GH-900 — GitHub Foundations Quick Review
Quick review for GitHub Foundations (GH-900): Git, GitHub collaboration, repositories, pull requests, GitHub Actions, security, and project workflows before question-bank practice.
Quick Review purpose
This Quick Review is for candidates preparing for the GitHub Foundations (GH-900) exam from GitHub. Use it as a fast, structured refresher before working through topic drills, mock exams, and detailed explanations in an IT Mastery question bank.
The exam is foundational, so expect questions that test whether you understand how GitHub supports software development, collaboration, automation, security, and project workflows. Many questions are not about memorizing commands; they ask you to choose the best GitHub feature, workflow, permission model, or collaboration pattern for a scenario.
This page is IT Mastery exam-prep support. It is not affiliated with GitHub.
High-yield mental model
GitHub is not just “a place to store code.” It combines:
| Area | What to know for GH-900 |
|---|---|
| Git hosting | Repositories, commits, branches, tags, remotes, cloning, pushing, pulling |
| Collaboration | Issues, pull requests, reviews, discussions, forks, branch protection |
| Project management | Labels, milestones, assignees, projects, task lists, notifications |
| Automation | GitHub Actions workflows, events, jobs, runners, marketplace actions |
| Security | Authentication, permissions, secret scanning, Dependabot, code scanning |
| Open source | README, LICENSE, CONTRIBUTING, CODE_OF_CONDUCT, SECURITY files |
| Developer experience | GitHub Codespaces, GitHub Copilot, GitHub Pages, GitHub CLI, integrations |
A strong GH-900 candidate can explain which GitHub feature solves which problem and how the pieces fit together in a typical development workflow.
Git vs. GitHub
| Concept | Git | GitHub |
|---|---|---|
| What it is | Distributed version control system | Cloud platform built around Git repositories |
| Primary job | Track file history and changes | Host repositories and support collaboration |
| Works offline? | Yes, for local commits and history | Mostly online, though local Git work continues offline |
| Examples | commit, branch, merge, rebase, clone | Pull requests, issues, Actions, projects, security alerts |
| Common trap | Thinking Git requires GitHub | Git can be used without GitHub |
| Another trap | Thinking GitHub replaces Git | GitHub uses Git; it does not replace core Git concepts |
Core distinction
- Git tracks changes.
- GitHub helps people collaborate around those changes.
If a question asks about version history, commits, branches, and merging, think Git. If it asks about reviews, issues, automation, permissions, or hosted collaboration, think GitHub.
Repository fundamentals
A repository is the central workspace for a project. It usually contains source code, documentation, configuration files, issue and pull request history, security settings, and automation workflows.
| Repository item | Purpose |
|---|---|
| README | Explains what the project is and how to use it |
| LICENSE | Defines legal permissions for using, modifying, and distributing the project |
.gitignore | Tells Git which files not to track |
| Issues | Track bugs, tasks, questions, or enhancements |
| Pull requests | Propose, discuss, review, and merge changes |
| Actions workflows | Automate CI/CD or other tasks |
| Branches | Isolate work before integration |
| Tags | Mark specific points in history, often versions |
| Releases | Package and describe versioned software releases |
Public, private, and internal repositories
| Visibility | Meaning | Common use |
|---|---|---|
| Public | Visible to everyone | Open source, public docs, examples |
| Private | Visible only to selected users or teams | Proprietary code or restricted projects |
| Internal | Visible within an enterprise context | Shared enterprise code and resources |
Common trap: repository visibility controls who can see the repository, but permissions still determine what authorized users can do.
