Question #1
As a developer, you want to run a workflow from the Actions tab in GitHub.
Which YAML snippet should you use to match the interface in this image?
A)
B)
C)
D)
- A . Option A
- B . Option B
- C . Option C
- D . Option D
Correct Answer: C
C
Explanation:
The first image shows a workflow trigger with an option for the test suite, and the chosen YAML configuration matches this interface. Specifically, the test suite input is defined with type: choice and includes the option value: functional, which aligns with the visible UI elements in the first image.
C
Explanation:
The first image shows a workflow trigger with an option for the test suite, and the chosen YAML configuration matches this interface. Specifically, the test suite input is defined with type: choice and includes the option value: functional, which aligns with the visible UI elements in the first image.
Question #2
How many jobs will result from the following matrix configuration?
- A . 3 jobs
- B . 4 jobs
- C . 5 jobs
- D . 6 jobs
Correct Answer: D
D
Explanation:
The matrix configuration specifies two variables: color and animal. The color variable has 2 values (green and pink), and the animal variable has 2 values (owl and magpie). This would result in 4 combinations (2 color values × 2 animal values). Additionally, the include section introduces two more combinations (color: blue and animal: owl; color: pink and animal: magpie).
D
Explanation:
The matrix configuration specifies two variables: color and animal. The color variable has 2 values (green and pink), and the animal variable has 2 values (owl and magpie). This would result in 4 combinations (2 color values × 2 animal values). Additionally, the include section introduces two more combinations (color: blue and animal: owl; color: pink and animal: magpie).
Question #3
As a developer, which workflow steps should you perform to publish an image to the GitHub Container Registry? (Choose three.)
- A . Use the actions/setup-docker action
- B . Authenticate to the GitHub Container Registry.
- C . Build the container image.
- D . Push the image to the GitHub Container Registry
- E . Pull the image from the GitHub Container Registry.
Correct Answer: A, B, D
A, B, D
Explanation:
A, B, D
Explanation:
Question #4
As a developer, you have a 10-MB data set that is required in a specific workflow.
Which steps should you perform so the dataset is stored encrypted and can be decrypted during the workflow? (Choose three.)
- A . Encrypt the dataset.
- B . Leverage the actions/download-secret action in the workflow.
- C . Store the dataset in a GitHub encrypted secret.
- D . Store the encryption keys in a GitHub encrypted secret.
- E . Compress the dataset
- F . Commit the encrypted dataset to the same repository as the workflow
- G . Create a GitHub encrypted secret with the Large object option selected and upload the dataset.
Correct Answer: A, C, D
A, C, D
Explanation:
First, the dataset should be encrypted before being stored. This ensures that the data is protected when stored in a repository.
The encrypted dataset can be stored in a GitHub secret, ensuring it is securely kept and not exposed publicly.
The encryption key needed to decrypt the dataset should also be stored in a GitHub secret to maintain security during the workflow, allowing access only when needed.
A, C, D
Explanation:
First, the dataset should be encrypted before being stored. This ensures that the data is protected when stored in a repository.
The encrypted dataset can be stored in a GitHub secret, ensuring it is securely kept and not exposed publicly.
The encryption key needed to decrypt the dataset should also be stored in a GitHub secret to maintain security during the workflow, allowing access only when needed.
Question #5
Which statement is true about using default environment variables?
- A . The environment variables can be read in workflows using the ENV: variable_name syntax.
- B . The environment variables created should be prefixed with GITHUB_ to ensure they can be accessed in workflows
- C . The environment variables can be set in the defaults: sections of the workflow
- D . The GITHUB_WORKSPACE environment variable should be used to access files from within the runner.
Correct Answer: D
D
Explanation:
GITHUB_WORKSPACE is a default environment variable in GitHub Actions that points to the directory on the runner where your repository is checked out. This variable allows you to access files within your repository during the workflow.
D
Explanation:
GITHUB_WORKSPACE is a default environment variable in GitHub Actions that points to the directory on the runner where your repository is checked out. This variable allows you to access files within your repository during the workflow.
Question #6
Which of the following commands will set the $FOO environment variable within a script, so that it may be used in subsequent workflow job steps?
- A . run: echo "::set-env name=FOO::bar"
- B . run: echo "FOO=bar" >> $GITHUB_ENV
- C . run: echo ${{ $FOO=bar }}
- D . run: export FOO=bar
Correct Answer: B
B
Explanation:
The $GITHUB_ENV environment variable is used to set environment variables that persist across steps in a workflow job. By echoing FOO=bar into $GITHUB_ENV, the variable FOO will be available in subsequent steps within the same job.
