server (GHES), and Enterprise Managed Users (EMU).

Sample GitHub Administration Practice Questions

Try these sample questions to test your GitHub Administration exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1Which GitHub deployment option keeps repositories on customer-owned infrastructure that the customer patches and upgrades?

A.GitHub Enterprise Cloud

B.GitHub Enterprise Server

C.GitHub Team

D.GitHub Free for Organizations

Explanation: GitHub Enterprise Server (GHES) is a self-hosted appliance that runs on the customer's own VMware, Hyper-V, AWS, Azure, or Google Cloud infrastructure. The customer owns patching, backups, and upgrades. GitHub Enterprise Cloud (GHEC) is a SaaS offering hosted by GitHub. Team and Free are SaaS plans on GitHub.com.

2Which GitHub Enterprise Cloud feature provisions and centrally controls every user account through your identity provider, with users existing only within your enterprise?

A.SAML SSO with linked GitHub.com accounts

B.Enterprise Managed Users (EMU)

C.OAuth App authorization

D.Organization-level 2FA enforcement

Explanation: Enterprise Managed Users (EMU) provisions all user accounts through SCIM from your IdP, and those users live only inside your enterprise on a separate ghe.com host. They cannot contribute to public repositories or merge identities with personal github.com accounts. Standard SAML SSO links existing personal github.com accounts to your enterprise instead of creating dedicated managed identities.

3Which role can manage and pay for an organization's subscription without being granted access to repositories or code?

A.Organization owner

B.Billing manager

C.Outside collaborator

D.Security manager

Explanation: The Billing manager role exists specifically so finance staff can manage the organization's billing plan, payment method, and invoices without seeing private code or having any repository access. Organization owners have full administrative access including code. Outside collaborators only have access to specific repositories they are added to. Security managers can read all repositories and manage security alerts but do not own billing.

4An administrator wants to issue a token that can be scoped to a single repository, expires automatically, and requires organization owner approval. Which credential type should they use?

A.Classic personal access token

B.Fine-grained personal access token

C.Deploy key

D.OAuth App user-to-server token

Explanation: Fine-grained personal access tokens can be scoped to specific repositories in a specific organization, must have an expiration date, use granular permissions, and can require organization owner approval before they may be used against the organization's resources. Classic PATs are scoped by broad scopes (repo, admin:org) across all of a user's accessible repositories and do not require owner approval.

5Which standard does GitHub Enterprise use to automatically provision and deprovision user accounts from an external identity provider?

A.SAML 2.0

B.OAuth 2.0

C.SCIM 2.0

D.OpenID Connect

Explanation: SCIM (System for Cross-domain Identity Management) 2.0 is the protocol GitHub uses to receive create, update, and delete events from identity providers such as Entra ID, Okta, OneLogin, and PingFederate, so user lifecycle changes in the IdP are reflected in the GitHub enterprise. SAML handles authentication, OAuth handles delegated authorization, and OIDC is an authentication layer built on OAuth.

6An administrator wants to require code review from a specific group whenever any file under /infra changes. Which mechanism should they use?

A.A push ruleset blocking changes to /infra

B.A CODEOWNERS entry mapping /infra to the platform team

C.A required status check for an infra workflow

D.An organization-level branch protection rule

Explanation: CODEOWNERS uses path globs to map files or directories to users or teams. When a pull request modifies /infra, the platform team is automatically requested for review, and a branch protection rule or repository ruleset can require approval from the listed code owners before merging. Push rulesets block pushes; they do not request reviewers. Status checks gate workflows, not human review groups.

7A team wants to enforce branch protection consistently across many repositories without configuring each repository individually. Which feature should they use?

A.Repository templates

B.Repository rulesets at the organization level

C.Custom repository roles

D.GitHub Actions required workflows

Explanation: Repository rulesets defined at the organization (or enterprise) level can target multiple repositories and branches via name patterns and apply a single, centrally managed set of rules such as required pull requests, required status checks, signed commits, and restricted pushes. Templates only seed new repositories. Custom roles control permissions, not branch policy. Required workflows enforce CI workflows but not branch rules.