Git workflow essentials
You do not need to be a Git expert for GH-900, but you should understand the basic lifecycle.
| Step | Typical command or action | Meaning |
|---|---|---|
| Get a repository | git clone | Copy a remote repository locally |
| Inspect changes | git status, git diff | See what changed |
| Stage files | git add | Choose changes for the next commit |
| Save snapshot | git commit | Record changes in local history |
| Share changes | git push | Send local commits to a remote |
| Get remote changes | git pull | Fetch and integrate changes |
| Fetch only | git fetch | Download remote updates without merging |
| Create branch | git branch or git switch -c | Start isolated work |
| Merge work | git merge | Combine branch histories |
| View history | git log | Inspect commits |
Working directory, staging area, repository
| Area | What it contains | Candidate mistake |
|---|---|---|
| Working directory | Files you are editing | Thinking edited files are automatically committed |
| Staging area | Selected changes for the next commit | Forgetting to stage changes |
| Local repository | Local commit history | Thinking local commits are already on GitHub |
| Remote repository | Hosted repository, often on GitHub | Confusing commit with push |
Decision rule:
- Commit saves changes locally.
- Push sends commits to GitHub.
- Pull brings remote changes down and integrates them.
- Fetch brings remote data down without integrating it.
Branches, commits, merges, and conflicts
Branches allow parallel work. A branch is a movable pointer to a commit, not a full copy of the repository.
| Concept | Review point |
|---|---|
| Commit | Snapshot of tracked changes with metadata |
| Branch | Independent line of development |
| Default branch | Main integration branch, often named main |
| Merge | Combines changes from one branch into another |
| Merge conflict | Occurs when Git cannot automatically combine changes |
| Tag | Named reference to a specific commit, often used for versions |
Merge conflicts
A merge conflict means Git needs human judgment. The usual process is:
- Identify conflicted files.
- Edit the files to keep the correct content.
- Mark the conflicts as resolved.
- Commit the resolution.
- Continue the merge or pull request workflow.
Common trap: a conflict is not an error in GitHub itself. It is Git asking for a decision between incompatible changes.
Forks vs. branches
| Use case | Prefer this |
|---|---|
| You have write access to the repository | Create a branch in the repository |
| You do not have write access | Fork the repository and open a pull request |
| You want to contribute to open source | Fork, branch, commit, push, open pull request |
| You want isolated internal feature work | Branch |
| You want your own copy under your account | Fork |
A fork is a copy of a repository under another account or organization. A branch is a separate line of work inside a repository.
Common trap: forks and branches both support parallel work, but they solve different permission and ownership problems.
GitHub Flow
GitHub Flow is a lightweight workflow centered on branches and pull requests.
flowchart LR
A[Create branch] --> B[Make commits]
B --> C[Open pull request]
C --> D[Discuss and review]
D --> E[Run checks]
E --> F{Approved and checks pass?}
F -- No --> B
F -- Yes --> G[Merge]
G --> H[Deploy or release]
GitHub Flow decision points
| Question | Best action |
|---|---|
| Need to start a new feature? | Create a branch |
| Need feedback before merging? | Open a pull request |
| Need automated validation? | Use GitHub Actions checks |
| Need required approval? | Use branch protection or rulesets |
| Need to keep main stable? | Require reviews and passing checks before merge |
Common trap: a pull request is not only a “request to merge.” It is also a place for review, discussion, checks, and documentation of the change.
Pull requests
A pull request proposes changes from one branch into another. Pull requests are central to GitHub collaboration.
| Pull request feature | Why it matters |
|---|---|
| Conversation | Discuss proposed changes |
| Review comments | Comment on specific lines |
| Required reviewers | Enforce review before merge |
| Status checks | Show CI/test/security results |
| Linked issues | Connect code changes to tracked work |
| Draft pull request | Signal that work is not ready for full review |
| Merge methods | Control how history is integrated |
Pull request states and actions
| Situation | Appropriate action |
|---|---|
| Work is not ready | Open as draft or keep working on branch |
| Needs review | Request reviewers |
| Tests fail | Fix commits and push updates |
| Conflicts exist | Resolve conflicts before merge |
| Review requires changes | Update code and re-request review |
| Ready and allowed | Merge using allowed merge method |
Merge methods
| Merge method | Result | Common reason to use |
|---|---|---|
| Merge commit | Preserves full branch history | Keep detailed commit history |
| Squash merge | Combines branch commits into one commit | Keep main history clean |
| Rebase merge | Replays commits without a merge commit | Maintain linear history |
Common trap: “squash” does not mean the work disappears. It combines multiple commits into a single commit on the target branch.
