FidelusAleksander · FidelusAleksander · Jan 29, 2024 · Jan 28, 2024 · Jan 29, 2024 · Jan 29, 2024
@@ -0,0 +1,12 @@
+---
+question: "What are the steps to enable and enforce SAML SSO for a single organization?"
+archetype: "questions"
+title: "Question 013"
+draft: false
+---
+
+> https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-saml-single-sign-on-for-your-organization/enabling-and-testing-saml-single-sign-on-for-your-organization#enabling-and-testing-saml-single-sign-on-for-your-organization
+1. [x] Navigate to `Your organizations`, choose `Settings`, click on `Authentication security`, select `Enable SAML authentication`, configure IdP settings, test SAML configuration, and enforce SAML SSO.
+1. [ ] Go to `Organization Settings`, select `Security`, choose `SAML Authentication`, enter IdP information, perform a test of the SAML configuration, and enforce SAML SSO.
+1. [ ] In the main menu, select `Organization`, then `Security Settings`, enable `SAML SSO`, fill in the IdP details, test the SSO configuration, and then enforce SAML SSO.
+1. [ ] Access `Organization Settings`, click `Security`, enable `SAML SSO`, add IdP URL, test the configuration, and opt to enforce SAML SSO upon successful testing.
@@ -0,0 +1,12 @@
+---
+question: "Which of the following identity providers (IdPs) is NOT officially supported and internally tested by GitHub Enterprise Cloud for SAML SSO?"
+archetype: "questions"
+title: "Question 014"
+draft: false
+---
+
+> https://docs.github.com/en/enterprise-cloud@latest/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise#supported-identity-providers
+1. [x] Google Identity Platform
+1. [ ] Active Directory Federation Services (AD FS)
+1. [ ] Microsoft Entra ID
+1. [ ] Shibboleth
@@ -0,0 +1,12 @@
+---
+question: "How do you require two-factor authentication (2FA) for an organization?"
+archetype: "questions"
+title: "Question 015"
+draft: false
+---
+
+> https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization#requiring-two-factor-authentication-in-your-organization
+1. [x] In the organization's settings, under `Security`, select `Authentication security`, and then choose `Require two-factor authentication for everyone in your organization`.
+1. [ ] Go to the organization's page, click on `Members`, and individually set up 2FA for each member.
+1. [ ] In your organization's settings, under `Billing`, select `Require two-factor authentication for billing managers only`.
+1. [ ] Send an email to all organization members asking them to manually enable 2FA on their accounts.
@@ -0,0 +1,15 @@
+---
+question: "Which identity providers (IdPs) support GitHub Enterprise Cloud SCIM API for organizations? (Choose three.)"
+archetype: "questions"
+title: "Question 016"
+draft: false
+---
+
+> https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-saml-single-sign-on-for-your-organization/about-scim-for-organizations#supported-identity-providers
+- [x] Microsoft Entra ID
+- [x] Okta
+- [x] OneLogin
+- [ ] Amazon Cognito
+- [ ] Google Identity Platform
+- [ ] Auth0
+- [ ] Keycloak
@@ -0,0 +1,12 @@
+---
+question: "What is the primary function of Enterprise Managed Users in GitHub?"
+archetype: "questions"
+title: "Question 017"
+draft: false
+---
+
+> https://docs.github.com/en/enterprise-cloud@latest/admin/identity-and-access-management/understanding-iam-for-enterprises/about-enterprise-managed-users
+1. [x] To centrally manage identity and access of enterprise members on GitHub from an identity provider (IdP).
+1. [ ] To allow users to manage their own profile information and repository access independently.
+1. [ ] To enable users to create public content and collaborate with other users on GitHub.
+1. [ ] To provide a platform for individual developers to manage their private projects.
@@ -0,0 +1,12 @@
+---
+question: "How are user accounts provisioned with Enterprise Managed Users?"
+archetype: "questions"
+title: "Question 018"
+draft: false
+---
+
+> https://docs.github.com/en/enterprise-cloud@latest/admin/identity-and-access-management/understanding-iam-for-enterprises/about-enterprise-managed-users
+1. [x] User accounts are provisioned by the enterprise's IdP, with access provided to GitHub Enterprise Cloud.
+1. [ ] User accounts are created manually by each user on GitHub.com.
+1. [ ] User accounts are provisioned by GitHub without any input from the enterprise's IdP.
+1. [ ] User accounts are automatically generated based on public email addresses.
@@ -0,0 +1,12 @@
+---
+question: "What is required for a user to authenticate with a managed user account?"
+archetype: "questions"
+title: "Question 019"
+draft: false
+---
+
+> https://docs.github.com/en/enterprise-cloud@latest/admin/identity-and-access-management/understanding-iam-for-enterprises/about-enterprise-managed-users#authenticating-with-a-managed-user-account
+1. [x] Users must authenticate on the enterprise's IdP to access resources on GitHub.com.
+1. [ ] Users authenticate through a public GitHub login page without any enterprise interference.
+1. [ ] Authentication is bypassed for enterprise managed users for ease of access.
+1. [ ] Users provide a special GitHub-managed authentication token.
