20 tough GH-900 GitHub Foundations exam questions and answers

GitHub Foundations Exam Questions

Question 1

Priya maintains an active GitHub repository for the scrumtuous.com organization with many collaborators. She wants to keep the CODEOWNERS file under the platform limit so that it always loads and code owner reviews are requested automatically. What is the largest allowed size for a CODEOWNERS file on GitHub?

• [ ] A. 5 MB
• [ ] B. 1 MB
• [ ] C. 3 MB
• [ ] D. 2 MB

Question 2

At NovaCode Studio your team is standardizing on reusable workflows in GitHub Actions to avoid duplicating automation. From which locations can one workflow invoke another reusable workflow while complying with GitHub access rules? (Choose 3)

• [ ] A. A Docker container image hosted on Docker Hub
• [ ] B. The same repository that contains the calling workflow
• [ ] C. A public repository when organizational policy permits use of public reusable workflows
• [ ] D. A private repository that has been configured to allow access for reuse

Question 3

Which statement best describes a core characteristic of InnerSource within an organization?

• [ ] A. Restricting code to the originating team
• [ ] B. Open source inspired collaboration and openness across teams
• [ ] C. Using a private Git hosting platform
• [ ] D. GitHub Actions automation

Question 4

A cross functional team at scrumtuous.com is adopting GitHub Projects to plan quarterly releases and track roadmap items. Which practices should they put in place to manage their Projects effectively? (Choose 5)

• [ ] A. Leverage appropriate field types such as iteration, single select, and date to model work
• [ ] B. Prefer ad hoc email threads over issues and pull requests for coordination
• [ ] C. Keep the project description, README, and status updates current to share context
• [ ] D. Split large issues into smaller issues so work can progress in parallel
• [ ] E. Maintain a single source of truth for key information so details do not diverge
• [ ] F. Use @mentions to notify specific teammates or groups in comments and discussions

Question 5

At scrumtuous.com, a maintainer creates a new repository named orchard-api for an internal tool. Who is allowed to enable GitHub Discussions for this repository?

• [ ] A. Organization owners only
• [ ] B. The repository owner and any collaborator who holds Write permissions
• [ ] C. Any authenticated user who can view the repository
• [ ] D. Collaborators with Triage permissions

Question 6

In GitHub, which actions are available when using repository templates to standardize new projects? (Choose 2)

• [ ] A. Create a new organization from a template
• [ ] B. Generate a new repository from a template
• [ ] C. Bulk delete repositories created from a template
• [ ] D. Turn an existing repository into a template

Question 7

A small engineering team at mcnz.com is starting to use Git for source control and wants a place to collaborate with pull requests and issues. They want to understand what GitHub is in relation to Git. Which description best fits GitHub?

• [ ] A. Cloud Source Repositories
• [ ] B. A code editor
• [ ] C. A web based service that hosts Git repositories and adds collaboration tools such as pull requests and issues
• [ ] D. A version control system

Question 8

Your compliance team at Northwind Labs is drafting access guidelines for repositories that hold highly confidential source code on GitHub. Which authentication approach should your developers avoid using for these sensitive workflows?

• [ ] A. Deploy keys
• [ ] B. Basic username and password sign in
• [ ] C. Personal access tokens
• [ ] D. SSH keys

Question 9

In what locations can reusable GitHub Actions be defined for workflows to reference? (Choose 3)

• [ ] A. Any public repository
• [ ] B. A Docker image on Docker Hub
• [ ] C. GitHub Gists
• [ ] D. The workflow’s repository

Question 10

Your team at scrumtuous.com is preparing to set up collaboration in GitHub for a new project. Which statement correctly distinguishes a personal account from an organization account on GitHub?

• [ ] A. Only personal accounts support SSH key authentication while organization accounts only allow password sign in
• [ ] B. An organization account can only be created if you purchase GitHub Enterprise Cloud
• [ ] C. An organization account supports multiple owners and members whereas a personal account is associated with one individual
• [ ] D. Only organization accounts can own repositories and personal accounts cannot create repositories

Question 11

A development team at Orion Media wants to extend their repositories with vetted integrations. They are evaluating GitHub Marketplace and need to know its main purpose. What is GitHub Marketplace primarily used for?