Issues, discussions, and pull requests
| Feature | Best for | Not best for |
|---|---|---|
| Issues | Bugs, tasks, enhancements, work tracking | Long-form community Q&A if Discussions is enabled |
| Pull requests | Reviewing and merging code changes | General planning with no code changes |
| Discussions | Questions, ideas, announcements, community conversation | Formal code review |
| Projects | Planning, tracking, and visualizing work | Replacing Git history |
Decision rule:
- Use an issue to track work.
- Use a pull request to propose code changes.
- Use a discussion for broader conversation.
- Use a project to organize and visualize work across issues and pull requests.
GitHub project management
GitHub includes features that support planning and tracking directly near the code.
| Feature | Purpose |
|---|---|
| Labels | Categorize issues and pull requests |
| Milestones | Group work toward a target or release |
| Assignees | Show who is responsible |
| Projects | Track work using tables, boards, fields, and views |
| Task lists | Break work into checklist items |
| Mentions | Notify users or teams |
| Notifications | Keep users informed about relevant activity |
Labels vs. milestones vs. projects
| Need | Use |
|---|---|
| Categorize work by type or priority | Labels |
| Group work for a release or deadline | Milestones |
| Visualize and manage work across items | Projects |
| Assign ownership | Assignees |
| Track smaller steps in one item | Task lists |
Common trap: labels and milestones do not replace project planning views; they add metadata that can help organize planning.
Markdown and documentation
GitHub uses Markdown widely in README files, issues, pull requests, comments, discussions, and wikis.
| Markdown element | Example purpose |
|---|---|
| Headings | Structure documentation |
| Lists | Steps, requirements, notes |
| Links | Reference docs, issues, pull requests |
| Images | Screenshots, diagrams |
| Code blocks | Show commands or examples |
| Task lists | Track checklist items |
| Tables | Compare options |
Documentation files with high exam relevance:
| File | Purpose |
|---|---|
README.md | Project overview and usage |
CONTRIBUTING.md | Contribution guidelines |
CODE_OF_CONDUCT.md | Community behavior expectations |
LICENSE | Legal terms for reuse |
SECURITY.md | Security policy and vulnerability reporting |
| Issue templates | Standardize issue submissions |
| Pull request template | Standardize PR descriptions |
Common trap: a repository without a license is not automatically “free to use” just because it is public.
Permissions and access control
GitHub access is organized around personal accounts, organizations, teams, repositories, and roles.
| Concept | Meaning |
|---|---|
| Personal account | Identity for an individual user |
| Organization | Shared account for teams and projects |
| Team | Group of organization members |
| Repository role | Permission level for a repository |
| Enterprise | Higher-level structure for multiple organizations in enterprise use |
Permission decision rules
| Scenario | Concept to review |
|---|---|
| A user can view but not push | Repository permission level may be read-only |
| A team needs access to several repos | Use organization teams |
| External helper needs limited access | Assign the minimum necessary permission |
| Sensitive branch needs control | Use branch protection or rulesets |
| Automation needs access | Use appropriate token, GitHub App, or secret handling |
Common trap: authentication proves who you are; authorization controls what you can do.
Authentication and secure access
GitHub supports several ways to authenticate and connect tools.
| Method | Typical use |
|---|---|
| Username and browser session | Web access |
| Multi-factor authentication | Stronger account protection |
| Personal access token | HTTPS Git or API access where token-based auth is needed |
| Fine-grained token | More limited, specific access |
| SSH key | Git operations over SSH |
| GitHub CLI authentication | Command-line GitHub workflows |
| GitHub App | Integration with controlled permissions |
| OAuth App | Third-party authorization flow |
Security decision rules
| Need | Likely solution |
|---|---|
| Protect account login | Enable multi-factor authentication |
| Avoid password use for Git operations | Use SSH key or token-based authentication |
| Limit automation permissions | Use least privilege permissions |
| Store workflow secrets | Use GitHub Actions secrets |
| Avoid exposing credentials | Never commit secrets to repositories |
Common trap: a secret stored in code is not protected just because the repository is private. Secrets should be managed through appropriate secret storage and access controls.
