1 $What is the primary purpose of workflow automation in GitHub Actions?$

Understanding workflow automation Easy

A.

To manually review all code changes

B.

To host virtual servers for database storage

C.

To automatically write source code for developers

D.

To automate software development processes like Continuous Integration and Deployment (CI/CD)

2 $In which directory must GitHub Actions workflow files be stored to be recognized by GitHub?$

workflow directory structure Easy

A.

/src/workflows

B.

/github/actions

C.

.github/workflows

D.

.actions/config

3 $What file format is used to define GitHub Actions workflows?$

Key components: workflows Easy

A.

JSON

B.

HTML

C.

YAML

D.

XML

4 $Which GitHub Actions component provides the virtual server environment where jobs are executed?$

Key components: jobs, steps, actions, runners Easy

A.

Runner

B.

Trigger

C.

Step

D.

Action

5 $Which event keyword is used to allow a workflow to be triggered manually from the GitHub UI?$

Workflow triggers: push, pull request, schedule, manual workflow Easy

A.

workflow_dispatch

B.

manual_run

C.

schedule

D.

push

6 $What is a matrix strategy used for in GitHub Actions?$

Jobs & matrix strategies Easy

A.

To automatically fix bugs in the code

B.

To run tests across multiple combinations of operating systems or programming language versions simultaneously

C.

To encrypt secrets and passwords

D.

To format the output logs into a grid

7 $Which keyword is used inside a workflow step to execute a shell command?$

Steps & shell commands Easy

A.

execute:

B.

cmd:

C.

run:

D.

shell:

8 $Where can developers browse and find pre-built actions created by the community?$

Using marketplace actions Easy

A.

GitHub Discussions

B.

Docker Hub

C.

GitHub Wiki

D.

GitHub Marketplace

9 $Which widely used action sets up a Node.js environment in a workflow?$

Language-specific actions Easy

A.

actions/run-node

B.

actions/js-env

C.

actions/install-npm

D.

actions/setup-node

10 $Why is caching used in GitHub Actions workflows?$

Using caching for faster builds Easy

A.

To hide source code from unauthorized users

B.

To permanently store the final production code

C.

To pause a workflow execution until a certain time

D.

To speed up workflow execution times by reusing dependencies

11 $By default, how do multiple jobs in a single GitHub Actions workflow execute?$

Multi-job workflows Easy

A.

In parallel (simultaneously)

B.

Alphabetically by job name

C.

In random order

D.

Sequentially, one after another

12 $What is a GitHub-hosted runner?$

Runners: GitHub-hosted runners Easy

A.

An on-premise physical server

B.

A cloud storage bucket

C.

A local machine maintained by a developer

D.

A virtual machine managed, maintained, and updated by GitHub

13 $What is a primary advantage of using a self-hosted runner over a GitHub-hosted runner?$

Runners:Self-hosted runners Easy

A.

It automatically writes workflows for you

B.

It is completely free of configuration effort

C.

It provides full control over the hardware, operating system, and software tools

D.

It runs 100 times faster by default

14 $Why is it generally considered unsafe to use self-hosted runners on public repositories?$

Runner security & management Easy

A.

Because malicious pull requests could execute harmful code on your infrastructure

B.

Because they cannot connect to the internet

C.

Because they run too slowly for open-source projects

D.

Because public repositories do not support self-hosted runners

15 $Which shell command is typically executed in a workflow step to build a Docker image?$

Docker & GitHub Actions: Building Docker images in CI Easy

A.

docker push

B.

docker build

C.

docker pull

D.

docker start

16 $What must be configured in GitHub before an Action can successfully push a new image to Docker Hub?$

Pushing to Docker Hub Easy

A.

Authentication credentials stored securely as GitHub Secrets

B.

A manual approval rule

C.

A GitHub Pages website

D.

A self-hosted runner

17 $What domain name is used to access the GitHub Container Registry (GHCR)?$

Pushing to GitHub Container Registry (GHCR) Easy

A.

docker.github.com

B.

hub.github.com

C.

registry.github.io

D.

ghcr.io

18 $In GitHub Actions, what defines an 'event'?$

Events, triggers Easy

A.

A specific activity or occurrence in the repository that triggers a workflow

B.

A notification sent to the developer's email

C.

A scheduled meeting for the development team

D.

The final successful completion of a deployment

19 $How should sensitive information like cloud API keys and deployment passwords be managed in GitHub Actions?$

Deploying to servers/cloud using Actions Easy

A.

Saved securely as encrypted GitHub Secrets

B.

Stored in plain text inside the workflow YAML file

C.