8Which built-in repository role is the lowest level that can manage issues and pull requests (assign, close, label) without being able to push code or change settings?

A.Read

B.Triage

C.Write

D.Maintain

Explanation: The Triage role grants permissions to manage issues and pull requests (label, assign, close, mark as duplicate) without granting push access or repository administration. Read is read-only and cannot manage issues. Write grants push and merge plus issue management. Maintain grants additional configuration without controlling sensitive admin areas.

9An administrator wants self-hosted runners to be available only to a specific set of repositories within an organization. Which feature should they configure?

A.Runner labels

B.Runner groups

C.Allowed actions policy

D.Runner registration tokens

Explanation: Runner groups are the access boundary for self-hosted runners. At the organization or enterprise level you put runners into a group and configure which repositories or organizations may target that group. Labels are a routing mechanism within an accessible group, not an access control. Allowed actions policy controls which actions and reusable workflows can be used. Registration tokens add runners but do not grant repositories access.

10Which GitHub Actions feature allows a workflow to deploy to AWS without storing long-lived AWS access keys as secrets?

A.GITHUB_TOKEN with workflow permissions

B.OpenID Connect (OIDC) federated identity

C.An encrypted environment secret

D.A self-hosted runner with an instance role

Explanation: GitHub Actions can act as an OIDC identity provider. The workflow exchanges a short-lived OIDC token for temporary AWS credentials via STS using a configured IAM role trust policy. This eliminates long-lived AWS access keys stored as secrets. GITHUB_TOKEN authenticates against GitHub APIs only. An encrypted secret still stores a long-lived credential. A self-hosted runner with an instance role can work, but the canonical secret-less pattern for GitHub-hosted or generic runners is OIDC.

About the GitHub Administration Exam

The GitHub Administration Certification (GH-100) validates the skills required to administer a GitHub Enterprise environment. It covers GitHub Enterprise Cloud and GitHub Enterprise Server architecture, identity and access management with SAML/SCIM and Enterprise Managed Users, repository and organization administration, Actions runner and policy governance, GitHub Packages and Codespaces administration, audit logging and log streaming, billing and license management, and operational maintenance. It targets administrators with roughly 6-12 months of hands-on GitHub Enterprise experience.

Assessment

75 questions (60 scored + 15 unscored pretest); multiple-choice and multiple-select

Time Limit

100 minutes

Passing Score

700/1000 (~70%)

Exam Fee

$99 (GitHub / Microsoft (Pearson VUE))

GitHub Administration Exam Content Outline

20-25%

GitHub Enterprise Architecture

GitHub Enterprise Cloud vs GitHub Enterprise Server vs Free/Team plans, Enterprise Managed Users, enterprise account structure, organizations, billing manager role, and data residency.

20-25%

Authentication and Identity

Personal access tokens (classic and fine-grained), SSH and GPG keys, 2FA enforcement, SAML SSO with Okta/Entra ID/PingFederate, SCIM provisioning, IP allow lists, OAuth Apps and GitHub Apps.

15-20%

Repository and Organization Administration

Visibility (public/private/internal), repository templates, repository rulesets and branch protection, merge queue, CODEOWNERS, signed commits, custom organization and repository roles, base permissions, and team management.

15-20%

Actions, Packages, and Codespaces Administration

Allowed actions policies, runner groups and self-hosted runners, environment secrets and required reviewers, OIDC for cloud deployment, GHCR and package permissions, Codespaces organization policies and prebuilds.

10-15%

Security, Audit, and Compliance

Audit log GUI, REST API export, audit log streaming to Splunk/Datadog/Azure Event Hubs/Azure Blob/AWS S3, webhooks (org/repo) with secret validation, secret scanning push protection, and Advanced Security policy.

10-15%

Platform Operations and Maintenance

GitHub Enterprise Importer (GEI) and gh-bbs-importer migrations, ghe-backup-utils for GHES, GitHub Connect for hybrid GHES+GHEC, billing and spending limits, Visual Studio subscription assignment, and GitHub CLI administration.