Branch protection and repository rules
Branch protection and rulesets help enforce quality and security before changes reach important branches.
| Control | What it helps enforce |
|---|---|
| Require pull request reviews | Human review before merge |
| Require status checks | Tests or checks must pass |
| Restrict who can push | Limit direct changes |
| Require linear history | Avoid merge commits if desired |
| Require signed commits | Strengthen commit authenticity |
| Prevent force pushes | Protect branch history |
| Prevent deletion | Protect critical branches |
Common exam pattern: choose branch protection when the scenario says the team wants to prevent unreviewed or failing code from being merged into the default branch.
GitHub Actions fundamentals
GitHub Actions automates workflows such as building, testing, linting, scanning, packaging, releasing, and deploying.
| Term | Meaning |
|---|---|
| Workflow | Automated process defined in YAML |
| Event | Trigger that starts a workflow |
| Job | Set of steps executed on a runner |
| Step | Individual command or action |
| Action | Reusable automation component |
| Runner | Machine that executes jobs |
| Artifact | File produced by a workflow |
| Secret | Encrypted value used by workflows |
Workflow files are stored in:
.github/workflows/
Actions workflow model
| Question clue | Concept |
|---|---|
| “Run tests when code is pushed” | Event trigger such as push |
| “Run checks on a pull request” | Pull request event |
| “Use Ubuntu to execute build steps” | Runner |
| “Reuse a published automation task” | Action |
| “Split build and test tasks” | Jobs |
| “Store deployment credential securely” | Secrets |
| “Save build output” | Artifacts |
| “Test across versions” | Matrix strategy |
Actions vs. other GitHub features
| Need | Use |
|---|---|
| Track a bug | Issue |
| Review a change | Pull request |
| Automatically run tests | GitHub Actions |
| Protect merge quality | Branch protection plus required checks |
| Store a password for workflow use | Actions secret |
| Publish package artifacts | GitHub Packages or release artifacts, depending on scenario |
Common trap: GitHub Actions is for automation. It is not the same thing as GitHub Projects, which is for planning and tracking work.
CI/CD basics
For GH-900, understand CI/CD conceptually.
| Term | Meaning |
|---|---|
| Continuous integration | Frequently integrate and validate code changes |
| Continuous delivery | Keep software ready to release |
| Continuous deployment | Automatically deploy validated changes |
| Build | Compile or package software |
| Test | Validate behavior or quality |
| Deploy | Release software to an environment |
Typical CI pattern:
- Developer opens pull request.
- GitHub Actions workflow runs tests.
- Status check reports pass or fail.
- Branch protection requires passing checks.
- Pull request is reviewed and merged.
Common trap: CI/CD is not only deployment. A workflow that runs tests on every pull request is also CI.
Security features on GitHub
GitHub includes multiple security features that help identify and reduce risk.
| Feature | Purpose |
|---|---|
| Dependabot alerts | Identify vulnerable dependencies |
| Dependabot updates | Propose dependency updates |
| Secret scanning | Detect committed secrets |
| Code scanning | Find code vulnerabilities and errors |
| CodeQL | Semantic code analysis engine used with code scanning |
| Security advisories | Coordinate vulnerability disclosure and fixes |
| Private vulnerability reporting | Allows responsible reporting where enabled |
| Branch protection | Prevent risky changes from merging |
| Audit logs | Track activity in organization or enterprise contexts |
Security feature decision table
| Scenario | Best GitHub feature |
|---|---|
| Dependency has known vulnerability | Dependabot alert |
| Need automated dependency update PRs | Dependabot updates |
| Token accidentally committed | Secret scanning |
| Need static analysis for code flaws | Code scanning |
| Need maintainers to coordinate a vulnerability fix | Security advisory |
| Need to require review before merge | Branch protection |
| Need to see who changed settings | Audit log |
Common trap: Dependabot focuses on dependencies. Code scanning focuses on code. Secret scanning focuses on leaked credentials or secrets.