Committed in a text file named passwords.txt

D.

Printed in the workflow logs for easy access

20 $Which trigger uses POSIX cron syntax to run a workflow at specific times?$

Workflow triggers: push, pull request, schedule, manual workflow Easy

A.

schedule

B.

timer

C.

cron_run

D.

clock

21 $To ensure GitHub recognizes a YAML file as an Actions workflow, in which specific directory path relative to the repository root must it be placed?$

Events, triggers, workflow directory structure Medium

A.

.github/actions/

B.

.github/workflows/

C.

workflows/

D.

.actions/workflows/

22 $Which event trigger should you configure in a GitHub Actions workflow to allow users to manually trigger the workflow from the GitHub Actions tab, optionally providing input parameters?$

Workflow triggers: push, pull request, schedule, manual workflow Medium

A.

push

B.

manual_run

C.

workflow_dispatch

D.

repository_dispatch

23 $You need to test your Node.js application against Node versions 14, 16, and 18 on both ubuntu-latest and windows-latest . How many total job executions will a standard matrix strategy create for this configuration?$

Jobs & matrix strategies Medium

A.

3

B.

5

C.

6

D.

2

24 $In a multi-job workflow, Job B requires the output or successful completion of Job A before it can start. Which keyword is used in the configuration for Job B to enforce this dependency?$

Multi-job workflows Medium

A.

requires

B.

needs

C.

after

D.

depends_on

25 $When using the actions/cache action to speed up builds by caching dependencies, which input parameter is mandatory to accurately determine if the cache needs to be invalidated or restored?$

Using caching for faster builds Medium

A.

hashFiles

B.

restore-keys

C.

key

D.

path

26 $If you want to execute a multi-line shell script within a single step in a GitHub Actions workflow, how should you format the run keyword in the YAML file?$

Steps & shell commands Medium

A.

run: |

B.

execute: -

C.

run: >

D.

script:

27 $When referencing a third-party action from the GitHub Marketplace in your workflow, how do you pin the action to a specific immutable release to prevent breaking changes?$

Using marketplace actions Medium

A.

By using the release: keyword under the action

B.

By appending :<version-number> to the action name

C.

By using the version: keyword under the action

D.

By appending @<commit-SHA> to the action name

28 $What is a primary reason a DevOps team might choose to deploy a self-hosted runner instead of using a GitHub-hosted runner?$

Runners:Self-hosted runners Medium

A.

To reduce the configuration time of setting up the CI environment

B.

To access resources securely inside a private corporate network or VPC

C.

To ensure a completely clean, ephemeral environment for every single job

D.

To utilize GitHub's automatic OS patching mechanisms

29 $Which of the following accurately describes the environment of a standard GitHub-hosted runner for Ubuntu?$

Runners: GitHub-hosted runners Medium

A.

It runs entirely in the browser using WebAssembly.

B.

It is a fresh virtual machine for each job execution that is discarded after the job completes.

C.

It is a shared virtual machine where multiple workflows from different repositories run concurrently.

D.

It is a persistent container where state is maintained across different job executions.

30 $Why is it considered a severe security risk to attach a self-hosted runner to a public repository without specific safeguards?$

Runner security & management Medium

A.

Because malicious users can submit pull requests that execute untrusted code directly on your local infrastructure.

B.

Because GitHub charges excess usage fees for public repos using self-hosted runners.

C.

Because the runner's IP address will be broadcasted to all GitHub users.

D.

Because self-hosted runners automatically grant admin access to the GitHub repository.

31 $When building a Docker image using GitHub Actions, which action is standardly used to set up Docker Buildx, allowing for advanced features like multi-platform builds?$

Docker & GitHub Actions: Building Docker images in CI Medium

A.

docker/setup-buildx-action

B.

docker/build-push-action

C.

actions/docker-build

D.

docker/login-action

32 $When authenticating a workflow to push a Docker image to the GitHub Container Registry (GHCR), which credential is automatically provided by GitHub Actions and recommended for use?$

Pushing to GitHub Container Registry (GHCR) Medium

A.

${{ secrets.GITHUB_TOKEN }}

B.

${{ env.GHCR_TOKEN }}

C.

${{ github.personal_access_token }}

D.

${{ secrets.DOCKER_PASSWORD }}

33 $How should a DevOps engineer securely pass static cloud provider credentials (like AWS Access Keys) into a GitHub Actions deployment workflow?$

Deploying to servers/cloud using Actions Medium

A.

Store them in a .env file and commit it to the repository

B.

Pass them as plain-text parameters via the workflow_dispatch trigger

C.