@@ -0,0 +1,12 @@
+---
+question: "Which statement is true regarding usernames and profile information for Enterprise Managed Users?"
+archetype: "questions"
+title: "Question 020"
+draft: false
+---
+
+> https://docs.github.com/en/enterprise-cloud@latest/admin/identity-and-access-management/understanding-iam-for-enterprises/about-enterprise-managed-users
+1. [x] Usernames and profile information are set through the enterprise's IdP and cannot be changed by the users.
+1. [ ] Users can change their usernames and profile information at any time on GitHub.
+1. [ ] Usernames and profile information are set by the users themselves during the GitHub account setup.
+1. [ ] GitHub automatically assigns random usernames and profile information for enhanced security.
@@ -0,0 +1,12 @@
+---
+question: "What are the implications of a managed user needing to contribute to resources outside of the enterprise?"
+archetype: "questions"
+title: "Question 021"
+draft: false
+---
+
+> https://docs.github.com/en/enterprise-cloud@latest/admin/identity-and-access-management/understanding-iam-for-enterprises/about-enterprise-managed-users#supporting-developers-with-multiple-user-accounts-on-githubcom
+1. [x] Managed users are not allowed to contribute to public resources, and they need a separate personal account for this purpose.
+1. [ ] Managed users can freely contribute to public resources and external enterprises without restrictions.
+1. [ ] Managed users must request special permission from GitHub to contribute to external resources.
+1. [ ] Contributions to external resources are automatically managed by the enterprise's IdP.
@@ -0,0 +1,12 @@
+---
+question: "What is SCIM in the context of GitHub?"
+archetype: "questions"
+title: "Question 021"
+draft: false
+---
+
+> https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-saml-single-sign-on-for-your-organization/about-scim-for-organizations
+1. [x] SCIM, or System for Cross-domain Identity Management, is a protocol designed to automate identity provisioning and management. In GitHub, SCIM integrates with external Identity Providers (IdPs) to manage GitHub Enterprise Cloud organization memberships, using a base URL for SCIM endpoints to perform operations like listing, inviting, and updating user identities.
+1. [ ] SCIM is a user management system exclusive to GitHub, allowing users to customize their profiles and repositories. In GitHub, SCIM works by providing a platform-specific interface for these customizations.
+1. [ ] SCIM stands for System for Cross-domain Identity Management. It's a protocol that GitHub uses to manage internal database systems, focusing mainly on securing data and user information without integrating with any external systems.
+1. [ ] SCIM is a GitHub-specific tool used for enhancing the network performance of GitHub servers. It works by managing internet bandwidth and traffic within the GitHub ecosystem, ensuring optimal performance for all users.
@@ -0,0 +1,12 @@
+---
+question: "What's the purpose of SCIM and team synchronization in GitHub?"
+archetype: "questions"
+title: "Question 023"
+draft: false
+---
+
+> https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization
+1. [x] Team synchronization connects GitHub teams with IdP groups for membership management, relying on SAML single sign-on, whereas SCIM automates identity provisioning and management across systems, including creating and updating user identities and access.
+1. [ ] Team synchronization is an automated process that allows users to manage their public profiles and repositories through a GitHub-specific interface.
+1. [ ] Team synchronization is used for internal data security and user information management, while SCIM is an interface for user profile and repository customization.
+1. [ ] Both team synchronization and SCIM in GitHub are used for user provisioning services, inviting non-members to join organizations and managing public profiles and repositories.
@@ -0,0 +1,16 @@
+---
+question: "What are valid authentication methods available in GitHub? (choose six.)"
+archetype: "questions"
+title: "Question 023"
+draft: false
+---
+
+> https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/about-authentication-to-github
+- [x] Username and password (with optional 2FA)
+- [x] Personal access token (PAT)
+- [x] SSH KEY
+- [x] SAML SSO for enterprise accounts
+- [x] Passkey authentication (opt-in beta for passwordless login)
+- [x] OAuth tokens for third-party app integrations
+- [ ] QR code system linked to a mobile device
+- [ ] Authentication via social media accounts like Facebook or Google
@@ -1,25 +1,29 @@
 {
-    "version": "0.2",
-    "language": "en",
-    "words": [
-        "autobuild",
-        "automations",
-        "codebases",
-        "CODEOWNERS",
-        "Codespace",
-        "Codespaces",
-        "devcontainer",
-        "Innersource",
-        "InnerSource",
-        "Kanban",
-        "octo",
-        "octocat",
-        "OIDC",
-        "preconfigured",
-        "qlcli",
-        "roadmaps",
-        "SARIF",
-        "sarifs",
-        "GHAS"
-    ]
+  "version": "0.2",
+  "language": "en",
+  "words": [
+    "autobuild",
+    "automations",
+    "codebases",
+    "CODEOWNERS",
+    "Codespace",
+    "Codespaces",
+    "devcontainer",
+    "Innersource",
+    "InnerSource",
+    "Kanban",
+    "octo",
+    "octocat",
+    "OIDC",
+    "preconfigured",
+    "qlcli",
+    "roadmaps",
+    "SARIF",
+    "sarifs",
+    "GHAS",
+    "SCIM",
+    "Keycloak",
+    "Entra",
+    "passwordless"
+  ]
 }