Free Practice Questions for GitHub Actions Expert (GH-200) Certification

    ๐Ÿ”„ Last checked for updates June 30th, 2026

    Study with 337 exam-style practice questions designed to help you prepare for the GitHub Actions Expert (GH-200).

    Start Practicing

    All Domains

    Practice with randomly mixed questions from all topics

    Question MixAll Topics
    FormatRandom Order

    Domain Mode

    Practice questions from a specific topic area

    Quiz History

    Exam Details

    Key information about GitHub Actions Expert (GH-200)

    Official study guide

    View

    Question formats CertSafari offers
    • Multiple choice
    • Ordering
    • Fill in the blank
    target audience:

    Professionals with expertise in automating software development workflows using GitHub Actions, including CI/CD, GitHub repositories, and GitHub Packages.

    Exam Topics & Skills Assessed

    Skills measured (from the official study guide)

    Author and manage workflows (20โ€“25%)(20โ€“25%)

    Configure workflow triggers and events

    • Configure workflows to run for scheduled, manual, webhook, and repository events
    • Choose appropriate scope, permissions, and events for workflow automation
    • Define and validate workflow_dispatch inputs
    • Pass inputs to reusable workflows via workflow_call with inputs and secrets mapping

    Design and implement workflow structure

    • Use jobs, steps, and conditional logic
    • Implement dependencies between jobs
    • Use workflow commands and environment variables
    • Use service containers (services:) for dependent services (databases, queues)
    • Configure ports, health checks, and container options for services
    • Use strategy and matrix to generate job variations (OS, language/runtime versions)
    • Apply include/exclude for matrix strategies
    • Control fail-fast and max-parallel for matrix jobs
    • Optimize matrix size for cost and performance
    • Account for runner image changes (Ubuntu 20.04 deprecation, Windows Server 2025 migration)
    • Implement YAML anchors and aliases (&, * and merge <<) to reuse repeated mappings/steps
    • Use predefined contexts (github, runner, env, vars, secrets, inputs, matrix, needs, strategy, job, steps, github.event, github.ref)
    • Understand immutable actions behavior and version pinning requirements
    • Evaluate expressions with ${{ }} referencing contexts
    • Distinguish static (workflow parse) vs runtime evaluation
    • Prevent secret leakage in logs and expressions
    • Leverage editor tooling (GitHub Actions VS Code extension / YAML schema completion, metadata IntelliSense, validation)

    Manage workflow execution and outputs

    • Configure caching and artifact management
    • Apply retention policies via REST APIs (logs, artifacts, workflow runs) at org/repo level
    • Pass data between jobs and steps (artifacts, outputs, environment files via GITHUB_ENV and GITHUB_OUTPUT, reusable workflow outputs)
    • Generate job summaries using GITHUB_STEP_SUMMARY for rich Markdown reports
    • Add workflow status badges and environment protections

    Consume and troubleshoot workflows (15โ€“20%)(15โ€“20%)

    Interpret workflow behavior and results

    • Identify workflow triggers and effects from configuration and logs
    • Diagnose failed workflow runs using logs and run history
    • Expand and interpret YAML anchors, aliases, and merged mappings when analyzing workflow configuration
    • Interpret matrix expansions
    • Correlate job names to matrix axes
    • Analyze failures across variants
    • Selectively rerun individual matrix jobs

    Access workflow artifacts and logs

    • Locate workflows, logs, and artifacts in the UI and via API
    • Download and manage workflow artifacts

    Use and manage workflow templates

    • Consume organization-level and reusable workflows
    • Consume non-public organization workflow templates
    • Use starter workflows (public and private/non-public templates)
    • Customize and adapt starter workflows
    • Distinguish starter workflows from reusable workflows and composite actions
    • Differentiate starter workflows (copy scaffold, independent after creation) vs reusable workflows (central versioned definition invoked via workflow_call) vs composite actions (encapsulated step logic)
    • Contrast disabling and deleting workflows

    Author and maintain actions (15โ€“20%)(15โ€“20%)

