Microsoft GitHub Administration (GH-100)

✅

Reasoning: GitHub Premium Support explicitly offers assistance with the installation, configuration, maintenance, and troubleshooting of GitHub Enterprise Server. This includes initial setup and upgrades. ❌ Why the other choices are incorrect:

• Option A is incorrect: GitHub Support typically does not write custom scripts for users; their scope is the platform's functionality and issues.
• Option C is incorrect: GitHub Support does not provide assistance with customer-owned hardware setup, which is outside the scope of their software product support.
• Option D is incorrect: While they can advise on GitHub-side integration issues, Premium Support does not troubleshoot, develop, or configure third-party applications.

✅

Reasoning: GitHub Premium Support (or Business/Enterprise Support) is designed to assist with critical security issues that pose a business impact. This includes guidance, incident response, and resolution for organizational security concerns, directly affecting business operations and data integrity.

Reasoning: Outages on GitHub.com that disrupt core Git functionality are severe service degradations. Contacting Premium Support in such cases is appropriate to report the issue, receive status updates, and get assistance in resolving the impact on development workflows. ❌ Why the other choices are incorrect:

• Option A is incorrect: License renewal is typically an administrative, billing, or sales-related task, usually managed through account settings or sales teams, not through GitHub Premium Support's technical incident channel.
• Option B is incorrect: GitHub.com is a cloud service, meaning users do not manage its underlying hardware. For GitHub Enterprise Server, customers manage their hardware, and GitHub Support focuses on the software, not physical hardware issues.

✅

Reasoning: The ssh -p 122 adming@ghe.avocado.corp -- 'ghe-support-bundle -o' command executes ghe-support-bundle with the -o flag on the instance, piping the output to stdout. This output is then redirected locally to support-bundle.tgz, successfully creating and downloading the support bundle. ❌ Why the other choices are incorrect:

• Option B is incorrect: ghe-diagnostics displays system health information, but it does not generate a support bundle file for download.
• Option C is incorrect: GitHub Enterprise Server does not expose a direct HTTP/HTTPS endpoint for downloading support bundles via curl. Support bundles are generated via the SSH administrative shell.
• Option D is incorrect: ghe-config generate-support-bundle is not a valid command. The correct utility for creating a support bundle is ghe-support-bundle.

✅

Reasoning: Generating a support bundle on GitHub Enterprise Server requires administrator SSH access to the appliance. This allows an administrator to log into the administrative shell and execute commands like ghe-support-bundle to collect diagnostic logs and system information directly from the server. ❌ Why the other choices are incorrect:

• Option A is incorrect: While support bundles are often provided to GitHub Support, their prior approval is not a prerequisite for an administrator to generate the bundle on their own GHES instance.
• Option B is incorrect: Support bundles are created at the underlying appliance level, not by running repository-specific GitHub Actions, which operate within the GitHub application itself.
• Option D is incorrect: GitHub Apps use the GitHub API for data interaction. Generating a support bundle is a server-level operation requiring direct administrative access to the underlying appliance, not API interaction.

✅

Reasoning: Personal Accounts are fundamentally owned by the individual user, allowing them to participate in personal projects, open-source contributions, and professional work across various organizations. This user-centric ownership and broad applicability distinguish them from EMUs, which are corporate-owned and restricted to enterprise activities. ❌ Why the other choices are incorrect:

• Option A is incorrect: Enterprise Managed Users (EMUs) are strictly confined to the enterprise's environment and cannot interact with personal repositories or content outside the enterprise.
• Option C is incorrect: Personal Accounts generally offer the user more flexibility; EMUs provide stricter control for the organization over the user's identity and activities within the enterprise.
• Option D is incorrect: While EMUs require an organization to use an Identity Provider (IdP) for authentication, this isn't a unique distinction, as organizations can also enforce SSO for personal accounts. The core difference lies in account ownership and scope of use.

✅

Reasoning: SCIM's core function is to maintain data consistency. It ensures that changes to user attributes (e.g., name, email, group memberships) made in the identity provider are automatically reflected in the corresponding GitHub user accounts.

Reasoning: SCIM enhances security and lifecycle management. When a user is removed or deactivated in the identity provider, SCIM automatically deactivates or suspends their associated GitHub account, preventing unauthorized access.

Reasoning: SCIM automates the creation of user accounts. When a new user is provisioned in the identity provider and assigned access to GitHub, SCIM automatically creates a corresponding user account in GitHub Enterprise Cloud. ❌ Why the other choices are incorrect:

• Option C is incorrect: SCIM manages user identities and their lifecycle (provisioning, deprovisioning, attribute updates). It does not manage or delete organizational assets like repositories.
• Option E is incorrect: SCIM is for identity provisioning and management, not authentication. Authentication tokens for the GitHub REST API are generated by GitHub itself or via other authentication flows (e.g., OAuth, PATs).
• Option F is incorrect: While SCIM can sync group memberships, which inform repository permissions, SCIM itself does not directly configure repository permissions. GitHub's internal permission system, often leveraging teams, handles that configuration.

✅

Reasoning: For non-partner identity provider integrations, administrators are required to manually configure SAML 2.0 details, including setting up the SAML application in their IdP and exchanging metadata (e.g., SSO URL, entity ID, certificate) with GitHub. This is a distinct manual process compared to streamlined partner integrations. ❌ Why the other choices are incorrect:

• Option A is incorrect: GitHub Enterprise Managed Users primarily authenticate with an identity provider using SAML 2.0. OIDC is not the standard or primary protocol utilized for IdP authentication for EMUs.
• Option C is incorrect: Partner identity provider integrations are designed to offer a streamlined experience, often supporting the same or more authentication features and provisioning capabilities, not fewer GitHub-supported authentication methods.
• Option D is incorrect: While partners provide integration capabilities, the customer remains responsible for configuring and managing the specific application within their own identity provider instance. The partner doesn't typically provide ongoing support for the customer's specific application configuration.

✅

Reasoning: GitHub Marketplace apps extend GitHub's capabilities by integrating with various external services like CI/CD, project management, and security tools. This reduces the need for enterprises to develop and maintain custom integrations, streamlining workflows and saving development effort. ❌ Why the other choices are incorrect:

• Option A is incorrect: GitHub Marketplace apps do not guarantee zero downtime during GitHub maintenance. Their availability depends on both GitHub and the app vendor's infrastructure.
• Option C is incorrect: GitHub Apps often complement or even utilize GitHub Actions for automation. They do not eliminate the need for Actions; rather, they can work in conjunction with them.
• Option D is incorrect: While GitHub reviews Marketplace apps, "all apps" are not universally "pre-approved" by GitHub's internal security team for every enterprise's specific compliance needs. Enterprises must still conduct their own security assessments.