GH-100 cheat sheet
A one-page reference for the GitHub Enterprise Administrator (GH-100) exam: the format, how the domains are weighted, and the glossary terms for this exam.
Exam at a glance
Vendor
GitHub
Level
Intermediate
Questions
60
Time
100 min
Mock pass mark
70%
Domains
5
Practice Qs
79
Code
GH-100
Domain weightings
How much of the exam each domain covers. Spend your study time in proportion — the heavier the domain, the more questions you'll see.
Key terms
- GitHub Enterprise Cloud
- GitHub Enterprise Cloud (GHEC) is GitHub's SaaS offering that hosts organizations and enterprises on GitHub.com, or on a dedicated SUBDOMAIN.ghe.com host when data residency is required. GH-100 contrasts it with the self-hosted GitHub Enterprise Server.
- GitHub Enterprise Server
- GitHub Enterprise Server (GHES) is the self-hosted version of GitHub that runs in an organization's own infrastructure. GH-100 covers administering both GHES and GitHub Enterprise Cloud deployments.
- Enterprise Managed Users (EMU)
- Enterprise Managed Users (EMU) is a GitHub Enterprise Cloud model where user accounts are fully created and controlled by the enterprise's identity provider. GH-100 contrasts EMU accounts with personal accounts for access management.
- SAML SSO
- SAML SSO is single sign-on that authenticates GitHub users against an external identity provider using the SAML standard. GH-100 covers configuring and enforcing it, together with two-factor authentication, for organizations and enterprises.
- SCIM
- SCIM (System for Cross-domain Identity Management) is the protocol GitHub uses to automate identity management from an identity provider — provisioning full user accounts for Enterprise Managed Users, and managing organization membership and linked identities for non-EMU Enterprise Cloud. GH-100 distinguishes it from team synchronization.
- Team Synchronization
- Team Synchronization links GitHub teams to identity-provider groups so that membership stays in sync automatically, and is used mainly by SAML enterprises with personal accounts. GH-100 contrasts it with Enterprise Managed Users, where team membership can instead be driven by SCIM and IdP groups.
- Ruleset
- A Ruleset is a named set of rules that controls how users can interact with branches, tags, and repositories across an organization or enterprise. GH-100 uses rulesets to enforce governance such as required reviews and status checks.
- Repository Roles
- Repository Roles are the permission levels — such as read, triage, write, maintain, and admin — that determine what a member can do in a repository. GH-100 covers assigning organization and repository roles for least-privilege access.
- GitHub Actions
- GitHub Actions is GitHub's built-in automation and CI/CD platform that runs workflows in response to repository events. GH-100 covers administering workflows, runners, and Actions policies across the enterprise.
- Runner Group
- A Runner Group is a collection of self-hosted or GitHub-hosted runners with shared access policies, used to control which repositories can run jobs on them. GH-100 covers managing runner groups, networking, and performance.
- Encrypted Secrets
- Encrypted Secrets are protected values, such as tokens and credentials, that GitHub Actions workflows can use without exposing them in code. GH-100 covers scoping secrets at organization and repository levels and integrating third-party vaults.
- GitHub Advanced Security
- GitHub Advanced Security (GHAS) is the suite of features — code scanning, secret scanning, and dependency review — that helps secure code in GitHub. GH-100's largest domain covers enabling and administering these features.
- CodeQL
- CodeQL is GitHub's static-analysis engine that powers code scanning by querying code as data to find vulnerabilities. GH-100 covers configuring CodeQL code scanning as part of secure software development.
- Dependabot
- Dependabot is GitHub's feature that detects vulnerable dependencies and opens pull requests to update them. GH-100 covers managing Dependabot alerts and security advisories within the security program.
- Audit Log
- The Audit Log is the record of administrative and security-relevant events across an organization or enterprise. GH-100 uses it for compliance reporting, monitoring usage, and investigating access and activity.