Hardcode them into the workflow file but restrict read access to the repository

D.

Store them as encrypted Repository Secrets and reference them using ${{ secrets.SECRET_NAME }}

34 $In the GitHub Actions hierarchy, what is the correct relationship between jobs, steps, and workflows?$

Key components: jobs, steps, actions, runners Medium

A.

A workflow contains one or more jobs; a job contains one or more steps.

B.

A job contains one or more workflows; a workflow contains one or more steps.

C.

A step contains one or more jobs; a job contains one or more workflows.

D.

A workflow contains one or more steps; a step contains one or more jobs.

35 $Before using docker/build-push-action to push an image to Docker Hub, which step must be executed in the workflow?$

Pushing to Docker Hub Medium

A.

Push the image to GHCR first to create an intermediary cache.

B.

Install Docker Desktop on the GitHub runner.

C.

Configure a self-hosted runner since GitHub-hosted runners cannot push to Docker Hub.

D.

Authenticate using docker/login-action with Docker Hub credentials.

36 $When configuring a CI workflow for a Python application, what is the primary purpose of using the actions/setup-python action?$

Language-specific actions Medium

A.

It automatically formats the Python code using black .

B.

It runs the pytest test suite automatically.

C.

It installs a specific version of Python and adds it to the system PATH.

D.

It builds a Docker container running Python.

37 $You want to run a workflow every day at midnight UTC using the schedule event. What is the correct cron syntax to define this trigger?$

Workflow triggers: push, pull request, schedule, manual workflow Medium

A.

cron: '0 0 * * *'

B.

cron: '0 0 0 * *'

C.

cron: '0 * * * *'

D.

cron: '* 0 * * *'

38 $When deploying an application to an AWS server using GitHub Actions via OIDC (OpenID Connect), what is the main advantage over using long-lived IAM user credentials?$

Deployments to servers/clouds Medium

A.

OIDC allows the deployment to run directly on the GitHub Actions runner instead of the AWS server.

B.

OIDC automatically configures the AWS infrastructure using CloudFormation.

C.

OIDC bypasses all IAM permissions, resulting in faster deployments.

D.

OIDC uses short-lived, dynamically requested tokens, eliminating the need to store static AWS credentials in GitHub Secrets.

39 $If you define environment variables at the root level of a workflow using the env: keyword, what is the scope of those variables?$

Key components: workflows Medium

A.

They are automatically exported as GitHub Secrets.

B.

They are only available to jobs running on self-hosted runners.

C.

They are only available to the first job executed in the workflow.

D.

They are available to all jobs and steps within the workflow.

40 $Which of the following best describes the core purpose of a Continuous Integration (CI) workflow in GitHub Actions?$

Understanding workflow automation Medium

A.

To handle user authentication and session management in web applications.

B.

To manually provision cloud infrastructure using Terraform scripts.

C.

To automatically build, test, and validate code changes whenever a commit is pushed to a repository.

D.

To automatically scale application containers based on user traffic.

41 $A developer configures a build matrix with 3 operating systems and 3 Node.js versions (9 jobs total). Job 2 fails after 30 seconds. What is the default behavior of the remaining running jobs in the matrix, and how can it be altered to allow independent completion?$

Jobs & matrix strategies Hard

A.

They are immediately canceled; use fail-fast: false under the strategy key to allow them to complete.

B.

They are paused until manual intervention; use auto-resume: true to continue.

C.

They are immediately canceled; use ignore-errors: true under the matrix key to allow them to complete.

D.

They continue running; use continue-on-error: false to cancel them.

42 $You want a workflow to trigger on pushes to the main branch, EXCEPT when the changes are strictly within the docs/ directory. Which of the following YAML configurations achieves this without throwing a syntax or validation error?$

Workflow triggers: push, pull request, schedule, manual workflow Hard

A.

on: push: branches: [main] paths-ignore: ['docs/**']

B.

on: push: branches: [main] ignore-paths: ['docs/']

C.

on: push: branches: [main] paths: ['**'] paths-ignore: ['docs/**']

D.

on: push: branches: [main] exclude: paths: ['docs/**']

43 $When using the actions/cache action, what happens if there is a cache miss for the exact key, but a partial match exists in the restore-keys list?$

Using caching for faster builds Hard

A.

The partial match is restored, and at the end of the job, the updated cache is saved under the new exact key .

B.

The workflow pauses and prompts for manual approval to restore a potentially outdated cache.

C.

The action fails the step and proceeds without restoring any cache.

D.

The partial match is restored, but the cache is NOT saved at the end of the job to prevent cache poisoning.

