1. Domain 1: Support GitHub Enterprise for users and key stakeholders (15%)
Support GitHub Enterprise for users and key stakeholders
Distinguish problems that can be solved by an administrator from those that need GitHub Support
Describe how to generate support bundles and diagnostics
Describe how GitHub’s products and services are used within the enterprise to identify underutilized features, integrations in use, most active teams, and repositories
Recommend standards for developer workflows, including code collaboration (fork-and-pull versus branching), branching, branch protection rules, code owners, the code review process, automation, and release strategy
Explain the tooling ecosystem at the enterprise
Explain the enterprise’s CI/CD strategy
Discuss how to recommend tooling and workflows to teams within an enterprise
Explain how GitHub APIs can be used to extend the capabilities of the administrator from the user interface, such as querying or storing the audit log
Locate an asset from the GitHub Marketplace for a specific need
Contrast a GitHub App and an action
List the benefits and risks of using apps and actions from the GitHub Marketplace
2. Domain 2: Manage user identities and GitHub authentication (20%)
Manage user identities and GitHub authentication
List the implications of enabling SAML single sign-on (SSO) for an individual organization versus all organizations in an enterprise account
List the steps to enable and enforce SAML SSO for a single organization and multiple organizations using enterprise accounts
Explain how to require two-factor authentication (2FA) for an organization
Explain how to choose supported identity providers
Describe how identity management and authorization works on GitHub
List the consequences of a user’s membership in the instance, an organization, or multiple organizations
Describe the authentication and authorization model
List the supported SCIM providers (Azure, Okta, self-created)
Describe how the SCIM protocol works and how GitHub supports it
Describe how Team synchronization works
Contrast team synchronization and SCIM
3. Domain 3: Describe how GitHub is deployed, distributed, and licensed (5%)
Contrast the capabilities of GitHub Enterprise Server (GHES), GitHub Enterprise Cloud (GHEC), and GitHub AE (GHAE)
Describe GitHub Enterprise Cloud (GHEC)
Describe GitHub Enterprise Server (GHES)
Describe GitHub AE
Differentiate how products are billed, including seat licenses, GitHub Actions, and GitHub Packages
Describe pricing for GitHub Actions
Describe pricing and support options for organizations
Describe how to find statistics of license usage for a specific organization
Describe how to find statistics of license usage for machine accounts and peripheral services
Explain the consumption of metered products given a report
4. Domain 4: Manage access and permissions based on membership (20%)
Define a GitHub organization
Explain the benefits and costs of deploying a single organization versus multiple organizations
Describe how to set default read permissions versus default write permissions across organizations
Describe Team sync through AD
Explain maintainability; writing scripts against multiple orgs and multiple access rights
Describe how to adjust enterprise policies and organization permissions in alignment with a company’s trust and control position
Describe enterprise permissions and policies
Define a GitHub organization
List the possible roles of an organization member
Contrast permissions for organization members, owners, and billing managers
Describe the difference between being an organization member and an outside collaborator
List the consequences of a user’s membership in an instance or organization
Explain how to give a user the minimum required permissions for repository, organization, or team access
List the benefits and the drawbacks of creating a new organization
Describe team permissions
Define Teams in a GitHub organization
List the possible roles of a team member
Describe the different permission models
Repository permissions
Explain the actions of a user given a list of their permissions
List the repository membership options
Explain audit access to a repository
5. Domain 5: Enable secure software development and ensure compliance (15%)
Enable secure software development and ensure compliance
Explain how GitHub supports the enterprise’s security posture
Describe scrubbing sensitive data from a Git repository (filter-branch/BFG)
Describe scrubbing sensitive data from GitHub (contacting support)
Explain how to choose a policy based on how much control is required
Explain the impacts of choosing a specific set of policies
Define organization policies
Define enterprise policies
Describe how to use the audit log APIs (Rest and GraphQL) to explain a missing asset
Define the use case for audit logs
Describe security and compliance concepts with GitHub
Explain how to provide reports for auditing
Define and explain the importance of the security features of a GitHub repository
Explain the importance of a security policy
Define a vulnerability
Describe a vulnerable dependency
Explain the importance of secret scanning
Explain the importance of code scanning
Describe automated code scanning (CodeQL)
Explain the dependency graph
Explain the importance of a security advisory
Describe Dependabot
Detect and fix outdated dependencies with security vulnerabilities
Describe security vulnerability alerts
Create and implement a security response plan that addresses sensitive data on a GitHub repository
Describe how to use SSH keys and Deploy keys to access repository data
API access and integrations
List supported access tokens
Explain how to find a token’s rate limits
Describe GitHub Apps, their repository permissions, user permissions, and event subscriptions
Describe OAuth Apps, their permissions, and event subscriptions
Contrast the use of a personal access token (PAT) or a GitHub App for authenticating a machine account
Describe the use of machine accounts versus GitHub apps
Explain how to approve or deny user-created GitHub Apps and OAuth apps based on a security policy
Define an enterprise managed user (EMU)
6. Domain 6: Manage GitHub Actions (20%)
Distribute actions and workflows to the enterprise
Identify reuse templates for actions and workflows
Define an approach for managing and leveraging reusable components
Define how to distribute actions for an enterprise
Explain how to control access to actions within the enterprise
Configure organizational use policies for GitHub Actions
Manage runners for the enterprise
Describe the effects of configuring IP allow lists on GitHub-hosted and self-hosted runners
Configure IP allow lists on internal applications and systems
List the effects and potential abuse vectors of enabling self-hosted runners on public repositories
Select appropriate runners to support workloads
Contrast GitHub-hosted and self-hosted runners
Configure self-hosted runners for enterprise use
Manage self-hosted runners using groups
Monitor, troubleshoot, and update self-hosted runners
Manage encrypted secrets in the enterprise
Identify the scope of encrypted secrets
Explain how to access encrypted secrets within actions and workflows
Explain how to manage organization-level encrypted secrets
Describe how to manage repository-level encrypted secrets
Describe how to use third-party vaults
7. Domain 7: Manage GitHub Packages (5%)
Describe which GitHub Packages are supported
Describe how to access, write, and share GitHub Packages
Describe how to use GitHub Packages in workflows
Explain the differences and use cases between GitHub Packages and releases