• [ ] A. Providing customer support for GitHub accounts
• [ ] B. Connecting developers with potential employers and partner organizations
• [ ] C. Discovering and installing free and paid apps and actions that add capabilities to GitHub workflows
• [ ] D. Publishing and monetizing solutions on Google Cloud Marketplace

Question 12

How can issues and pull requests be added to a GitHub project board?

• [ ] A. Only through GitHub Actions
• [ ] B. Manually one by one, with project automation, or by bulk import
• [ ] C. Only via the REST API
• [ ] D. Only by adding one item at a time manually

Question 13

A small engineering team at mcnz.com is choosing a tool for source control and collaboration. What is the most accurate way to describe GitHub so the team knows what it provides?

• [ ] A. GitHub is primarily a continuous integration and delivery tool
• [ ] B. GitHub is a distributed version control system
• [ ] C. GitHub is a hosted platform built around Git that adds collaboration and code management capabilities
• [ ] D. GitHub is a file sharing site that relies on centralized version control

Question 14

At OrionCode Labs a group of four engineers contributes to the same GitHub repository every day and they want a straightforward workflow that supports code review and keeps work centralized. What approach should they use to collaborate effectively?

• [ ] A. Have each developer fork the repository and submit pull requests across repositories
• [ ] B. Use a single shared repository and open pull requests from feature branches
• [ ] C. Create a separate Git submodule for each contributor
• [ ] D. Commit straight to the default branch without creating branches

Question 15

In a GitHub pull request, what is the outcome when you select “Squash and merge”?

• [ ] A. It performs a fast forward update without a merge commit
• [ ] B. It combines all pull request commits into one commit that is added to the base branch
• [ ] C. It rebases the pull request commits onto the base branch without a merge commit
• [ ] D. It preserves every commit and creates a merge commit on the base branch

Question 16

A development team at Apex Retail is rolling out a secure-by-default workflow for their Google Cloud workloads. In planning meetings they keep referring to “shifting left” for security work. In practical terms what does this require in their software delivery process?

• [ ] A. Cloud Armor
• [ ] B. Pushing most security checks to the final release stage after deployment
• [ ] C. Embedding security reviews and tests early in design and development activities
• [ ] D. Ignoring security considerations during coding to speed up delivery

Question 17

A developer at mcnz.com is documenting the standard lifecycle phases for GitHub Codespaces, which include creating, rebuilding, closing or stopping, and deleting a codespace. Which action does not belong to this lifecycle?

• [ ] A. Rebuild
• [ ] B. Run
• [ ] C. Delete
• [ ] D. Create
• [ ] E. Close or stop

Question 18

Which GitHub account types are available for individual users, for organizations, and for enterprise management? (Choose 3)

• [ ] A. Business accounts
• [ ] B. Enterprise accounts
• [ ] C. Organization accounts
• [ ] D. Personal accounts

Question 19

At ByteBridge Labs, a team manages source code for a service that is published on example.com using GitHub for version control. When the team refers to the project’s repository during reviews, what does that term represent?

• [ ] A. A snapshot that represents one specific commit in the history
• [ ] B. Artifact Registry
• [ ] C. A storage location that holds the project files, the full commit history, and related metadata
• [ ] D. The local working directory where developers edit and test files before committing

Question 20

A product team at scrumtuous.com uses GitHub to plan a quarterly release and wants to clarify how two features differ so they can organize work correctly. What is the key distinction between milestones and labels in GitHub?

• [ ] A. Milestones are generated automatically by GitHub when new branches are created, while labels require manual setup by repository administrators
• [ ] B. Milestones categorize issues and pull requests by type, while labels provide completion tracking and due dates for collections of work
• [ ] C. Milestones group related issues and pull requests to track progress and dates, while labels tag individual items for categorization
• [ ] D. Milestones can only be created by repository owners, while labels can be created by users with read access

Check out my other GitHub certification courses on Udemy!

GitHub Foundations Certification Exam Answers

Question 1

Priya maintains an active GitHub repository for the scrumtuous.com organization with many collaborators. She wants to keep the CODEOWNERS file under the platform limit so that it always loads and code owner reviews are requested automatically. What is the largest allowed size for a CODEOWNERS file on GitHub?