44 $Why is it considered a severe security risk to use persistent self-hosted runners for public repositories that accept pull requests from forks?$

Runner security & management Hard

A.

Forked repositories automatically inherit write access to the main repository when using self-hosted runners.

B.

Forks can trigger workflows that execute arbitrary code, potentially compromising the runner's host environment and persisting malicious payloads for subsequent runs.

C.

Persistent self-hosted runners bypass GitHub's rate limiting, which can result in denial-of-service billing attacks from malicious forks.

D.

Self-hosted runners do not support encrypted secrets, exposing API keys to fork authors.

45 $To successfully authenticate and push a Docker image to the GitHub Container Registry (ghcr.io) within a GitHub Actions workflow using the default GITHUB_TOKEN, which specific permission must be explicitly granted to the job?$

Pushing to GitHub Container Registry (GHCR) Hard

A.

packages: write

B.

docker: push

C.

contents: write

D.

registry: write

46 $A workflow contains a deployment job configured with environment: production . The production environment in GitHub is set to require a manual reviewer. What happens to the workflow execution while waiting for the reviewer's approval?$

Deploying to servers/cloud using Actions Hard

A.

The workflow proceeds to the next job automatically if the reviewer does not respond within the environment's specified timeout period.

B.

The job is temporarily offloaded to a self-hosted runner to save costs while waiting for approval.

C.

The job execution is paused and does not consume runner minutes; it waits up to 30 days for approval before being automatically canceled.

D.

The job consumes runner minutes while in the "waiting" state until the timeout limit (default 360 minutes) is reached.

47 $Job A generates a dynamic version string and needs to pass it to Job B. How is this correctly achieved in GitHub Actions?$

Multi-job workflows Hard

A.

Pass the string as a positional argument in the runs-on context of Job B.

B.

In Job A, echo the string to {{ needs.JobA.outputs.version }} .

C.

In Job A, save the string in a workflow artifact. In Job B, use the actions/download-artifact to read it directly into a job-level variable.

D.

In Job A, write the string to {{ env.VERSION }} .

48 $When configuring a workflow to deploy to AWS without storing long-lived IAM user credentials as GitHub Secrets, which mechanism should be utilized?$

Deployments to servers/clouds Hard

A.

GitHub App installation tokens bound to an AWS IAM policy.

B.

Mutual TLS (mTLS) certificates stored in the GitHub runner's system keystore.

C.

OpenID Connect (OIDC) to exchange a short-lived GitHub Actions token for an AWS role assumption.

D.

SSH Agent Forwarding with ephemeral keys.

49 $In a bash shell step on an Ubuntu runner, what is the default behavior if a command within a multi-line script fails (returns a non-zero exit code) halfway through the step?$

Steps & shell commands Hard

A.

The script continues to execute the remaining lines, but the step is marked as failed at the end.

B.

The workflow prompts the user to either ignore the error or cancel the run.

C.

Execution halts immediately because GitHub Actions runs bash with set -e and pipefail by default, and the step fails.

D.

Execution halts immediately, but the job is marked as successful unless exit 1 is explicitly called at the end of the script.

50 $A developer places a valid workflow file at .github/actions/deploy.yml . Upon pushing to the repository, the workflow does not trigger. What is the root cause?$

Events, triggers, workflow directory structure Hard

A.

Workflows must be placed in the .github/workflows/ directory to be detected and triggered by GitHub.

B.

The directory must be explicitly registered in the repository settings under "Actions".

C.

The file extension must be .yaml, as .yml is only supported for composite actions.

D.

The file must be named main.yml to be recognized as a workflow.

51 $When building Docker images in CI, optimizing build times is crucial. Using the docker/build-push-action, which caching strategy natively utilizes GitHub Actions' built-in Cache API to store and retrieve Docker layers?$

Docker & GitHub Actions: Building Docker images in CI Hard

A.

cache-from: type=gha and cache-to: type=gha

B.

cache-from: type=actions and cache-to: type=actions

C.

cache-from: type=local and cache-to: type=local

D.

cache-from: type=registry and cache-to: type=registry

52 $You are deploying an application from a GitHub-hosted runner to a corporate database that strictly requires IP whitelisting. Which statement accurately describes the limitation of standard GitHub-hosted runners in this scenario?$

Runners: GitHub-hosted runners Hard

A.

Standard GitHub-hosted runners do not have static IP addresses, making strict IP whitelisting highly impractical.

B.

Standard GitHub-hosted runners only support IPv6, which is incompatible with most legacy corporate databases.

C.

Standard GitHub-hosted runners block outbound traffic on non-standard ports (like 3306 or 5432) by default.

D.

