github github actions practice test
GitHub Actions Certificate Exam
Question 1
As a developer, you want to run a workflow from the Actions tab in GitHub. Which YAML snippet
should you use to match the interface in this image?
A)
B)
C)
D)
- A. Option A
- B. Option B
- C. Option C
- D. Option D
Answer:
C
Explanation:
The first image shows a workflow trigger with an option for the test suite, and the chosen YAML
configuration matches this interface. Specifically, the test suite input is defined with type: choice and
includes the option value: functional, which aligns with the visible UI elements in the first image.
Question 2
How many jobs will result from the following matrix configuration?
- A. 3 jobs
- B. 4 jobs
- C. 5 jobs
- D. 6 jobs
Answer:
D
Explanation:
The matrix configuration specifies two variables: color and animal. The color variable has 2 values
(green and pink), and the animal variable has 2 values (owl and magpie). This would result in 4
combinations (2 color values × 2 animal values). Additionally, the include section introduces two
more combinations (color: blue and animal: owl; color: pink and animal: magpie).
Question 3
As a developer, which workflow steps should you perform to publish an image to the GitHub
Container Registry? (Choose three.)
- A. Use the actions/setup-docker action
- B. Authenticate to the GitHub Container Registry.
- C. Build the container image.
- D. Push the image to the GitHub Container Registry
- E. Pull the image from the GitHub Container Registry.
Answer:
A, B, D
Explanation:
A . Use the actions/setup-docker action
B . Authenticate to the GitHub Container Registry.
C . Build the container image.
D . Push the image to the GitHub Container Registry
E . Pull the image from the GitHub Container Registry.
Question 4
As a developer, you have a 10-MB data set that is required in a specific workflow. Which steps should
you perform so the dataset is stored encrypted and can be decrypted during the workflow? (Choose
three.)
- A. Encrypt the dataset.
- B. Leverage the actions/download-secret action in the workflow.
- C. Store the dataset in a GitHub encrypted secret.
- D. Store the encryption keys in a GitHub encrypted secret.
- E. Compress the dataset
- F. Commit the encrypted dataset to the same repository as the workflow
- G. Create a GitHub encrypted secret with the Large object option selected and upload the dataset.
Answer:
A, C, D
Explanation:
First, the dataset should be encrypted before being stored. This ensures that the data is protected
when stored in a repository.
The encrypted dataset can be stored in a GitHub secret, ensuring it is securely kept and not exposed
publicly.
The encryption key needed to decrypt the dataset should also be stored in a GitHub secret to
maintain security during the workflow, allowing access only when needed.
Question 5
Which statement is true about using default environment variables?
- A. The environment variables can be read in workflows using the ENV: variable_name syntax.
- B. The environment variables created should be prefixed with GITHUB_ to ensure they can be accessed in workflows
- C. The environment variables can be set in the defaults: sections of the workflow
- D. The GITHUB_WORKSPACE environment variable should be used to access files from within the runner.
Answer:
D
Explanation:
GITHUB_WORKSPACE is a default environment variable in GitHub Actions that points to the directory
on the runner where your repository is checked out. This variable allows you to access files within
your repository during the workflow.
Question 6
Which of the following commands will set the $FOO environment variable within a script, so that it
may be used in subsequent workflow job steps?
- A. run: echo "::set-env name=FOO::bar"
- B. run: echo "FOO=bar" >> $GITHUB_ENV
- C. run: echo ${{ $FOO=bar }}
- D. run: export FOO=bar
Answer:
B
Explanation:
The $GITHUB_ENV environment variable is used to set environment variables that persist across
steps in a workflow job. By echoing FOO=bar into $GITHUB_ENV, the variable FOO will be available in
subsequent steps within the same job.
Question 7
You are reaching your organization's storage limit for GitHub artifacts and packages. What should you
do to prevent the storage limit from being reached?
- A. via the .github repository owned by the organization
- B. via repositories owned by the organization
- C. via the GitHub Marketplace
- D. via a repository owned by a third party
Answer:
B
Explanation:
To prevent reaching the storage limit for GitHub artifacts and packages, you should manage and
clean up artifacts and packages stored in repositories owned by your organization. This includes
deleting unnecessary artifacts and managing the lifecycle of packages, as they contribute directly to
your organization's storage quota.
Question 8
Based on the YAML below, which two statements are correct? (Choose two.)
- A. This workflow will publish a package to an npm registry.
- B. This workflow will publish a package to GitHub Packages.
- C. This workflow file is using a matrix strategy.
- D. The workflow job publish-npm will only run after the build job passes.
Answer:
A, D
Explanation:
The publish-npm job includes the JS-DevTools/npm-publish action, which is used to publish an npm
package to an npm registry.