• [*] C. 3 MB

The correct option is 3 MB.

GitHub enforces a maximum CODEOWNERS file size at this value and files that exceed it are ignored. Keeping the file under the limit ensures it loads in the web interface and that code owner review requests are triggered automatically.

5 MB is incorrect because it is above the documented maximum and a file that large would not be processed.

1 MB is incorrect because the platform allows a larger file for CODEOWNERS and this would underestimate the limit.

2 MB is incorrect because the actual limit is higher and choosing this would be more restrictive than necessary.

Exam Tip

When a question asks for a specific size, tie it to the described behavior and confirm the exact number from official documentation. For CODEOWNERS remember that files over the limit are ignored, which explains why staying under it keeps reviews automatic.

Question 2

At NovaCode Studio your team is standardizing on reusable workflows in GitHub Actions to avoid duplicating automation. From which locations can one workflow invoke another reusable workflow while complying with GitHub access rules? (Choose 3)

• [*] B. The same repository that contains the calling workflow
• [*] C. A public repository when organizational policy permits use of public reusable workflows
• [*] D. A private repository that has been configured to allow access for reuse

The correct options are The same repository that contains the calling workflow, A public repository when organizational policy permits use of public reusable workflows, and A private repository that has been configured to allow access for reuse.

Calling from the same repository that contains the calling workflow is straightforward because the reusable workflow file lives in the same codebase and is enabled with the workflow_call trigger. You reference it by path and ref and GitHub enforces access within the repository boundary.

You can also call from a public repository when organizational policy permits use of public reusable workflows. This requires the organization or enterprise settings to allow actions and reusable workflows from public repositories. When permitted, you reference the workflow by owner and repository and ref and GitHub enforces the policy and permission checks.

It is additionally possible to call from a private repository that has been configured to allow access for reuse. The called private repository must explicitly grant access for reuse to the requesting repositories or to the organization scope. With that configuration in place, the caller can reference the reusable workflow and GitHub honors the access controls and token permissions.

A Docker container image hosted on Docker Hub is not a valid source for a reusable workflow because workflows must reside in GitHub repositories under the .github/workflows directory and be invoked with workflow_call. A container image can host an action implementation but it does not host a reusable workflow.

Exam Tip

Confirm whether the option points to a repository location that GitHub can enforce with workflow_call. If an option mentions registries or container images it is about actions rather than workflows. Watch for organization policy and explicit access configuration for private repositories.

Question 3

Which statement best describes a core characteristic of InnerSource within an organization?

• [*] B. Open source inspired collaboration and openness across teams

The correct option is Open source inspired collaboration and openness across teams.

This option captures the essence of InnerSource because it brings open source practices inside the organization. Teams make their work discoverable and encourage contributions from colleagues across departments. Workflows are transparent and contribution guidelines are documented so that people outside the originating team can participate effectively.

Restricting code to the originating team is incorrect because InnerSource promotes shared ownership and cross team contributions rather than keeping code closed within a single group.

Using a private Git hosting platform is incorrect because InnerSource is defined by cultural and process practices of openness inside the company. The hosting platform can be private or public, yet the core trait is internal collaboration using open source methods.

GitHub Actions automation is incorrect because automation can support InnerSource but it is not a defining characteristic. InnerSource is about how people collaborate and contribute across teams, not about a specific automation tool.

Exam Tip

When a question asks for a core trait, prefer answers that highlight principles and practices such as openness and cross team collaboration, and avoid choices that mention specific tools or infrastructure since those are enablers rather than defining features.

Question 4

A cross functional team at scrumtuous.com is adopting GitHub Projects to plan quarterly releases and track roadmap items. Which practices should they put in place to manage their Projects effectively? (Choose 5)

• [*] A. Leverage appropriate field types such as iteration, single select, and date to model work
• [*] C. Keep the project description, README, and status updates current to share context
• [*] D. Split large issues into smaller issues so work can progress in parallel
• [*] E. Maintain a single source of truth for key information so details do not diverge
• [*] F. Use @mentions to notify specific teammates or groups in comments and discussions

The correct options are Leverage appropriate field types such as iteration, single select, and date to model work, Keep the project description, README, and status updates current to share context, Split large issues into smaller issues so work can progress in parallel, Maintain a single source of truth for key information so details do not diverge, and Use @mentions to notify specific teammates or groups in comments and discussions.