GitHub Advanced Security concepts
Some GitHub security capabilities may be discussed as part of the broader GitHub platform. For foundational review, focus on what the features do rather than licensing details.
| Capability | Core idea |
|---|---|
| Secret scanning | Detect secrets in repositories |
| Code scanning | Analyze source code for security issues |
| Dependency review | Show dependency changes and risk in pull requests |
| Dependabot | Alert on and help update vulnerable dependencies |
Decision rule: if the question is about identifying a password, token, or key in code, think secret scanning, not code scanning.
GitHub Codespaces
GitHub Codespaces provides cloud-hosted development environments.
| Concept | Review point |
|---|---|
| Codespace | Cloud development environment connected to a repository |
| Dev container | Configuration for a consistent development environment |
| Browser-based development | Work without local setup |
| Standardized onboarding | Reduce “works on my machine” problems |
| Preconfigured tools | Install dependencies and extensions consistently |
Common use cases:
- New contributors can start quickly.
- Teams can standardize development environments.
- Training or workshops can avoid local setup issues.
- Developers can work from different devices.
Common trap: Codespaces is a development environment. It is not the same as GitHub Actions, which runs automation workflows.
GitHub Copilot
GitHub Copilot is an AI-powered coding assistant. For a foundations exam, know the basic concept and responsible-use mindset.
| Concept | Review point |
|---|---|
| Code suggestions | Copilot can suggest code as you work |
| Chat assistance | Copilot can help explain, generate, or refactor code |
| Developer control | Developers remain responsible for reviewing output |
| Productivity support | Helps with boilerplate, examples, and exploration |
Common trap: Copilot suggestions are not automatically correct, secure, or license-safe. A developer must review, test, and validate code.
GitHub Pages, Packages, and Releases
| Feature | Purpose |
|---|---|
| GitHub Pages | Host static websites from a repository |
| GitHub Packages | Host and manage packages |
| Releases | Publish versioned software and release notes |
| Tags | Mark specific commits, often for versions |
Decision rules:
| Scenario | Use |
|---|---|
| Host project documentation website | GitHub Pages |
| Publish a version with release notes | GitHub Releases |
| Mark a version in Git history | Git tag |
| Store package artifacts | GitHub Packages |
Common trap: a tag identifies a point in Git history; a release is a GitHub object that can add release notes and assets around a tag.
Open source collaboration
Open source work on GitHub often combines code, documentation, governance, and community expectations.
| File or feature | Why it matters |
|---|---|
| README | Helps users understand the project |
| LICENSE | Defines reuse rights |
| CONTRIBUTING | Explains how to contribute |
| CODE_OF_CONDUCT | Sets community behavior standards |
| SECURITY | Explains how to report vulnerabilities |
| Issues | Track bugs and feature requests |
| Discussions | Community Q&A and ideas |
| Pull requests | Propose changes |
| Forks | Contribute without direct write access |
Contribution workflow
- Find or create an issue.
- Fork the repository if you lack write access.
- Create a branch.
- Make commits.
- Push to your fork.
- Open a pull request.
- Respond to review comments.
- Maintainer merges if accepted.
Common trap: public visibility does not automatically grant write access. Contributors usually propose changes through forks and pull requests.
Search, navigation, and discovery
GitHub provides search and navigation features to find repositories, code, issues, pull requests, users, and discussions.
| Need | GitHub capability |
|---|---|
| Find a repository | Repository search |
| Find code | Code search |
| Find open bugs | Issue search and filters |
| Find pull requests needing review | Pull request filters |
| Find project activity | Notifications and activity feeds |
| Find a file quickly | Repository file navigation |
| Find ownership guidance | CODEOWNERS file, if present |
Useful search concepts
| Concept | Purpose |
|---|---|
| Filters | Narrow results by state, author, label, language, etc. |
| Saved views or project views | Reuse a work-tracking perspective |
| Mentions | Notify users or teams |
| Watch settings | Control repository notifications |
Common trap: assigning someone to an issue is not the same as mentioning them. Assignment indicates responsibility; mention notifies or references.
