GH-100 cheat sheet

A one-page reference for the GitHub Enterprise Administrator (GH-100) exam: the format, how the domains are weighted, and the glossary terms for this exam.

Exam at a glance

Vendor
GitHub
Level
Intermediate
Questions
60
Time
100 min
Mock pass mark
70%
Domains
5
Practice Qs
79
Code
GH-100

Domain weightings

How much of the exam each domain covers. Spend your study time in proportion — the heavier the domain, the more questions you'll see.

Key terms

GitHub Enterprise Cloud
GitHub Enterprise Cloud (GHEC) is GitHub's SaaS offering that hosts organizations and enterprises on GitHub.com, or on a dedicated SUBDOMAIN.ghe.com host when data residency is required. GH-100 contrasts it with the self-hosted GitHub Enterprise Server.
GitHub Enterprise Server
GitHub Enterprise Server (GHES) is the self-hosted version of GitHub that runs in an organization's own infrastructure. GH-100 covers administering both GHES and GitHub Enterprise Cloud deployments.
Enterprise Managed Users (EMU)
Enterprise Managed Users (EMU) is a GitHub Enterprise Cloud model where user accounts are fully created and controlled by the enterprise's identity provider. GH-100 contrasts EMU accounts with personal accounts for access management.
SAML SSO
SAML SSO is single sign-on that authenticates GitHub users against an external identity provider using the SAML standard. GH-100 covers configuring and enforcing it, together with two-factor authentication, for organizations and enterprises.
SCIM
SCIM (System for Cross-domain Identity Management) is the protocol GitHub uses to automate identity management from an identity provider — provisioning full user accounts for Enterprise Managed Users, and managing organization membership and linked identities for non-EMU Enterprise Cloud. GH-100 distinguishes it from team synchronization.
Team Synchronization
Team Synchronization links GitHub teams to identity-provider groups so that membership stays in sync automatically, and is used mainly by SAML enterprises with personal accounts. GH-100 contrasts it with Enterprise Managed Users, where team membership can instead be driven by SCIM and IdP groups.
Ruleset
A Ruleset is a named set of rules that controls how users can interact with branches, tags, and repositories across an organization or enterprise. GH-100 uses rulesets to enforce governance such as required reviews and status checks.
Repository Roles
Repository Roles are the permission levels — such as read, triage, write, maintain, and admin — that determine what a member can do in a repository. GH-100 covers assigning organization and repository roles for least-privilege access.
GitHub Actions
GitHub Actions is GitHub's built-in automation and CI/CD platform that runs workflows in response to repository events. GH-100 covers administering workflows, runners, and Actions policies across the enterprise.
Runner Group
A Runner Group is a collection of self-hosted or GitHub-hosted runners with shared access policies, used to control which repositories can run jobs on them. GH-100 covers managing runner groups, networking, and performance.
Encrypted Secrets
Encrypted Secrets are protected values, such as tokens and credentials, that GitHub Actions workflows can use without exposing them in code. GH-100 covers scoping secrets at organization and repository levels and integrating third-party vaults.
GitHub Advanced Security
GitHub Advanced Security (GHAS) is the suite of features — code scanning, secret scanning, and dependency review — that helps secure code in GitHub. GH-100's largest domain covers enabling and administering these features.
CodeQL
CodeQL is GitHub's static-analysis engine that powers code scanning by querying code as data to find vulnerabilities. GH-100 covers configuring CodeQL code scanning as part of secure software development.
Dependabot
Dependabot is GitHub's feature that detects vulnerable dependencies and opens pull requests to update them. GH-100 covers managing Dependabot alerts and security advisories within the security program.
Audit Log
The Audit Log is the record of administrative and security-relevant events across an organization or enterprise. GH-100 uses it for compliance reporting, monitoring usage, and investigating access and activity.