Free Practice Questions for GitHub Actions Expert (GH-200) Certification
Study with 337 exam-style practice questions designed to help you prepare for the GitHub Actions Expert (GH-200).
Start Practicing
All Domains
Practice with randomly mixed questions from all topics
Domain Mode
Practice questions from a specific topic area
Quiz History
Exam Details
Key information about GitHub Actions Expert (GH-200)
- Multiple choice
- Ordering
- Fill in the blank
Professionals with expertise in automating software development workflows using GitHub Actions, including CI/CD, GitHub repositories, and GitHub Packages.
Exam Topics & Skills Assessed
Skills measured (from the official study guide)
Author and manage workflows (20โ25%)(20โ25%)
Configure workflow triggers and events
- Configure workflows to run for scheduled, manual, webhook, and repository events
- Choose appropriate scope, permissions, and events for workflow automation
- Define and validate workflow_dispatch inputs
- Pass inputs to reusable workflows via workflow_call with inputs and secrets mapping
Design and implement workflow structure
- Use jobs, steps, and conditional logic
- Implement dependencies between jobs
- Use workflow commands and environment variables
- Use service containers (services:) for dependent services (databases, queues)
- Configure ports, health checks, and container options for services
- Use strategy and matrix to generate job variations (OS, language/runtime versions)
- Apply include/exclude for matrix strategies
- Control fail-fast and max-parallel for matrix jobs
- Optimize matrix size for cost and performance
- Account for runner image changes (Ubuntu 20.04 deprecation, Windows Server 2025 migration)
- Implement YAML anchors and aliases (&, * and merge <<) to reuse repeated mappings/steps
- Use predefined contexts (github, runner, env, vars, secrets, inputs, matrix, needs, strategy, job, steps, github.event, github.ref)
- Understand immutable actions behavior and version pinning requirements
- Evaluate expressions with ${{ }} referencing contexts
- Distinguish static (workflow parse) vs runtime evaluation
- Prevent secret leakage in logs and expressions
- Leverage editor tooling (GitHub Actions VS Code extension / YAML schema completion, metadata IntelliSense, validation)
Manage workflow execution and outputs
- Configure caching and artifact management
- Apply retention policies via REST APIs (logs, artifacts, workflow runs) at org/repo level
- Pass data between jobs and steps (artifacts, outputs, environment files via GITHUB_ENV and GITHUB_OUTPUT, reusable workflow outputs)
- Generate job summaries using GITHUB_STEP_SUMMARY for rich Markdown reports
- Add workflow status badges and environment protections
Consume and troubleshoot workflows (15โ20%)(15โ20%)
Interpret workflow behavior and results
- Identify workflow triggers and effects from configuration and logs
- Diagnose failed workflow runs using logs and run history
- Expand and interpret YAML anchors, aliases, and merged mappings when analyzing workflow configuration
- Interpret matrix expansions
- Correlate job names to matrix axes
- Analyze failures across variants
- Selectively rerun individual matrix jobs
Access workflow artifacts and logs
- Locate workflows, logs, and artifacts in the UI and via API
- Download and manage workflow artifacts
Use and manage workflow templates
- Consume organization-level and reusable workflows
- Consume non-public organization workflow templates
- Use starter workflows (public and private/non-public templates)
- Customize and adapt starter workflows
- Distinguish starter workflows from reusable workflows and composite actions
- Differentiate starter workflows (copy scaffold, independent after creation) vs reusable workflows (central versioned definition invoked via workflow_call) vs composite actions (encapsulated step logic)
- Contrast disabling and deleting workflows
Author and maintain actions (15โ20%)(15โ20%)
Create and troubleshoot custom actions
- Identify and implement action types (JavaScript, Docker, composite)
- Understand immutable actions rollout on hosted runners and implications for version pinning and registry sources
- Troubleshoot action execution and errors
Define action structure and metadata
- Specify required files, directory structure, and metadata
- Implement workflow commands within actions
Distribute and maintain actions
- Select distribution models (public, private, marketplace)
- Publish actions to the GitHub Marketplace
- Apply versioning and release strategies
Manage GitHub Actions for the enterprise (20โ25%)(20โ25%)
Distribute and govern actions and workflows
- Define and manage reusable components and templates
- Control access to actions and workflows within the enterprise
- Configure organizational use policies
Manage runners at scale
- Configure and monitor GitHub-hosted and self-hosted runners
- Apply IP allow lists and networking settings
- Manage runner groups and troubleshoot runner issues
- Identify preinstalled software/tool versions on GitHub-hosted runners (image release notes, toolcache)
- Install additional software at runtime (setup-* actions, package managers, caching, container images, custom self-hosted images)
Manage encrypted secrets and variables
- Define and scope encrypted secrets and variables at the organization, repository, and environment levels
- Access and use secrets and variables in workflows and actions
- Manage secrets and variables programmatically via REST APIs
Secure and optimize automation (10โ15%)(10โ15%)
Implement security best practices
- Use environment protections and approval gates
- Identify and use trustworthy actions from the Marketplace
- Mitigate script injection (sanitize/validate inputs, least-privilege permissions, avoid untrusted data in run:, proper shell quoting, prefer vetted actions over inline scripts)
- Understand GITHUB_TOKEN lifecycle (ephemeral, scoped)
- Configure granular permissions for GITHUB_TOKEN
- Contrast GITHUB_TOKEN with PAT (Personal Access Token)
- Use OIDC token (id-token permission) for cloud provider federation to eliminate long-lived cloud secrets
- Pin third-party actions to full commit SHAs
- Align with immutable actions enforcement on hosted runners
- Avoid floating @main/@v* without justification
- Enforce action usage policies (organization/repository allow/deny lists, required reviewers for unverified actions)
- Generate and verify artifact attestations / provenance (e.g., SLSA, build metadata) and integrate into deployment verification
Optimize workflow performance and cost
- Configure caching and artifact retention for efficiency
- Apply retention policies programmatically via REST APIs
- Recommend strategies for scaling and optimizing workflows
Techniques & products