    Create and troubleshoot custom actions

    • Identify and implement action types (JavaScript, Docker, composite)
    • Understand immutable actions rollout on hosted runners and implications for version pinning and registry sources
    • Troubleshoot action execution and errors

    Define action structure and metadata

    • Specify required files, directory structure, and metadata
    • Implement workflow commands within actions

    Distribute and maintain actions

    • Select distribution models (public, private, marketplace)
    • Publish actions to the GitHub Marketplace
    • Apply versioning and release strategies

    Manage GitHub Actions for the enterprise (20โ€“25%)(20โ€“25%)

    Distribute and govern actions and workflows

    • Define and manage reusable components and templates
    • Control access to actions and workflows within the enterprise
    • Configure organizational use policies

    Manage runners at scale

    • Configure and monitor GitHub-hosted and self-hosted runners
    • Apply IP allow lists and networking settings
    • Manage runner groups and troubleshoot runner issues
    • Identify preinstalled software/tool versions on GitHub-hosted runners (image release notes, toolcache)
    • Install additional software at runtime (setup-* actions, package managers, caching, container images, custom self-hosted images)

    Manage encrypted secrets and variables

    • Define and scope encrypted secrets and variables at the organization, repository, and environment levels
    • Access and use secrets and variables in workflows and actions
    • Manage secrets and variables programmatically via REST APIs

    Secure and optimize automation (10โ€“15%)(10โ€“15%)

    Implement security best practices

    • Use environment protections and approval gates
    • Identify and use trustworthy actions from the Marketplace
    • Mitigate script injection (sanitize/validate inputs, least-privilege permissions, avoid untrusted data in run:, proper shell quoting, prefer vetted actions over inline scripts)
    • Understand GITHUB_TOKEN lifecycle (ephemeral, scoped)
    • Configure granular permissions for GITHUB_TOKEN
    • Contrast GITHUB_TOKEN with PAT (Personal Access Token)
    • Use OIDC token (id-token permission) for cloud provider federation to eliminate long-lived cloud secrets
    • Pin third-party actions to full commit SHAs
    • Align with immutable actions enforcement on hosted runners
    • Avoid floating @main/@v* without justification
    • Enforce action usage policies (organization/repository allow/deny lists, required reviewers for unverified actions)
    • Generate and verify artifact attestations / provenance (e.g., SLSA, build metadata) and integrate into deployment verification

    Optimize workflow performance and cost

    • Configure caching and artifact retention for efficiency
    • Apply retention policies programmatically via REST APIs
    • Recommend strategies for scaling and optimizing workflows

    Techniques & products

    GitHub Actions
    Workflows
    Custom Actions
    JavaScript Actions
    Docker Actions
    Composite Actions
    CI/CD
    GitHub Repositories
    GitHub Packages
    REST APIs
    YAML
    Service Containers
    Caching
    Artifacts
    Logs
    Workflow Templates
    Reusable Workflows
    Starter Workflows
    Self-hosted Runners
    GitHub-hosted Runners
    Encrypted Secrets
    Variables
    Environment Protections
    Approval Gates
    GitHub Marketplace
    OIDC Token
    SLSA
    Build Metadata
    IP Allow Lists
    Networking Settings
    Runner Groups
    VS Code Extension
    YAML Schema Completion
    Metadata IntelliSense
    Version Pinning
    Script Injection Mitigation
    Least-Privilege Permissions
    GITHUB_TOKEN
    PAT
    Environment Variables
    Workflow Commands
    Conditional Logic
    Job Dependencies
    Matrix Strategies
    Workflow Contexts
    Job Summaries
    Workflow Status Badges
    Webhook Events
    Repository Events
    Scheduled Events
    Manual Events
    workflow_dispatch
    workflow_call
    GITHUB_ENV
    GITHUB_OUTPUT
    GITHUB_STEP_SUMMARY

    CertSafari is not affiliated with, endorsed by, or officially connected to GitHub. Full disclaimer