GitHub Actions GH-200 Practice Test & Mock Exam

Last revised: June 29, 2026

Practice GitHub Actions (GitHub Actions GH-200) in IT Mastery with focused sample pages, topic drills, timed mock exams, detailed explanations, and the current question bank.

Use IT Mastery for interactive practice with timed mocks, topic drills, progress tracking, and detailed explanations across web and mobile. Focused topic pages and the static diagnostic page preview how this exam handles workflow YAML, CI/CD behavior, action reuse, troubleshooting, permissions, security, scale, and optimization.

Practice preview and focused pages

Use this page to start the web app and choose the right public preview before longer mixed practice. For sample exam questions, use the focused topic pages, quick review, and free-practice page in this exam section; the interactive app remains the primary practice path.

  • Focused topic pages: drill focused topics including Author and Maintain Actions; Author and Manage Workflows; and other domains with explanations.
  • Quick review: Workflows, events, jobs, runners, security, reusable workflows, artifacts, caches, and common exam traps.
  • Free practice exam: Try 50 free GitHub Actions (GitHub Actions GH-200) questions across the exam domains, with explanations, then continue with IT Mastery practice.

What this GH-200 practice page gives you

  • a direct web entry for GitHub Actions practice in IT Mastery
  • focused topic pages and free-practice coverage for previewing question style
  • workflow YAML, runner, reusable action, deployment, permissions, and troubleshooting drills
  • a clear web preview path for previewing question style before deeper practice
  • the same IT Mastery account across web and mobile

GitHub Actions snapshot

  • Vendor: GitHub
  • Credential name: GitHub Actions
  • Microsoft Learn study-guide code: GH-200
  • Level shown by Microsoft Learn: Intermediate
  • Exam time shown by Microsoft Learn: 100 minutes
  • IT Mastery practice modes: topic drills, mixed sets, timed mocks, detailed explanations, and progress tracking
  • Current IT Mastery status: live practice available

Topic coverage for Actions practice

AreaWhat to practise
Author workflowstriggers, jobs, steps, runners, matrices, environments, permissions, and reusable workflows
Consume and troubleshoot workflowslogs, artifacts, caching, concurrency, failures, reruns, and debugging strategy
Author and maintain actionscomposite actions, JavaScript actions, Docker actions, inputs, outputs, versioning, and reuse
Enterprise managementpolicies, runner groups, billing awareness, organization settings, and operational governance
Secure and optimize automationsecrets, token permissions, dependency risk, least privilege, performance, and reliability

GitHub Actions workflow map

Use this map to reason through most GitHub Actions questions. Start with the event, then follow the workflow into jobs, runners, permissions, secrets, and deployment controls.

    flowchart LR
	  Event["Event trigger"] --> Workflow["Workflow file"]
	  Workflow --> Jobs["Jobs"]
	  Jobs --> Runner["Runner"]
	  Jobs --> Steps["Steps"]
	  Steps --> Actions["Actions or shell commands"]
	  Workflow --> Permissions["GITHUB_TOKEN permissions"]
	  Workflow --> Secrets["Secrets and variables"]
	  Jobs --> Environment["Environment gates"]
	  Environment --> Deployment["Deployment"]
	  Permissions --> Risk["Least-privilege risk check"]
	  Secrets --> Risk

Actions exhibit patterns to practise

GitHub Actions questions often include a short workflow, log excerpt, policy setting, or runner detail. Read the exhibit from top to bottom: identify the trigger first, then check job scope, permissions, runner context, secrets, and the artifact/cache behavior the question is testing.