B
Explanation:
The $GITHUB_ENV environment variable is used to set environment variables that persist across steps in a workflow job. By echoing FOO=bar into $GITHUB_ENV, the variable FOO will be available in subsequent steps within the same job.
Question #7
You are reaching your organization’s storage limit for GitHub artifacts and packages.
What should you do to prevent the storage limit from being reached?
- A . via the .github repository owned by the organization
- B . via repositories owned by the organization
- C . via the GitHub Marketplace
- D . via a repository owned by a third party
Correct Answer: B
B
Explanation:
To prevent reaching the storage limit for GitHub artifacts and packages, you should manage and clean up artifacts and packages stored in repositories owned by your organization. This includes deleting unnecessary artifacts and managing the lifecycle of packages, as they contribute directly to your organization’s storage quota.
B
Explanation:
To prevent reaching the storage limit for GitHub artifacts and packages, you should manage and clean up artifacts and packages stored in repositories owned by your organization. This includes deleting unnecessary artifacts and managing the lifecycle of packages, as they contribute directly to your organization’s storage quota.
Question #8
Based on the YAML below, which two statements are correct? (Choose two.)
- A . This workflow will publish a package to an npm registry.
- B . This workflow will publish a package to GitHub Packages.
- C . This workflow file is using a matrix strategy.
- D . The workflow job publish-npm will only run after the build job passes.
Correct Answer: A, D
A, D
Explanation:
The publish-npm job includes the JS-DevTools/npm-publish action, which is used to publish an npm package to an npm registry.
The publish-npm job has the needs: build directive, meaning it will only run after the build job successfully completes.
A, D
Explanation:
The publish-npm job includes the JS-DevTools/npm-publish action, which is used to publish an npm package to an npm registry.
The publish-npm job has the needs: build directive, meaning it will only run after the build job successfully completes.
Question #9
In which scenarios could the GITHUB_TOKEN be used? (Choose two.)
- A . to leverage a self-hosted runner
- B . to create a repository secret
- C . to publish to GitHub Packages
- D . to create issues in the repo
- E . to read from the file system on the runner
- F . to add a member to an organization
Correct Answer: C, D
C, D
Explanation:
The GITHUB_TOKEN is automatically provided by GitHub in workflows and can be used to authenticate API requests to GitHub, including publishing packages to GitHub Packages. The GITHUB_TOKEN is also used to authenticate API requests for actions like creating issues, commenting, or interacting with pull requests within the same repository.
C, D
Explanation:
The GITHUB_TOKEN is automatically provided by GitHub in workflows and can be used to authenticate API requests to GitHub, including publishing packages to GitHub Packages. The GITHUB_TOKEN is also used to authenticate API requests for actions like creating issues, commenting, or interacting with pull requests within the same repository.
Question #10
As a developer, you need to use GitHub Actions to deploy a microservice that requires runtime access to a secure token. This token is used by a variety of other microservices managed by different teams in different repos.
To minimize management overhead and ensure the token is secure, which mechanisms should you use to store and access the token? (Choose two.)
- A . Store the token in a configuration file in a private repository. Use GitHub Actions to deploy the configuration file to the runtime environment.
- B . Store the token as a GitHub encrypted secret in the same repo as the code. Create a reusable custom GitHub Action to access the token by the microservice at runtime.
- C . Use a corporate non-GitHub secret store (e.g., HashiCorp Vault) to store the token. During deployment, use GitHub Actions to store the secret in an environment variable that can be accessed at runtime.
- D . Store the token as a GitHub encrypted secret in the same repo as the code. During deployment, use GitHub Actions to store the secret in an environment variable that can be accessed at runtime.
- E . Store the token as an organizational-level encrypted secret in GitHub. During deployment, use GitHub Actions to store the secret in an environment variable that can be accessed at runtime.
Correct Answer: C, E
C, E
Explanation:
Using a corporate secret store like HashiCorp Vault provides a secure, centralized location for sensitive information. GitHub Actions can then retrieve and store the token securely during deployment by setting it as an environment variable, ensuring the token remains secure and accessible at runtime.
Storing the token as an organizational-level encrypted secret in GitHub ensures it is accessible across multiple repositories, minimizing management overhead. GitHub Actions can then use this secret during deployment by setting it as an environment variable, allowing the microservice to access it securely at runtime.
C, E
Explanation:
Using a corporate secret store like HashiCorp Vault provides a secure, centralized location for sensitive information. GitHub Actions can then retrieve and store the token securely during deployment by setting it as an environment variable, ensuring the token remains secure and accessible at runtime.
