GitHub Foundations · 22% of the exam

Introduction to Git and GitHub: free practice questions

5 sample questions from our 17-question bank for this domain — answers and explanations included. These are the same scenario-based style as the real GitHub exam.

1. A contributor wants to propose changes to an open-source project on GitHub that they do not have write access to. Which workflow correctly describes the standard process?

  • A. Clone the repository directly, push a new branch, and open a Pull Request from that branch.
  • B. Fork the repository to their own account, clone their fork, make changes on a new branch, push to their fork, and open a Pull Request targeting the original repository.✓ Correct
  • C. Create an Issue in the original repository requesting that a maintainer make the change on their behalf.
  • D. Use GitHub Codespaces to edit files directly on the main branch of the original repository and commit changes.
Explanation

The standard open-source contribution workflow involves forking the repository (creating a personal copy on GitHub), cloning the fork, making changes on a feature branch, pushing to the fork, and then opening a Pull Request against the original (upstream) repository. Option A is incorrect because external contributors cannot push directly to a repository they don't have write access to. Option C (creating an Issue) is a way to request changes but is not the standard contribution workflow. Option D is incorrect; Codespaces on the original repository does not grant write access, and committing directly to main is not possible without permissions.

2. Your organization stores infrastructure-as-code in a GitHub repository. The security team wants GitHub to automatically detect dependency vulnerabilities and open pull requests with version updates. Which GitHub feature should be enabled?

  • A. Secret scanning
  • B. Dependabot✓ Correct
  • C. Code scanning
  • D. GitHub Actions
Explanation

Dependabot monitors a repository's dependency files and automatically opens pull requests to update dependencies when vulnerabilities are detected, directly addressing the requirement. Secret scanning detects hardcoded secrets and credentials in code—not dependency vulnerabilities. Code scanning uses static analysis (e.g., CodeQL) to find bugs and security vulnerabilities in source code logic, not dependency versions. GitHub Actions is a CI/CD automation platform; while it could be configured to perform dependency checks, it does not natively open PRs for vulnerable dependencies.

3. A platform engineering team is evaluating GitHub for a 5,000-employee enterprise. Their security requirements include: (1) managing GitHub access through their corporate identity provider via SAML SSO, (2) a contractual uptime SLA from GitHub, and (3) the ability to create internal repositories visible to all employees but hidden from the public. Which GitHub plan is the minimum required to satisfy ALL three requirements?

  • A. GitHub Free for Organizations, because SAML SSO can be configured at the repository level.
  • B. GitHub Team, because it includes SAML SSO and uptime SLAs for organizations with more than 1,000 members.
  • C. GitHub Enterprise Cloud, because it provides SAML SSO for organizations, a 99.9% uptime SLA, and internal repositories scoped to the enterprise.✓ Correct
  • D. GitHub Codespaces Enterprise, because it is the only plan that supports corporate identity provider integration.
Explanation

GitHub Enterprise Cloud satisfies all three requirements: (1) SAML single sign-on is an Enterprise Cloud feature that allows organizations to authenticate members through a corporate IdP; (2) GitHub Enterprise Cloud includes a 99.9% monthly uptime SLA backed by a service credit agreement; (3) 'internal' repository visibility is an enterprise-level concept that makes a repo visible to all members of the enterprise while keeping it hidden from the public — this visibility option does not exist on Free or Team plans. Option A is wrong: GitHub Free does not support SAML SSO and does not include an uptime SLA. Option B is wrong: GitHub Team does not include SAML SSO (it is an Enterprise feature) and does not come with an uptime SLA. Option D is wrong: 'GitHub Codespaces Enterprise' is not a GitHub pricing plan; Codespaces is a feature, not a standalone plan.

4. A developer working offline on a feature branch runs `git rebase main` instead of `git merge main`. What is the key behavioral difference between rebasing and merging in this context?

  • A. Rebase creates a new merge commit that joins the histories of both branches, while merge replays commits on top of the target branch.
  • B. Rebase replays the feature branch commits on top of the tip of main, producing a linear history, while merge creates a merge commit that preserves the diverged history of both branches.✓ Correct
  • C. Rebase and merge produce identical results in all cases; the choice is purely stylistic with no functional difference.
  • D. Rebase permanently deletes the original feature branch commits from Git history, making them unrecoverable.
Explanation

During a rebase, Git takes each commit from the feature branch and replays them one by one on top of the tip of the target branch (main), resulting in a clean, linear history without a merge commit. A merge, in contrast, creates a dedicated merge commit that ties together the two diverged histories. Option A has the definitions reversed. Option C is incorrect — they produce different histories; rebase gives a linear history, merge preserves branching history. Option D is misleading; while rebase rewrites commit SHAs (creating new commits), the original commits are not immediately deleted and can be recovered via the reflog for a period of time.

5. A startup currently uses GitHub Free for their organization. They want to enforce required reviewers on pull requests for private repositories and set branch protection rules. Which GitHub plan meets this requirement at the LOWEST cost?

  • A. GitHub Free — this feature is already available on all plans.
  • B. GitHub Pro — required reviewers are available for individual accounts only.
  • C. GitHub Team — branch protection rules with required reviewers are available for organizations on this plan.✓ Correct
  • D. GitHub Enterprise Cloud — this feature is exclusively available to enterprise customers.
Explanation

Required reviewers and advanced branch protection rules for private repositories within an organization require at least GitHub Team. GitHub Free for organizations does not include required reviewers for private repositories. GitHub Pro applies to individual (personal) accounts, not organizations. GitHub Enterprise Cloud would also support this feature but is not the lowest-cost option. Therefore, GitHub Team is the correct and most cost-effective choice.

12 more questions in this domain

Practice the full bank with instant grading, flashcards, and a timed mock exam.

Start practicing free