GitHub Administration Certification Exam Prep

A GitHub Administration Certification prep course Sweepstakes is happening on GitHub Discussions from September 29th to November 1st, 2025. Fifteen GitHub Certification exam vouchers will be awarded to members who participate during the course.

The course is spread across four weeks with a topic for each week with curated resources, additional exam questions.

GitHub Administration certification exam tests your ability to optimize and manage a healthy GitHub environment with the GitHub Admin exam. This exam covers: repository management, workflow optimization, efficient collaboration, and other best practices.

After successfully passing the GitHub Foundations and GitHub Copilot certification exams this year, I’m excited to start preparing for the GitHub Administration Certification exam. As before, I’ll take notes of key points and useful links throughout my preparation journey.

Week 1

* A GitHub administrator's core responsibility is managing repository access and permissions
* The main advantage of enabling SAML SSO for a GitHub organization is that it provides centralized authentication through an identity provider
* Teams allow for group-based assignment of repository permissions within a GitHub organization
* An administrator can determine license usage for a specific organization within an enterprise account by accessing enterprise-level reporting and analytics tools
* When adjusting enterprise policies, administrators should align with a company's overall security and compliance strategy to ensure proper trust and control
* The enterprise account’s license usage dashboard provides information about the number of consumed seats in a GitHub Enterprise account

Week 2

* GitHub's Secret scanning feature is designed to scan code for secrets such as API keys, passwords, or other sensitive information. When it detects such secrets, it alerts administrators so they can take appropriate action to secure their repositories.

* Dependabot is used for managing dependencies and keeping them up to date.

* Code scanning is used for finding security vulnerabilities and bugs in code.

* Issue templates are used to standardize the format of issues that users can file in a repository.

* Branch Protection Rules help maintain code quality and security by enforcing certain rules and restrictions on how changes can be made to important branches (typically main/master branch). By default, the restrictions of a branch protection rule don't apply to people with admin permissions to the repository or custom roles with the "bypass branch protections" permission.

* Dependabot can fix vulnerable dependencies for you by raising pull requests with security updates. Make sure to review and test the pull requests created by Dependabot before merging them, as updating dependencies can sometimes break your code.

* When a security automation tool finds a secret, such as an API key, in a repository, it's a serious security vulnerability. Revoke and/or rotate that secret.

* A SECURITY.md file is a standard markdown file used to provide security-related guidance for a project. The primary purpose is to create a clear, accessible process for responsible security vulnerability disclosure.

* After removing sensitive data from the repository history, force-push the rewritten history and advise all contributors to re-clone the repository

* GitHub's audit log is a crucial security and compliance feature for enterprise environments that records and tracks important actions and changes across an organization.

* GitHub Well-Architected framework helps organizations implement and optimize their use of GitHub, enhancing their software development lifecycle (SDLC). It is built around five key pillars:

Productivity
Collaboration
Application Security
Governance
Architecture

Week 3

A - GitHub supports the System for Cross-domain Identity Management (SCIM) protocol for automated user provisioning and deprovisioning when integrated with enterprise identity providers. SCIM enables organizations to automate the management of user accounts, ensuring users are provisioned or deprovisioned from GitHub automatically when their status changes in the identity provider. This is crucial for maintaining secure access and compliance in large enterprises.

B - Enabling SAML single sign-on (SSO) for a GitHub organization requires users to authenticate through the organization's configured identity provider (IdP) before they can access any resources within the organization. This adds a layer of security by centralizing authentication and enforcing enterprise policies.

D - GitHub supports two primary methods for command-line repository access: HTTPS and SSH. Although HTTPS can use personal access tokens (PATs) for authentication, SSH keys are widely recommended for secure, seamless access without the need to repeatedly enter credentials.

A - In GitHub, authentication is the process of verifying a user's identity. This means confirming that the user is who they claim to be, typically via credentials like passwords, SSH keys, or SSO via identity providers. Authorization, on the other hand, is the process that determines what actions or resources an authenticated user is allowed to access. It governs permissions at various levels such as repository access, organization resources, and team memberships.

B,D - Administrators in a GitHub organization have the ability and tools to manage repository access and can restore recently deleted branches using GitHub's branch recovery features.

Recovering recently deleted repositories (within 90 days) and restoring force-pushed commits (in limited cases) requires intervention of GitHub Support

D - In a GitHub Enterprise account, deploying multiple organizations allows the enterprise to have granular control and management over each organization’s permissions, policies, and settings tailored to different business units or teams. This separation is beneficial for applying distinct security, compliance, and access controls according to the requirements of various parts of the company.

B - Enterprise Managed Users (EMU) in GitHub Enterprise integrates closely with an organization's identity provider (IdP). When an employee leaves the organization and their status is updated in the identity provider, EMU automatically reflects this change by removing the user from the GitHub Enterprise account. This automated deprovisioning helps maintain security by ensuring that only current employees retain access, reducing the risk of unauthorized access by former employees.

Week 4

C - The recommended way to restrict the use of third-party GitHub Actions in an enterprise environment is to configure policies to allow only actions from approved organizations or repositories

A - An organization can control access to reusable workflows in GitHub Actions by limiting access to approved repositories and teams

D - A self-hosted runner in GitHub Actions is a runner that is hosted and maintained by your organization, running on your own infrastructure

A - To register a self-hosted runner, download and install the runner application, then run the configuration script using the registration token generated by GitHub.

C - Organizations control which workflows have access to specific secrets primarily by scoping secrets to particular environments, repositories, or organizations

B - To authenticate and publish a package to the GitHub Packages registry in a GitHub Actions workflow, the workflow requires a secret token with appropriate permissions.

B,D,E - GitHub Packages supports the following package formats for storing code dependencies:

Docker
RubyGems
JavaScript (npm)

C - When items are automatically archived in a GitHub project, they are hidden from the active workspace but can be restored later. Archiving items helps you improve focus by removing old items from your project views. An archived item retains all of its custom field data and can be viewed or restored from the archive page.

Links -