Storing the token as an organizational-level encrypted secret in GitHub ensures it is accessible across multiple repositories, minimizing management overhead. GitHub Actions can then use this secret during deployment by setting it as an environment variable, allowing the microservice to access it securely at runtime.
Question #11
What is the minimal syntax for declaring an output named foo for an action?
A)
B)
C)
D)
- A . Option A
- B . Option B
- C . Option C
- D . Option D
Correct Answer: C
C
Explanation:
The correct minimal syntax for declaring an output in GitHub Actions is by using the foo key under outputs, and associating it with a value (in this case, Some value). This is the simplest form to define an output in a workflow or action.
C
Explanation:
The correct minimal syntax for declaring an output in GitHub Actions is by using the foo key under outputs, and associating it with a value (in this case, Some value). This is the simplest form to define an output in a workflow or action.
Question #12
When reviewing an action for use, what file defines its available inputs and outputs?
- A . inputs.yml
- B . config.json
- C . defaults.json
- D . workflow.yml
- E . action.yml
Correct Answer: E
E
Explanation:
The action.yml file defines the inputs and outputs for a GitHub Action. This file contains metadata about the action, including the required inputs and outputs, as well as other configurations like the action’s description, runs, and environment setup.
E
Explanation:
The action.yml file defines the inputs and outputs for a GitHub Action. This file contains metadata about the action, including the required inputs and outputs, as well as other configurations like the action’s description, runs, and environment setup.
Question #13
How should you install the bats NPM package in your workflow?
A)
B)
C)
D)
- A . Option A
- B . Option B
- C . Option C
- D . Option D
Correct Answer: D
D
Explanation:
The correct syntax includes specifying the job (example-job), the runner (ubuntu-latest), and the necessary step (npm install -g bats) within the workflow. This ensures that the package is installed properly during the execution of the job.
D
Explanation:
The correct syntax includes specifying the job (example-job), the runner (ubuntu-latest), and the necessary step (npm install -g bats) within the workflow. This ensures that the package is installed properly during the execution of the job.
Question #14
How can GitHub Actions encrypted secrets be used in if: conditionals within a workflow job?
- A . Set the encrypted secret as a job-level environment variable and then reference the environment variable within the conditional statement.
- B . Create a job dependency that exposes the encrypted secret as a job output, which can then be leveraged in a subsequent dependent job.
- C . Use the secrets context within the conditional statement, e.g. ${{ secrets.MySuperSecret }}.
- D . Use a workflow command to expose the encrypted secret via a step’s output parameter and then use the step output in the job’s if: conditional.
Correct Answer: C
C
Explanation:
GitHub Actions encrypted secrets can be accessed in workflows using the secrets context. You can directly reference the secret within an if: conditional using ${{ secrets.MySuperSecret }} to determine whether a job or step should run based on the secret’s value.
C
Explanation:
GitHub Actions encrypted secrets can be accessed in workflows using the secrets context. You can directly reference the secret within an if: conditional using ${{ secrets.MySuperSecret }} to determine whether a job or step should run based on the secret’s value.
Question #15
As a DevOps engineer, you are developing a container action. You need to execute a cleanup script
after completing the main script execution.
Which code block should be used to define the cleanup script?
A)
B)
C)
D)
- A . Option A
- B . Option B
- C . Option C
- D . Option D
Correct Answer: A
A
Explanation:
The correct syntax for specifying a cleanup script to be run after the main entry point is executed in a Docker-based GitHub Action is to use the post key. This ensures that cleanup.sh runs after the main script (main.sh) has completed.
A
Explanation:
The correct syntax for specifying a cleanup script to be run after the main entry point is executed in a Docker-based GitHub Action is to use the post key. This ensures that cleanup.sh runs after the main script (main.sh) has completed.
Question #16
Which default GitHub environment variable indicates the name of the person or app that initiated a workflow?
- A . ENV_ACTOR
- B . GITHUB_WORKFLOW_ACTOR
- C . GITHUB_ACTOR
- D . GITHUB_USER
Correct Answer: C
C
Explanation:
The GITHUB_ACTOR environment variable indicates the name of the person or app that initiated the workflow. This variable is automatically provided by GitHub in the workflow and can be used to identify the user or application triggering the workflow.
C
Explanation:
The GITHUB_ACTOR environment variable indicates the name of the person or app that initiated the workflow. This variable is automatically provided by GitHub in the workflow and can be used to identify the user or application triggering the workflow.
Question #17
You are a developer, and your container jobs are failing on a self-hosted runner.