Leverage appropriate field types such as iteration, single select, and date to model work because purpose built fields capture schedule, categorization, and timelines in a structured way. This enables reliable filtering, views, automation, and reporting so the project board reflects real planning artifacts rather than unstructured notes.

Keep the project description, README, and status updates current to share context because these surfaces communicate goals, scope, and changes to everyone without requiring meetings. When combined with Maintain a single source of truth for key information so details do not diverge the team avoids duplication and drift as stakeholders can trust one canonical place for objectives, definitions, and links.

Split large issues into smaller issues so work can progress in parallel because breaking down work clarifies ownership and acceptance criteria, reduces coordination overhead, and allows independent pull requests that merge sooner. This leads to faster feedback and more predictable throughput.

Use @mentions to notify specific teammates or groups in comments and discussions because explicit notifications route questions and decisions to the right people, which improves responsiveness and accountability while keeping the conversation discoverable on GitHub.

Prefer ad hoc email threads over issues and pull requests for coordination is incorrect because email fragments context, is not easily searchable, and lacks linked history with code and reviews. GitHub issues, pull requests, and discussions keep decisions transparent and auditable in the same system where the work happens.

Exam Tip

Look for practices that increase transparency, keep information in a single authoritative place, and use GitHub features to coordinate work. Eliminate options that move collaboration into private or unsearchable channels.

Question 5

At scrumtuous.com, a maintainer creates a new repository named orchard-api for an internal tool. Who is allowed to enable GitHub Discussions for this repository?

• [*] B. The repository owner and any collaborator who holds Write permissions

The correct option is The repository owner and any collaborator who holds Write permissions.

This is correct because enabling a community feature for a repository can be done by the people responsible for managing that repository and by collaborators who have sufficient contribution privileges. Those with write access are trusted to help configure collaboration features for the project, so they can turn on Discussions to support communication and Q and A threads within the repository.

Organization owners only is incorrect because the scope is too limited. Control over repository features is not restricted to organization owners when the repository owner and collaborators with appropriate permissions can manage these settings for that specific project.

Any authenticated user who can view the repository is incorrect because viewing access does not grant rights to change repository settings. Only trusted collaborators or the repository owner can enable features like Discussions.

Collaborators with Triage permissions is incorrect because triage access is intended for issue and pull request management without write access to the repository’s configuration. Triage collaborators cannot enable repository features.

Exam Tip

When a question asks who can configure a repository feature, map verbs like enable, configure, or manage to the minimum permission level that allows changes, rather than to general viewing or triage roles.

Question 6

In GitHub, which actions are available when using repository templates to standardize new projects? (Choose 2)

• [*] B. Generate a new repository from a template
• [*] D. Turn an existing repository into a template

The correct options are Generate a new repository from a template and Turn an existing repository into a template.

GitHub supports Generate a new repository from a template so you can quickly spin up a new repository that copies the template repository’s files without its commit history. You can also choose to include additional branches which helps teams standardize structure and configuration across projects.

You can also Turn an existing repository into a template by marking it as a template in the repository settings. This makes the repository available as a reusable starting point so others can create new repositories with the same setup.

Create a new organization from a template is incorrect because repository templates only apply to repositories and do not provision or configure organizations.

Bulk delete repositories created from a template is incorrect because template functionality does not include any bulk deletion capability and there is no linkage that enables mass management of repositories created from a template.

Exam Tip

Confirm the scope of the action and prefer options that operate on repositories. GitHub repository templates enable creating new repos from a template and marking repos as templates, while options that mention organizations or bulk actions are usually distractors.

Question 7

A small engineering team at pickeringisspringfield.com is starting to use Git for source control and wants a place to collaborate with pull requests and issues. They want to understand what GitHub is in relation to Git. Which description best fits GitHub?

• [*] C. A web based service that hosts Git repositories and adds collaboration tools such as pull requests and issues

The correct option is A web based service that hosts Git repositories and adds collaboration tools such as pull requests and issues.

