A.  

Maintain clear documentation of existing policies and policy changes.

B.  

Implement the new enterprise policies across the organization first and then consult with the security team to identify- any necessary adjustments or retrofits

C.  

Implement changes without consulting stakeholders.

D.  

Regularly assess and adjust policies based on evolving risks.

A.  

The user will automatically have the same role across all organizations.

B.  

The user's repository access and/or team membership needs to be managed separately for each organization.

C.  

The user will need to authorize credentials separately for each SAML-enabled organization.

D.  

The user will have different permission levels in each organization.

E.  

The user's profile information becomes private to non-organization members.

F.  

The user's personal repositories will become accessible to all organizations.

A.  

It automatically reverts commits that introduced the vulnerability.

B.  

It allows maintainers to privately disclose, discuss, and publish vulnerabilities.

C.  

It flags all forks of the repository as vulnerable.

D.  

It prevents users from cloning the repository until issues are resolved.

A.  

Number of workflows defined in .github/workflows/

B.  

Number of contributors to the repository Explanation:Incorrect. Contributor count does not impact billing for Actions

C.  

Total number of repositories using Actions

D.  

Operating system used in the runner environment

A.  

They guarantee no downtime during enterprise GitHub maintenance windows

B.  

They often include integrations with external services, reducing the need for custom code

C.  

Apps eliminate the need for GitHub Actions entirely

D.  

All apps come pre-approved by GitHub's internal security team

A.  

SCIM synchronizes changes to user attributes from the identity provider to GitHub.

B.  

SCIM deactivates GitHub accounts when users are deleted from the identity provider.

C.  

SCIM automatically deletes organization repositories when administrators are removed.

D.  

SCIM automates user provisioning when new users are added to the identity provider.

E.  

SCIM generates authentication tokens for accessing GitHub's REST API.

F.  

SCIM configures repository permissions based on user roles within the organization.

A.  

Allow organization owners to administer the setting at the organization level.

B.  

Allow people who have access to private and internal repositories to fork these repositories.

C.  

Allow specific people or teams to fork private and internal repositories.

D.  

Disallow repository owners from administering the setting at the repository level.

E.  

Disallow forking of private and internal repositories.

A.  

EMU accounts can be used for both personal and enterprise repositories.

B.  

EMU accounts are managed through an identity provider such as Azure AD.

C.  

EMU accountsallow users to create and manage their own credentials.

D.  

EMU accounts restrict users to enterprise-related activities only

E.  

EMU accounts are created and managed by individual users.

F.  

EMU accounts are owned by the organization and cannot be unlinked.

A.  

Use GitHub's meta API to configure access.

B.  

Add a label to the runner group.

C.  

Configure repository access in the runner group settings.

D.  

Configure the Actions Policies to "Only selected repositories".

A.  

changes in permissions

B promoting users to administrators

B.  

pushes to repositories

C.  

changes to permissions of a GitHub App

D.  

cloning of repositories

A.  

Manage repository settings, such as labels and GitHub Pages.

B.  

Push code to non-protected branches.

C.  

Configure branch protection rules.

D.  

Delete the repository.

A.  

Approval from GitHub Support

B.  

A custom GitHub Action in the root repo

C.  

Administrator SSH access to the appliance

D.  

A GitHub App with read:org permissions

A.  

It waits for manual triage of all CVEs.

B.  

It uses the dependency graph and Dependabot alerts to open PRs for patched versions.

C.  

It reads the GitHub Issues and automatically suggests fixes.

D.  

It compares your codebase to the GitHub Trending list.

A.  

It alerts the service provider (e.g., AWS, Stripe).

B.  

It immediately blocks the commit to protect the secret.

C.  

It deletes the secret from the repository automatically.

D.  

It notifies the admin via webhook.

A.  

Revoke any exposed credentials immediately

B.  

Force push a commit removing the data

C.  

Open an issue to inform users

D.  

Delete the repository

A.  

Fine-grained PATs automatically renew while classic PATs require manual renewal.

B.  

Fine-grained PATs permissions can be scoped to specific repositories.

C.  

Classic PATs offer more permission controls than fine-grained PATs.

D.  

Classic PATs can be restricted to specific organizations, but fine-grained PATs cannot.

A.  

GitHub-hosted larger runners with Azure private networking

B.  

GitHub-hosted standard runners, using the IP addresses provided in "actions" from https://api.github.com/meta

C.  

GitHub-hosted standard runners, using the IP addresses provided in "api" from https://api.github.com/meta

D.  

GitHub-hosted larger runners with static IP addresses

A.  

To communicate corporate security and compliance policies for end users on a private repository.

B.  

To provide information on an open source repository for open source collaborators and researchers that may need to report and disclose sensitive security findings to maintainers securely.

C.  

To prevent anyone from pushing to the repository without approval.

D.  

To define which open source packages are permitted for use as part of that repository.

A.  

They are granted explicit access to specific repositories.

B.  

They inherit organization-wide policies, such as SSO requirements.

C.  

They have access to all private repositories by default.

D.  

They appear in the organization's internal member list.