Which requirements must you check to ensure that the self-hosted runner is properly configured? (Choose two.)
- A . The self-hosted runner is running a Linux operating system.
- B . The self-hosted runner is running a Windows operating system.
- C . Docker is installed on the self-hosted runner.
- D . Kubernetes is installed on the self-hosted runner.
- E . The service status of Kubernetes is "active".
Correct Answer: A, C
A, C
Explanation:
While Docker can run on various operating systems, Linux is often the most common and preferred OS for containerized workloads. Docker works well on Linux and is a widely-used platform for running containers.
For container jobs to run on a self-hosted runner, Docker must be installed and properly configured on the runner. Docker is required to build and run containerized workloads in a GitHub Actions workflow.
A, C
Explanation:
While Docker can run on various operating systems, Linux is often the most common and preferred OS for containerized workloads. Docker works well on Linux and is a widely-used platform for running containers.
For container jobs to run on a self-hosted runner, Docker must be installed and properly configured on the runner. Docker is required to build and run containerized workloads in a GitHub Actions workflow.
Question #18
Which choices represent best practices for publishing actions so that they can be consumed reliably? (Choose two.)
- A . repo name
- B . tag
- C . commit SHA
- D . organization name
- E . default branch
Correct Answer: B, C
B, C
Explanation:
Using a tag is a best practice because tags are immutable and represent a fixed version of your action. By referencing tags, consumers of your action can be assured they are using a stable and specific version of the action, which helps in avoiding issues with breaking changes.
The commit SHA is another reliable way to specify a particular version of an action. By referencing a
specific commit SHA, consumers can ensure they are using exactly the code that was written at that moment, avoiding the potential for changes in the future.
B, C
Explanation:
Using a tag is a best practice because tags are immutable and represent a fixed version of your action. By referencing tags, consumers of your action can be assured they are using a stable and specific version of the action, which helps in avoiding issues with breaking changes.
The commit SHA is another reliable way to specify a particular version of an action. By referencing a
specific commit SHA, consumers can ensure they are using exactly the code that was written at that moment, avoiding the potential for changes in the future.
Question #19
You need to create new workflows to deploy to an unfamiliar cloud provider.
What is the fastest and safest way to begin?
- A . Create a custom action to wrap the cloud provider’s CLI.
- B . Search GitHub Marketplace for verified actions published by the cloud provider.
- C . Use the actions/jenkins-plugin action to utilize an existing Jenkins plugin for the cloud provider.
- D . Search GitHub Marketplace for actions created by GitHub.
- E . Download the CLI for the cloud provider and review the associated documentation.
Correct Answer: B
B
Explanation:
Searching the GitHub Marketplace for verified actions published by the cloud provider is the quickest and safest approach. Many cloud providers offer verified GitHub Actions that are maintained and optimized to interact with their services. These actions typically come with the correct configurations and best practices, allowing you to get started quickly without reinventing the wheel.
B
Explanation:
Searching the GitHub Marketplace for verified actions published by the cloud provider is the quickest and safest approach. Many cloud providers offer verified GitHub Actions that are maintained and optimized to interact with their services. These actions typically come with the correct configurations and best practices, allowing you to get started quickly without reinventing the wheel.
Question #20
GitHub-hosted runners support which capabilities? (Choose two.)
- A . automatic patching of both the runner and the underlying OS
- B . automatic file-system caching between workflow runs
- C . support for Linux, Windows, and mac
- D . support for a variety of Linux variations including CentOS, Fedora, and Debian
- E . requiring a payment mechanism (e.g., credit card) to use for private repositories
Correct Answer: C, D
C, D
Explanation:
GitHub-hosted runners automatically handle patching, meaning they will be kept up to date with the latest security updates and software patches for both the runner environment and the underlying operating system.
GitHub-hosted runners support Linux, Windows, and macOS, giving you flexibility to run workflows on different operating systems without needing to manage your own self-hosted runners.
C, D
Explanation:
GitHub-hosted runners automatically handle patching, meaning they will be kept up to date with the latest security updates and software patches for both the runner environment and the underlying operating system.
GitHub-hosted runners support Linux, Windows, and macOS, giving you flexibility to run workflows on different operating systems without needing to manage your own self-hosted runners.
Question #21
You need to make a script to retrieve workflow run logs via the API.
Which is the correct API to download a workflow run log?