CODEOWNERS and review ownership
A CODEOWNERS file can define individuals or teams responsible for parts of a repository.
| Scenario | CODEOWNERS helps by |
|---|---|
| Specific team owns a directory | Automatically suggests or requires reviewers |
| Critical files need expert review | Maps file paths to owners |
| Large repo needs review routing | Sends changes to relevant maintainers |
Common trap: CODEOWNERS identifies ownership and can support review workflows, but branch protection or rules must enforce required review where needed.
Notifications and collaboration signals
| Signal | Meaning |
|---|---|
| Watching | Subscribe to repository activity |
| Starring | Bookmark or show interest |
| Forking | Create a copy under your account |
| Mentioning | Notify a user or team |
| Assigning | Indicate responsibility |
| Requesting review | Ask for pull request review |
| Subscribing | Follow a specific issue or pull request |
Common trap: starring a repository does not give access, create a copy, or subscribe you to every workflow notification.
High-yield “which feature?” table
| If the question says… | Think… |
|---|---|
| “Track a bug or enhancement” | Issue |
| “Discuss a proposed code change” | Pull request |
| “Require approval before merge” | Branch protection / rulesets |
| “Run tests automatically” | GitHub Actions |
| “Detect leaked credentials” | Secret scanning |
| “Find vulnerable dependencies” | Dependabot alerts |
| “Create dependency update PRs” | Dependabot updates |
| “Analyze code for vulnerabilities” | Code scanning |
| “Host a static site” | GitHub Pages |
| “Develop in a browser environment” | Codespaces |
| “Publish version notes and binaries” | Releases |
| “Mark a version in Git history” | Tags |
| “Organize work visually” | Projects |
| “Categorize issues” | Labels |
| “Group work for a release” | Milestones |
| “Give a team repository access” | Organization teams |
| “Contribute without write access” | Fork and pull request |
| “Standardize issue creation” | Issue templates |
| “Standardize PR descriptions” | Pull request template |
| “Route reviews by file path” | CODEOWNERS |
Common GH-900 traps
Trap 1: Confusing Git actions with GitHub features
| Candidate answer | Why it may be wrong |
|---|---|
| Use GitHub Actions to save file history | Git commits save history |
| Use issues to merge code | Pull requests merge code |
| Use GitHub Projects to run tests | GitHub Actions runs automation |
| Use Dependabot for leaked tokens | Secret scanning detects secrets |
| Use code scanning for dependency updates | Dependabot handles dependency vulnerability alerts and updates |
Trap 2: Confusing visibility with permissions
A private repository limits visibility, but users still need the correct role to read, write, maintain, or administer. A public repository may be visible to everyone, but not everyone can push to it.
Trap 3: Treating pull requests as only a merge button
Pull requests support:
- Code review
- Discussion
- Automated checks
- Linked issues
- Review approvals
- Change history
- Merge control
Trap 4: Assuming local commits are already on GitHub
A commit is local until pushed. If the scenario says the developer committed changes but teammates cannot see them, the likely missing step is git push.
Trap 5: Choosing forks when branches are enough
If a developer has write access to the repository, a branch is often enough. Forks are especially useful when the contributor does not have write access or wants an independent copy.
Trap 6: Confusing Actions secrets with repository secrets in code
Secrets should be stored securely using GitHub secret management, not committed into source files, configuration files, or documentation.
Trap 7: Confusing releases and tags
A tag marks a commit. A release is a GitHub feature that uses a tag and can include release notes and assets.
