1. A security engineer is investigating a suspicious activity in a GitHub Enterprise organization. They need to see a record of when a specific user's organization membership was changed to 'owner' in the last 30 days. Where should the engineer look?
- A. The repository's Insights tab under Contributors
- B. The organization's Audit Log, filtering by the `org.update_member` event✓ Correct
- C. The user's personal Security log in their profile settings
- D. The enterprise account's Billing section
Explanation
The organization's Audit Log is the correct location. The `org.update_member` event is recorded whenever an organization member's role is changed (e.g., from member to owner or vice versa), and the log can be filtered by event type, actor, and date range. The repository Insights tab shows contribution statistics like commits and pull requests, not organization-level membership changes. A user's personal Security log records actions on their own account (e.g., logins, SSH key additions) rather than organization-level administrative events. The Billing section tracks spending and payment information, not membership role changes.