完全覆蓋的GH-100考題免費下載 |高通過率的考試材料|值得信任的GH-100考題Microsoft GH-100認證考試是個機會難得的考試,它是一個在IT領域中非常有價值並且有很多IT專業人士參加的考試。通過Microsoft GH-100的認證考試可以提高你的IT職業技能。我們的Testpdf可以為你提供關於Microsoft GH-100認證考試的訓練題目,Testpdf的專業IT團隊會為你提供最新的培訓工具,幫你提早實現夢想。Testpdf有最好品質最新的Microsoft GH-100認證考試相關培訓資料,能幫你順利通過Microsoft GH-100認證考試。 最新的 GitHub Administrator GH-100 免費考試真題 (Q66-Q71):問題 #66
What additional capability does secret scanning offer for private repositories on GitHub Enterprise Cloud?
A. Disables any code that contains a secret.
B. Revokes GitHub access tokens automatically.
C. Allows custom pattern definitions for internal secret formats.
D. Rewrites history to remove secrets.
答案:C
解題說明:
Secret scanning in private repositories on GitHub Enterprise Cloud lets you define and use custom regular-expression patterns - so you can detect internal or proprietary secret formats beyond the default partner-provided types.
問題 #67
What is the first step when sensitive data is accidentally pushed to a public GitHub repository?
A. Force push a commit removing the data
B. Revoke any exposed credentials immediately
C. Delete the repository
D. Open an issue to inform users
答案:B
解題說明:
Revoke and/or rotate the exposed credentials immediately so they can no longer be used - this is the critical first step before you undertake any history-rewriting or cleanup.
問題 #68
You discover that a secret (e.g., a token or password) was accidentally committed to a GitHub repository. What is the first step you should take to mitigate the risk?
A. Rewrite the repository history using git filter-repo or BFG Repo-Cleaner to remove the secret from all commits.
B. Delete the repository and create a new one to ensure the secret is no longer accessible.
C. Contact GitHub Support to remove the secret from all forks and clones of the repository.
D. Revoke and/or rotate the secret to render it unusable, then assess whether history rewriting is necessary.
答案:D
解題說明:
The immediate priority is to revoke or rotate the exposed credential so it can no longer be used; once it's invalidated, you can safely proceed with history-rewriting or other cleanup steps.
問題 #69
How is CodeQL different from other static analysis tools?
A. It only works for open-source projects.
B. It removes insecure code automatically
C. It allows querying of code semantics using a database-like language.
D. It runs analysis only after a security breach.
答案:C
解題說明:
CodeQL differs from traditional static analysis tools by ingesting your code into a queryable database and letting you write QL queries - its own database-style language - to express semantic checks and find patterns across the codebase.
問題 #70
You are an administrator and need to enforce a policy on forking private and internal repositories. Which options are available for configuring the policy at the enterprise level? (Each answer presents a complete solution. Choose three.)
A. Allow people who have access to private and internal repositories to fork these repositories.
B. Allow organization owners to administer the setting at the organization level.
C. Disallow repository owners from administering the setting at the repository level.
D. Allow specific people or teams to fork private and internal repositories.
E. Disallow forking of private and internal repositories.
答案:A,B,E
解題說明:
You can configure the enterprise policy toallow organization owners to administer the forking setting at the organization level, giving them control over how repos fork within their orgs.
You can choose toallow any user who already has access to a private or internal repo to fork it.
You can also set the policy tonever allow forkingof private or internal repositories across all organizations.