GitHub is a hosted platform built on top of Git that stores repositories and provides a web interface for collaboration. Teams use it to review code through pull requests, discuss work through issues, and manage workflows and permissions. It is not a replacement for Git because it uses Git for version control and then adds hosting and collaboration capabilities.

Cloud Source Repositories is a Google Cloud product that hosted Git repositories but it is not GitHub. This service has been retired by Google which makes it less likely to be a viable choice on newer exams.

A code editor is a local tool used to write and edit code, which does not describe GitHub. GitHub is a hosted service that provides repository hosting and collaboration features rather than being an editor.

A version control system describes Git rather than GitHub. GitHub uses Git for version control and adds web based hosting and collaboration features on top.

Exam Tip

When options mix Git and GitHub language, map the keywords to their roles. Git is the version control system while GitHub is the hosted platform that adds collaboration features like pull requests and issues.

Question 8

Your compliance team at Northwind Labs is drafting access guidelines for repositories that hold highly confidential source code on GitHub. Which authentication approach should your developers avoid using for these sensitive workflows?

• [*] B. Basic username and password sign in

The correct option is Basic username and password sign in.

This method is weak for protecting highly confidential code because it cannot be scoped to specific resources and it is hard to rotate and audit. GitHub has deprecated the use of account passwords for Git and API operations and has required stronger non password credentials for these workflows. Attackers can more easily phish or reuse passwords, so sensitive automation and developer actions should avoid this method and use credentials that support least privilege, rotation, and revocation.

Deploy keys are appropriate for automation on a single repository and can be configured as read only or with write access. They use SSH which is a stronger approach for machine access and can be rotated and audited.

Personal access tokens are the supported replacement for passwords. Fine grained tokens can be limited to specific repositories and permissions and can have expirations, which makes them suitable for sensitive workflows when managed with least privilege.

SSH keys provide strong cryptographic authentication and are well suited for developer access and automation when protected with a passphrase and proper key management. They are widely recommended over passwords for secure Git operations.

Exam Tip

When you see both password sign in and token or SSH options, favor scoped and revocable credentials and avoid passwords for sensitive repositories. The word deprecated is a strong hint to steer away from that choice.

Question 9

In what locations can reusable GitHub Actions be defined for workflows to reference? (Choose 3)

• [*] A. Any public repository
• [*] B. A Docker image on Docker Hub
• [*] D. The workflow’s repository

The correct options are Any public repository, The workflow’s repository, and A Docker image on Docker Hub.

Actions can be published in Any public repository which allows any workflow to reference them by owner and repository with an optional path and a specific ref. This is the standard way to share actions broadly.

You can also keep an action in The workflow’s repository. This is useful for private or internal reuse and for keeping code and its action together. Workflows in that repository can reference the local action by path or by the repository reference.

Workflows can reference A Docker image on Docker Hub directly using the docker image reference form. This lets a step run a container image as an action without needing an action repository.

GitHub Gists is incorrect because GitHub Actions must live in repositories or be invoked from container images. A gist cannot host the required action metadata and cannot be addressed by the standard uses syntax.

Exam Tip

Map each option to the uses patterns you know. Owner slash repo at ref covers actions in repositories and docker double slash image at tag covers Docker Hub. Anything that does not fit these patterns is probably wrong.

Question 10

Your team at scrumtuous.com is preparing to set up collaboration in GitHub for a new project. Which statement correctly distinguishes a personal account from an organization account on GitHub?

• [*] C. An organization account supports multiple owners and members whereas a personal account is associated with one individual

The correct option is An organization account supports multiple owners and members whereas a personal account is associated with one individual.

GitHub organizations are shared accounts that let teams manage projects together. They support multiple owners and members with roles and permissions. A personal account identifies a single user and represents only that individual. This matches how GitHub structures collaboration and access control.

The statement Only personal accounts support SSH key authentication while organization accounts only allow password sign in is incorrect because authentication happens through individual user accounts and SSH is fully supported for users regardless of whether they work in or outside organizations. Organizations themselves do not sign in as an entity. GitHub also does not allow account passwords for Git operations over HTTPS and requires personal access tokens or SSH.