Scenario decision practice
Use this section like a mini topic drill before moving into original practice questions.
| Scenario | Best answer | Why |
|---|---|---|
| A team wants tests to run whenever a PR is opened | GitHub Actions | PR events can trigger workflows |
A maintainer wants to prevent direct pushes to main | Branch protection or rulesets | Enforces merge requirements |
| A contributor lacks write access but wants to propose a fix | Fork and open PR | Standard open source contribution model |
| A team wants to track bugs and assign owners | Issues | Issues are for work tracking |
| A project needs release notes and downloadable assets | GitHub Releases | Releases package version information |
| A team wants a consistent cloud dev environment | Codespaces | Provides hosted development environments |
| A token is accidentally committed | Secret scanning | Detects exposed secrets |
| A dependency has a known vulnerability | Dependabot alert | Identifies vulnerable dependencies |
| A repository needs contribution instructions | CONTRIBUTING file | Guides contributors |
| A project needs legal reuse terms | LICENSE file | Defines usage rights |
| A team wants to route frontend file changes to frontend reviewers | CODEOWNERS | Maps paths to owners |
Review checklist before question-bank practice
Use this checklist to identify weak spots before attempting a mock exam.
Git and repository basics
- Can you explain Git vs. GitHub?
- Can you distinguish clone, commit, push, pull, and fetch?
- Can you explain branches, merges, conflicts, tags, and releases?
- Can you describe what
.gitignoredoes? - Can you explain local vs. remote repositories?
Collaboration
- Can you explain the purpose of issues, pull requests, discussions, and projects?
- Can you choose between a fork and a branch?
- Can you describe GitHub Flow?
- Can you explain pull request review and status checks?
- Can you identify when to use labels, milestones, assignees, and project views?
Automation
- Can you define workflow, event, job, step, action, and runner?
- Can you identify when GitHub Actions is the right answer?
- Can you explain how CI checks connect to pull requests?
- Can you distinguish artifacts, secrets, and runners?
Security and administration
- Can you distinguish authentication from authorization?
- Can you explain MFA, tokens, SSH keys, and secrets at a high level?
- Can you match secret scanning, code scanning, and Dependabot to scenarios?
- Can you explain branch protection and required checks?
- Can you describe teams, organizations, and repository permissions?
Community and productivity
- Can you explain README, LICENSE, CONTRIBUTING, CODE_OF_CONDUCT, and SECURITY files?
- Can you describe Codespaces, Copilot, Pages, Packages, and Releases?
- Can you identify common open source contribution steps?
- Can you explain notifications, mentions, stars, watchers, and forks?
How to use IT Mastery practice
After reviewing the concepts above, move into an IT Mastery question bank in three passes:
Topic drills Start with focused drills for Git basics, repositories, pull requests, Actions, security, and project management. The goal is not speed yet; the goal is to expose weak concepts.
Mixed original practice questions Use mixed sets to practice switching between features. GH-900-style questions often test whether you can choose the right GitHub capability from similar-looking options.
Mock exams with detailed explanations Take timed mock exams only after the main topics feel familiar. Review every explanation, including questions you answered correctly, because the explanation often clarifies why similar distractors are wrong.
Final quick pass
Before your next practice set, remember these anchors:
- Git tracks changes; GitHub enables collaboration around them.
- Issues track work; pull requests review and merge changes.
- Actions automate workflows; Projects organize work.
- Dependabot handles dependency risk; secret scanning finds exposed secrets; code scanning analyzes code.
- Branches isolate work; forks support independent copies and external contributions.
- Branch protection helps enforce review and quality gates.
- README explains, LICENSE permits, CONTRIBUTING guides, SECURITY reports.
- Codespaces is a cloud development environment; Actions is automation.
- Tags mark versions; Releases publish version information and assets.
Next step: use this Quick Review to choose your weakest GH-900 topic, complete a focused topic drill, and read the detailed explanations before moving to a mixed mock exam.
Continue in IT Mastery
Use this Quick Review as a final concept map, then move into IT Mastery for focused topic drills, mixed practice sets, timed mock exams, and detailed explanations. The practice questions are original IT Mastery practice items; they are not official GitHub questions, copied live-exam content, or exam dumps.