- A . POST /repos/:owner/:repo/actions/runs/:run_id
- B . GET /repos/:owner/:repo/actions/artifacts/logs
- C . GET /repos/:owner/:repo/actions/runs/:run_id/logs
- D . POST /repos/:owner/:repo/actions/runs/:run_id/logs
Correct Answer: C
C
Explanation:
The GET /repos/:owner/:repo/actions/runs/:run_id/logs API endpoint is used to retrieve the logs of a specific workflow run identified by run_id. This is the correct method for downloading logs from a workflow run.
C
Explanation:
The GET /repos/:owner/:repo/actions/runs/:run_id/logs API endpoint is used to retrieve the logs of a specific workflow run identified by run_id. This is the correct method for downloading logs from a workflow run.
Question #22
As a developer, you are optimizing a GitHub workflow that uses and produces many different files. You need to determine when to use caching versus workflow artifacts.
Which two statements are true? (Choose two.)
- A . Use caching when reusing files that change rarely between jobs or workflow runs.
- B . Use artifacts when referencing files produced by a job after a workflow has ended.
- C . Use caching to store cache entries for up to 30 days between accesses.
- D . Use artifacts to access the GitHub Package Registry and download a package for a workflow
Correct Answer: A, B
A, B
Explanation:
Caching is ideal for files that change rarely, such as dependencies or build outputs, as it speeds up subsequent workflow runs by reusing previously cached files instead of re-downloading or rebuilding them.
Artifacts are used for persisting files produced during a job that need to be used in later jobs or after the workflow has ended, allowing them to be downloaded or referenced later.
A, B
Explanation:
Caching is ideal for files that change rarely, such as dependencies or build outputs, as it speeds up subsequent workflow runs by reusing previously cached files instead of re-downloading or rebuilding them.
Artifacts are used for persisting files produced during a job that need to be used in later jobs or after the workflow has ended, allowing them to be downloaded or referenced later.
Question #23
As a developer, you are designing a workflow and need to communicate with the runner machine to set environment variables, output values used by other actions, add debug messages to the output logs, and other tasks.
Which of the following options should you use?
- A . environment variables
- B . workflow commands
- C . self-hosted runners
- D . enable debug logging
E composite run step
Correct Answer: B
B
Explanation:
Workflow commands are special commands that allow you to interact with the runner, set environment variables, output values, add debug messages, and perform other tasks within the workflow. These commands are used to modify the environment or influence the behavior of the GitHub Actions runner.
B
Explanation:
Workflow commands are special commands that allow you to interact with the runner, set environment variables, output values, add debug messages, and perform other tasks within the workflow. These commands are used to modify the environment or influence the behavior of the GitHub Actions runner.
Question #24
Which of the following is the best way for an enterprise to prevent certain marketplace actions from running?
- A . Create a list of the actions that are restricted from being used as an enterprise policy. Every other action can be run.
- B . It is not possible; if an action is in the marketplace, its use cannot be restricted.
- C . Create a list that is maintained as a. yml file in a. github repository specified in the enterprise. Only these actions can be run.
- D . Create a list of the actions that are allowed to run as an enterprise policy. Only these actions can be run.
Correct Answer: D
D
Explanation:
The best way for an enterprise to control which GitHub Actions run is by creating a list of approved actions as an enterprise policy. This approach restricts workflows to only use the actions that are explicitly allowed, ensuring security and compliance within the organization.
D
Explanation:
The best way for an enterprise to control which GitHub Actions run is by creating a list of approved actions as an enterprise policy. This approach restricts workflows to only use the actions that are explicitly allowed, ensuring security and compliance within the organization.
Question #25
What are the two ways to pass data between jobs? (Choose two.)
- A . Use the copy action with restore parameter to restore the data from the cache
- B . Use the copy action to save the data that should be passed in the artifacts folder.
- C . Use the copy action with cache parameter to cache the data
- D . Use data storage.
- E . Use job outputs
- F . Use artifact storage.
Correct Answer: E, F
E, F
Explanation:
Job outputs are used to pass data from one job to another in a workflow. A job can produce output
values (like variables or files), which can be referenced by subsequent jobs using the needs keyword and ${{ steps.step_id.outputs.output_name }} syntax.
Artifact storage allows data (such as files or results) to be saved by a job and then retrieved by another job in a later step. This is commonly used for passing large amounts of data or files between jobs.
E, F
Explanation:
Job outputs are used to pass data from one job to another in a workflow. A job can produce output
values (like variables or files), which can be referenced by subsequent jobs using the needs keyword and ${{ steps.step_id.outputs.output_name }} syntax.
Artifact storage allows data (such as files or results) to be saved by a job and then retrieved by another job in a later step. This is commonly used for passing large amounts of data or files between jobs.