The statement An organization account can only

Question 11

A development team at Orion Media wants to extend their repositories with vetted integrations. They are evaluating GitHub Marketplace and need to know its main purpose. What is GitHub Marketplace primarily used for?

• [*] C. Discovering and installing free and paid apps and actions that add capabilities to GitHub workflows

The correct answer is Discovering and installing free and paid apps and actions that add capabilities to GitHub workflows.

GitHub Marketplace exists to help teams find vetted integrations and add them to their repositories. It lets you browse free and paid GitHub Apps and GitHub Actions and install them to enhance automation, continuous integration and delivery, code quality, security scanning, and project management. Billing and permissions are integrated with GitHub so teams can adopt tools quickly and manage them centrally.

The option Providing customer support for GitHub accounts is incorrect because account and billing support is handled by GitHub Support and the Help portal rather than by the marketplace.

The option Connecting developers with potential employers and partner organizations is incorrect because the marketplace is not a recruitment or networking service and it focuses on technical integrations that extend repositories and workflows.

The option Publishing and monetizing solutions on Google Cloud Marketplace is incorrect because that is a different vendor platform and it is unrelated to GitHub Marketplace.

Exam Tip

When a question asks for the main purpose of a service, match the primary function in the option text to the product. For GitHub Marketplace, look for apps, actions, discover, install, and workflows rather than support or hiring.

Question 12

How can issues and pull requests be added to a GitHub project board?

• [*] B. Manually one by one, with project automation, or by bulk import

The correct option is Manually one by one, with project automation, or by bulk import.

This choice is correct because GitHub Projects supports several ways to add issues and pull requests. You can add items manually from the project interface when you want precise control. You can also use project automation so items are added based on rules and triggers without manual steps. In addition, you can bring in many items at once with a bulk import using a CSV file which is useful when migrating or seeding a project.

Only through GitHub Actions is incorrect because Actions are not the sole method to add items. You can add items manually and you can rely on built in project automation and you can import in bulk.

Only via the REST API is incorrect because the platform also allows manual addition through the UI and built in automation and bulk import, so the API is not the only path.

Only by adding one item at a time manually is incorrect because projects can add items automatically through rules and can import many items at once using CSV.

Exam Tip

Watch for absolute words like only or always. If you know the service supports multiple methods such as manual steps, automation, and bulk actions, eliminate answers that restrict you to a single way.

Question 13

A small engineering team at pickeringisspringfield.com is choosing a tool for source control and collaboration. What is the most accurate way to describe GitHub so the team knows what it provides?

• [*] C. GitHub is a hosted platform built around Git that adds collaboration and code management capabilities

The correct option is GitHub is a hosted platform built around Git that adds collaboration and code management capabilities.

This description is accurate because GitHub hosts Git repositories and provides collaboration features such as pull requests, issues, code review, permissions, project boards, and wikis. It also integrates automation and package management, which extends the core version control provided by Git with a complete platform for team workflows.

GitHub is primarily a continuous integration and delivery tool is incorrect because CI and CD are features offered through GitHub Actions while the service itself is a broader platform for hosting Git repositories and enabling collaboration.

GitHub is a distributed version control system is incorrect because Git is the distributed version control system while GitHub is the platform built on top of Git that provides hosting and collaboration features.

GitHub is a file sharing site that relies on centralized version control is incorrect because GitHub is not a simple file sharing site and it uses Git which is a distributed model rather than a centralized one.

Exam Tip

Distinguish the platform from the underlying tool. If a statement says the product is the DVCS it points to Git, while if it says it adds collaboration to Git it points to GitHub. Watch for words like primarily that often indicate a trap.

Question 14

At OrionCode Labs a group of four engineers contributes to the same GitHub repository every day and they want a straightforward workflow that supports code review and keeps work centralized. What approach should they use to collaborate effectively?

• [*] B. Use a single shared repository and open pull requests from feature branches

The correct option is Use a single shared repository and open pull requests from feature branches.

This shared repository with pull requests from feature branches keeps all work in one place and supports a clean review process. Each engineer works on a feature branch and opens a pull request so teammates can review changes and automated checks can run before merge. This helps a small team iterate daily while keeping history organized and the default branch stable.