Exhibit typeWhat to inspect first
Workflow YAMLon, permissions, jobs, runs-on, strategy, and deployment environment
Failure logfirst failing command, exit code, missing secret, path mismatch, or denied token scope
Permissions blockwhether the GITHUB_TOKEN has only the scopes required for the job
Runner labelswhether the job is using GitHub-hosted or self-hosted infrastructure correctly
Cache keywhether the key changes when dependencies or the runner OS changes
Artifact stepwhether the file is produced before upload and downloaded by the later job

Example workflow exhibit:

on:
  pull_request:
    paths:
      - "src/**"

permissions:
  contents: read
  pull-requests: write

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: npm ci
      - run: npm test

Best reading: this workflow is pull-request scoped, path-filtered, and uses limited token permissions. It should not be treated as a deployment workflow unless a later job adds environment gates and trusted credentials.

Example failure-log exhibit:

Run npm test
Error: Cannot find module '@acme/shared-config'
Process completed with exit code 1.

Best first check: compare the runner install step, lock file, package registry authentication, workspace path, and cache restore result before changing the test command.

Example deployment-control exhibit:

SettingWhy it matters
environment: productioncan require reviewers and expose production-scoped secrets only after approval
concurrency.group: productionprevents overlapping production deployment runs
cancel-in-progress: falseavoids canceling an already-started production deployment automatically
permissions.contents: readavoids broad repository write access unless a deployment step truly needs it

GH-200 decision filters

Use these filters when a workflow answer looks correct but incomplete:

  • Trigger and scope: inspect on, branch filters, path filters, and event context before changing jobs or steps.
  • Job boundary: separate job-level permissions, runner labels, matrices, dependencies, environments, and artifacts from step-level commands.
  • Reuse mechanism: distinguish reusable workflows, composite actions, JavaScript actions, Docker actions, and shared shell snippets.
  • Security baseline: check GITHUB_TOKEN permissions, secrets, OIDC, environment protection, dependency risk, and untrusted pull request behavior.
  • Troubleshooting evidence: read logs, exit codes, file paths, cache keys, artifact names, and runner context before rewriting workflow logic.

Final 7-day GH-200 practice sequence

DayPractice focus
7Open the web app for a timed mixed set, then use the public diagnostic page if you need to tag misses as authoring, troubleshooting, actions, enterprise, or security.
6Drill workflow syntax, triggers, jobs, matrices, reusable workflows, environments, and permissions.
5Drill logs, cache behavior, artifacts, concurrency, reruns, runner labels, and failure analysis.
4Drill custom actions, inputs, outputs, versioning, and when to use composite, JavaScript, or Docker actions.
3Drill secrets, OIDC, token permissions, untrusted PRs, branch protection, and secure deployment controls.
2Complete a timed mixed set and explain which workflow boundary drove each miss.
1Review weak YAML patterns and exhibit-reading mistakes; avoid late memorization of random syntax.

When GH-200 practice is enough

If you can score above roughly 75% on several unseen mixed attempts and explain the trigger, permission, runner, or troubleshooting signal behind your misses, you are likely ready. More practice should improve workflow reasoning, not make you memorize repeated YAML snippets.

Free study resources

Use this IT Mastery page for live practice, topic drills, timed mocks, explanations, and app access.

Web preview and premium practice

  • Web/public preview: focused sample-question pages plus the web app entry so you can validate the question style and explanation depth.
  • Premium: interactive web-app practice with focused drills, mixed sets, timed mock exams, detailed explanations, and progress tracking across web and mobile.

Mini Glossary

  • Action: A reusable unit of automation used inside a workflow step.
  • Artifact: A file or bundle uploaded from a workflow run for later jobs, review, or download.
  • Cache: Reused dependency or build data intended to speed up future runs.
  • Environment: A deployment target that can have reviewers, wait timers, and scoped secrets.
  • Job: A set of steps that run on the same runner.
  • Matrix: A strategy that expands a job across combinations such as operating systems or language versions.
  • Reusable workflow: A workflow called by another workflow at the job level.
  • Runner: The machine that executes workflow jobs, either GitHub-hosted or self-hosted.
  • Secret: Encrypted sensitive value exposed to workflows only under allowed contexts.
  • Workflow: A YAML automation file stored under .github/workflows/.

Official sources

In this section

GH-300
Browse Certification Practice Tests by Exam Family