Standard GitHub-hosted runners share a single, global static IP address, meaning any GitHub user could theoretically access the whitelisted database.

53 $A team wants Workflow B to automatically execute only after Workflow A has successfully completed, regardless of whether Workflow A was triggered via a push, schedule, or manual event. Which event trigger should be configured in Workflow B?$

Events, triggers, workflow directory structure Hard

A.

on: after_workflow: name: ["Workflow A"]

B.

on: [workflow_call]

C.

on: workflow_run: workflows: ["Workflow A"] types: [completed]

D.

on: repository_dispatch: types: [Workflow A_success]

54 $When a workflow is triggered by a pull_request event originating from a fork repository, which repository's commit and secrets are used for the workflow execution by default?$

Workflow triggers: push, pull request, schedule, manual workflow Hard

A.

The merge commit of the source and target branch is checked out, and the target repository's secrets are used (excluding pull_request_target).

B.

The exact commit of the source branch is checked out, and the fork's secrets are utilized to ensure isolation.

C.

The target branch's latest commit is checked out, but the workflow is denied access to any secrets to prevent exfiltration.

D.

The workflow automatically prompts a repository admin to approve the run before selecting the source or target context.

55 $In a Node.js workflow using actions/setup-node@v3, how can you configure the action to automatically cache npm dependencies by analyzing the lockfile, thereby bypassing the need for a manual actions/cache step?$

Language-specific actions Hard

A.

Add cache: 'npm' to the with inputs of the setup-node step.

B.

The setup-node action caches dependencies by default; no configuration is required.

C.

Specify auto-cache: true under the strategy matrix definition.

D.

Add npm-cache: true as an environment variable in the job level.

56 $To mitigate supply chain attacks when utilizing third-party actions from the GitHub Marketplace, what is the most secure method for referencing an action in a workflow file?$

Using marketplace actions Hard

A.

Referencing the action by its full 40-character Git commit SHA.

B.

Referencing the action by its major version tag (e.g., @v2).

C.

Referencing the action by the main or master branch.

D.

Forking the action and referencing the fork by a mutable tag.

57 $When configuring automated pushes to Docker Hub using the docker/login-action in a CI pipeline, why is it functionally critical and recommended to use Docker Personal Access Tokens (PATs) instead of the main account password?$

Pushing to Docker Hub Hard

A.

Docker Hub rate limits are bypassed entirely when authenticating via a PAT compared to standard user credentials.

B.

PATs allow fine-grained access control, are easily revocable, and bypass 2FA requirements which otherwise block automated CI pipelines.

C.

GitHub Actions inherently blocks the transmission of user passwords, failing the workflow if a password string is detected.

D.

Passwords are automatically exposed in the GitHub Actions runner logs, whereas PATs are masked automatically.

58 $You are defining a manual workflow using workflow_dispatch . You need to allow the user to select an environment (either dev, staging, or prod) from a dropdown menu. How is this defined in the workflow YAML?$

Workflow triggers: push, pull request, schedule, manual workflow Hard

A.

Use an input with type: dropdown and provide the options as a comma-separated string.

B.

Use an input with type: choice and provide the options in the options array.

C.

Use an input with type: string and provide a regex validation rule pattern: dev|staging|prod .

D.

Define three separate boolean inputs for each environment and require the user to check only one.

59 $A team manages multiple self-hosted runners across different architectures and specialized hardware (e.g., GPUs). How can a specific workflow job strictly and explicitly target a self-hosted runner equipped with a GPU?$

Runners:Self-hosted runners Hard

A.

Add an environment variable REQUIRE_GPU=true to the job context, which the runner's polling mechanism will filter by.

B.

Specify runs-on: self-hosted-gpu and GitHub will automatically detect the hardware capabilities.

C.

Assign a custom label (e.g., gpu-enabled) to the specific runner, and configure the job with runs-on: [self-hosted, gpu-enabled] .

D.

Use a matrix strategy to iterate over all runners until one successfully executes a GPU test command.

60 $You have a deployment workflow triggered on every push to the main branch. If multiple developers merge PRs in rapid succession, you want to ensure only one deployment runs at a time and any pending deployments are canceled in favor of the latest push. Which configuration achieves this?$

Deploying to servers/cloud using Actions Hard

A.

Use max-parallel: 1 at the job level.

B.

Use the concurrency key at the workflow level, defining a group name and setting cancel-in-progress: true .

C.

Use the timeout-minutes key to forcefully fail older jobs if a newer job enters the queue.

D.

Set queue: true and strategy: override in the deployment job configuration.

Unit 5 - Practice Quiz