Branch protection and required reviews work best with this feature branch pull request model. It simplifies permissions and reduces coordination overhead while preserving a clear source of truth.

Have each developer fork the repository and submit pull requests across repositories spreads changes across separate repositories and introduces extra steps to keep forks synchronized. That model is better for external contributors rather than a small team that wants centralized collaboration.

Create a separate Git submodule for each contributor misapplies submodules since they are intended for including independent projects as dependencies. It increases complexity and does not improve collaboration or reviews within one repository.

Commit straight to the default branch without creating branches bypasses peer review and automated checks and increases the risk of breaking the main line. It does not meet the requirement for a straightforward workflow that supports code review.

Exam Tip

When you see hints like centralized work and code review for a small team choose a shared repository with feature branches and pull requests. Reserve forks for external contributors and avoid submodules for people.

Question 15

In a GitHub pull request, what is the outcome when you select “Squash and merge”?

• [*] B. It combines all pull request commits into one commit that is added to the base branch

The correct answer is It combines all pull request commits into one commit that is added to the base branch.

This action creates a single new commit on the base branch that contains the combined changes from the pull request. It keeps the history compact and linear and it avoids preserving the individual commits from the feature branch.

It performs a fast forward update without a merge commit is incorrect because a fast forward would move the base branch pointer to the head of the pull request and keep every original commit intact, whereas the correct behavior replaces the series of commits with one new commit.

It rebases the pull request commits onto the base branch without a merge commit is incorrect because that describes rebase and merge, which replays each commit on top of the base branch and preserves them individually rather than producing a single combined commit.

It preserves every commit and creates a merge commit on the base branch is incorrect because that describes creating a merge commit, which adds a merge commit and keeps all the pull request commits, while the correct behavior does not preserve the individual commits.

Exam Tip

Map keywords in the choices to the three GitHub merge methods. Single commit cues squash, preserves every commit cues merge commit, and rebases without a merge commit cues rebase and merge. Look for these signals first before reading the rest of the wording.

Question 16

A development team at Apex Retail is rolling out a secure-by-default workflow for their Google Cloud workloads. In planning meetings they keep referring to “shifting left” for security work. In practical terms what does this require in their software delivery process?

• [*] C. Embedding security reviews and tests early in design and development activities

The correct option is Embedding security reviews and tests early in design and development activities.

This aligns with the meaning of shift left because the team integrates security from the very beginning of the software lifecycle. In practice the team performs threat modeling during design, applies secure coding standards, and runs automated static and dependency scans in the continuous integration pipeline. They validate infrastructure as code and container configurations before build and deployment and require security checks and reviews on pull requests so that issues are found and fixed long before release.

Cloud Armor is a web application firewall and DDoS protection service that primarily protects workloads at the edge after deployment. It can be part of a defense in depth strategy but it does not implement a shift left practice in the delivery process.

Pushing most security checks to the final release stage after deployment is the opposite of shifting left. Deferring checks to the end increases risk and cost because vulnerabilities are discovered when changes are harder to fix.

Ignoring security considerations during coding to speed up delivery undermines both security and long term velocity because defects accumulate and require costly rework later. Shift left expects continuous attention to security during coding and code review.

Exam Tip

When you see the phrase shift left look for options that move activities to design and development rather than to deployment. Prefer answers that mention early reviews, automated checks in CI, and security gates before merge.

Question 17

A developer at pickeringisspringfield.com is documenting the standard lifecycle phases for GitHub Codespaces, which include creating, rebuilding, closing or stopping, and deleting a codespace. Which action does not belong to this lifecycle?

• [*] B. Run

The correct option is Run because it is not one of the standard lifecycle phases for GitHub Codespaces.

This action refers to executing code or commands inside a codespace after it has been provisioned and configured. The lifecycle is concerned with managing the environment itself rather than what you do within it.

Rebuild is part of the lifecycle because it recreates the development container to apply configuration or dependency changes and to refresh the environment.

Delete belongs to the lifecycle because it permanently removes the codespace and its resources when you no longer need the environment.

Create is a lifecycle phase because it provisions a new codespace from a repository and branch and initializes the development environment.