How to Pass the GitHub Administration Exam

What You Need to Know

Passing score: 700/1000 (~70%)
Assessment: 75 questions (60 scored + 15 unscored pretest); multiple-choice and multiple-select
Time limit: 100 minutes
Exam fee: $99

Keys to Passing

Complete 500+ practice questions
Score 80%+ consistently before scheduling
Focus on highest-weighted sections
Use our AI tutor for tough concepts

GitHub Administration Study Tips from Top Performers

1Build a free GitHub Enterprise Cloud trial or use a GHEC organization to practice rulesets, custom organization roles, and branch protection settings hands-on.

2Memorize the differences between classic personal access tokens and fine-grained personal access tokens, especially scoping, expiration, and approval workflows for organizations.

3Know SAML SSO and SCIM provisioning end to end with at least one identity provider (Entra ID or Okta), including how Enterprise Managed Users (EMU) differs from standard SAML.

4Practice configuring runner groups, allowed actions policies, environment protection rules, and OIDC trust for at least one cloud (AWS, Azure, or Google Cloud).

5Review audit log streaming targets (Azure Event Hubs, Azure Blob Storage, AWS S3, Splunk, Datadog) and the difference between audit log GUI search and the REST/audit log streaming export.

6Understand migration tools: GitHub Enterprise Importer (GEI) for GitHub-to-GHEC and Bitbucket Server-to-GHEC, and ghe-backup-utils for GitHub Enterprise Server backup and restore.

7Practice the GitHub CLI (gh auth, gh repo, gh org, gh run, gh release, gh cs) since administrative tasks are commonly automated from the CLI.

Frequently Asked Questions

What is the GitHub Administration (GH-100) certification?

GH-100 is GitHub's enterprise administration certification, listed by Microsoft Learn under the GitHub credential family. It validates that you can administer a GitHub Enterprise environment end to end: enterprise account and organization setup, identity and access (SAML, SCIM, EMU, fine-grained PATs), repository governance with rulesets, Actions runner and policy management, audit logging and log streaming, billing, and operational tasks like migrations and backups across both GitHub Enterprise Cloud and GitHub Enterprise Server.

How many questions are on the GH-100 exam and how long is it?

The GH-100 exam runs 100 minutes and includes about 75 questions in total (roughly 60 scored plus 15 unscored pretest items, consistent with the GitHub certification format). Question types are multiple-choice and multiple-select. Pretest questions are interleaved and unidentifiable, so treat every item as scored.

What is the passing score for GH-100?

GitHub certification exams use a scaled scoring model with a passing threshold of approximately 700 out of 1000, which roughly corresponds to 70 percent of items correct. The exact scaled formula is not published, but if you can consistently score 80 percent or higher on quality practice questions, you are in a strong position.

How much does GH-100 cost and where do I take it?

The exam fee is US$99, the standard price across the GitHub certification family. The exam is delivered through Pearson VUE and can be taken at a Pearson VUE testing center or online with remote proctoring through Pearson VUE OnVUE. Registration is handled at examregistration.github.com.

Are there any prerequisites for GH-100?

There are no formal prerequisites. GitHub recommends roughly 6 to 12 months of hands-on GitHub Enterprise administration experience, plus working knowledge of identity providers (Okta, Entra ID, PingFederate, OneLogin), SAML and SCIM, GitHub Actions, GitHub Packages, and either GitHub Enterprise Cloud or GitHub Enterprise Server.

How long is the GH-100 certification valid?

GitHub certifications earned under the new GitHub credential program are valid for two years from the date you pass. To stay current, you can retake the exam or pursue a renewal once the renewal program is offered for the credential.

Which topics matter most on GH-100?

Plan to spend the most study time on enterprise architecture (GHEC, GHES, EMU, organizations and billing), authentication (PATs, SAML, SCIM, IP allow lists, OAuth and GitHub Apps), and repository administration (rulesets, branch protection, CODEOWNERS, custom roles). Actions runner and policy administration, audit log and log streaming, and operational topics such as the GitHub Enterprise Importer and ghe-backup-utils for GHES are also commonly tested.