The publish-npm job has the needs: build directive, meaning it will only run after the build job
successfully completes.
Question 9
In which scenarios could the GITHUB_TOKEN be used? (Choose two.)
- A. to leverage a self-hosted runner
- B. to create a repository secret
- C. to publish to GitHub Packages
- D. to create issues in the repo
- E. to read from the file system on the runner
- F. to add a member to an organization
Answer:
C, D
Explanation:
The GITHUB_TOKEN is automatically provided by GitHub in workflows and can be used to
authenticate API requests to GitHub, including publishing packages to GitHub Packages.
The GITHUB_TOKEN is also used to authenticate API requests for actions like creating issues,
commenting, or interacting with pull requests within the same repository.
Question 10
As a developer, you need to use GitHub Actions to deploy a microservice that requires runtime
access to a secure token. This token is used by a variety of other microservices managed by different
teams in different repos. To minimize management overhead and ensure the token is secure, which
mechanisms should you use to store and access the token? (Choose two.)
- A. Store the token in a configuration file in a private repository. Use GitHub Actions to deploy the configuration file to the runtime environment.
- B. Store the token as a GitHub encrypted secret in the same repo as the code. Create a reusable custom GitHub Action to access the token by the microservice at runtime.
- C. Use a corporate non-GitHub secret store (e.g., HashiCorp Vault) to store the token. During deployment, use GitHub Actions to store the secret in an environment variable that can be accessed at runtime.
- D. Store the token as a GitHub encrypted secret in the same repo as the code. During deployment, use GitHub Actions to store the secret in an environment variable that can be accessed at runtime.
- E. Store the token as an organizational-level encrypted secret in GitHub. During deployment, use GitHub Actions to store the secret in an environment variable that can be accessed at runtime.
Answer:
C, E
Explanation:
Using a corporate secret store like HashiCorp Vault provides a secure, centralized location for
sensitive information. GitHub Actions can then retrieve and store the token securely during
deployment by setting it as an environment variable, ensuring the token remains secure and
accessible at runtime.
Storing the token as an organizational-level encrypted secret in GitHub ensures it is accessible across
multiple repositories, minimizing management overhead. GitHub Actions can then use this secret
during deployment by setting it as an environment variable, allowing the microservice to access it
securely at runtime.
Question 11
What is the minimal syntax for declaring an output named foo for an action?
A)
B)
C)
D)
- A. Option A
- B. Option B
- C. Option C
- D. Option D
Answer:
C
Explanation:
The correct minimal syntax for declaring an output in GitHub Actions is by using the foo key under
outputs, and associating it with a value (in this case, Some value). This is the simplest form to define
an output in a workflow or action.
Question 12
When reviewing an action for use, what file defines its available inputs and outputs?
- A. inputs.yml
- B. config.json
- C. defaults.json
- D. workflow.yml
- E. action.yml
Answer:
E
Explanation:
The action.yml file defines the inputs and outputs for a GitHub Action. This file contains metadata
about the action, including the required inputs and outputs, as well as other configurations like the
action's description, runs, and environment setup.
Question 13
How should you install the bats NPM package in your workflow?
A)
B)
C)
D)
- A. Option A
- B. Option B
- C. Option C
- D. Option D
Answer:
D
Explanation:
The correct syntax includes specifying the job (example-job), the runner (ubuntu-latest), and the
necessary step (npm install -g bats) within the workflow. This ensures that the package is installed
properly during the execution of the job.
Question 14
How can GitHub Actions encrypted secrets be used in if: conditionals within a workflow job?
- A. Set the encrypted secret as a job-level environment variable and then reference the environment variable within the conditional statement.
- B. Create a job dependency that exposes the encrypted secret as a job output, which can then be leveraged in a subsequent dependent job.
- C. Use the secrets context within the conditional statement, e.g. ${{ secrets.MySuperSecret }}.
- D. Use a workflow command to expose the encrypted secret via a step's output parameter and then use the step output in the job's if: conditional.
Answer:
C
Explanation:
GitHub Actions encrypted secrets can be accessed in workflows using the secrets context. You can
directly reference the secret within an if: conditional using ${{ secrets.MySuperSecret }} to determine
whether a job or step should run based on the secret's value.
Question 15
As a DevOps engineer, you are developing a container action. You need to execute a cleanup script
after completing the main script execution. Which code block should be used to define the cleanup
script?
A.
B.
C.
D.
- A. Option A
- B. Option B
- C. Option C
- D. Option D
Answer:
A
Explanation:
The correct syntax for specifying a cleanup script to be run after the main entry point is executed in a
Docker-based GitHub Action is to use the post key. This ensures that cleanup.sh runs after the main
script (main.sh) has completed.