Close or stop is a lifecycle action because it suspends the running codespace to save resources and can be resumed later without losing your changes.

Exam Tip

When you see a list of actions, separate environment lifecycle verbs from actions you perform inside the environment. Lifecycle verbs are about provisioning, updating, pausing, and removing, while actions like run or debug are not lifecycle.

Question 18

Which GitHub account types are available for individual users, for organizations, and for enterprise management? (Choose 3)

• [*] B. Enterprise accounts
• [*] C. Organization accounts
• [*] D. Personal accounts

The correct options are Enterprise accounts, Organization accounts, and Personal accounts.

Enterprise accounts provide centralized governance and billing across multiple organizations and are designed for large scale administration and compliance. They let administrators enforce policies and manage users and resources across the entire enterprise.

Organization accounts are for collaborating as a team under a shared namespace. They support shared repositories, teams with role based access, and administrative controls suited to companies, groups, and projects that need structured collaboration.

Personal accounts represent individual users. They own personal repositories and settings and they can be members or owners within organizations while keeping identity and billing at the user level.

The option Business accounts is not a distinct GitHub account type. Some older plan names referenced business billing, yet the supported account types remain personal, organization, and enterprise.

Exam Tip

Map the scope in the question to the account type. Use individual for personal, team collaboration for organization, and centralized governance across multiple organizations for enterprise.

Question 19

At ByteBridge Labs, a team manages source code for a service that is published on example.com using GitHub for version control. When the team refers to the project’s repository during reviews, what does that term represent?

• [*] C. A storage location that holds the project files, the full commit history, and related metadata

The correct option is A storage location that holds the project files, the full commit history, and related metadata.

This choice matches the definition of a Git repository. It contains the tracked files, the entire history of commits, and metadata such as branches, tags, and configuration. When a team on GitHub refers to the repository during reviews they mean this canonical container that holds both the content and the record of changes.

A snapshot that represents one specific commit in the history describes a single commit rather than the repository. A commit is one point in time while a repository aggregates all commits and related data.

Artifact Registry is a package and container registry service and not a Git or GitHub repository for source control. It does not represent the codebase with its full commit history and metadata.

The local working directory where developers edit and test files before committing describes the working tree. The working tree holds checked out files for editing while the repository stores the history and associated metadata.

Exam Tip

When a question asks what a repository represents look for wording that combines project files the full history and metadata. Distrust choices that define a single commit or the working directory since those are narrower than a repository.

Question 20

A product team at scrumtuous.com uses GitHub to plan a quarterly release and wants to clarify how two features differ so they can organize work correctly. What is the key distinction between milestones and labels in GitHub?

• [*] C. Milestones group related issues and pull requests to track progress and dates, while labels tag individual items for categorization

The correct option is Milestones group related issues and pull requests to track progress and dates, while labels tag individual items for categorization.

Milestones let you plan releases or themes by grouping related issues and pull requests. They provide a due date and a progress indicator so you can see how many items are closed versus open as you work toward a target.

Labels classify individual issues and pull requests so teams can filter and search by type, priority, area, or any other taxonomy they choose. Items can have many labels and labels do not have dates or progress tracking on their own.

Milestones are generated automatically by GitHub when new branches are created, while labels require manual setup by repository administrators is incorrect because milestones are not created automatically from branches and labels are not restricted to repository administrators and are managed by users with appropriate repository permissions. Many repositories also start with a default set of labels.

Milestones categorize issues and pull requests by type, while labels provide completion tracking and due dates for collections of work is incorrect because it reverses the roles. Labels are for categorization and milestones provide grouping with dates and progress.

Milestones can only be created by repository owners, while labels can be created by users with read access is incorrect because milestones are not restricted to only owners and creating or editing labels requires more than read access.

Exam Tip

When options compare features map each to its scope. Milestones track progress for a collection with dates while labels classify individual items. Watch for answers that swap these roles.

Cameron McKenzie is an AWS Certified AI Practitioner, Machine Learning Engineer, Solutions Architect and author of many popular books in the software development and Cloud Computing space. His growing YouTube channel training devs in Java, Spring, AI and ML has well over 30,000 subscribers.