Update knowledge-check.yml

Chukslord1 · web-flow · commit e9d0a513c4be · 2025-05-27T00:56:14.000+01:00
diff --git a/learn-pr/github/manage-github-actions-enterprise/knowledge-check.yml b/learn-pr/github/manage-github-actions-enterprise/knowledge-check.yml
@@ -14,84 +14,6 @@ content: |
 quiz:
   title: Check your knowledge
   questions:
-
-  - content: "What actions can you take at enterprise level to manage the use of GitHub Actions in your enterprise instance?"
-    choices:
-    - content: "Create workflow templates"
-      isCorrect: false
-      explanation: "Incorrect. Workflow templates are created at organizational level."
-    - content: "Configure a GitHub Actions use policy"
-      isCorrect: true
-      explanation: "Correct. GitHub Actions use policies enable you to restrict access to GitHub Actions to specific organizations in your instance."
-    - content: "Manually sync public actions in Enterprise Cloud"
-      isCorrect: false
-      explanation: "Incorrect. Public actions are automatically synced in Enterprise Cloud. Only with Enterprise Server do you have the possibility to manually sync public actions instead of automatically."
-  - content: "What actions can you take to configure self-hosted runners for your enterprise use?"
-    choices:
-    - content: "Create and add custom labels to your runners"
-      isCorrect: true
-      explanation: "Correct. Custom labels can be used when you need to run jobs on runners that have specific capabilities."
-    - content: "Add proxy configurations to your runners after they start."
-      isCorrect: false
-      explanation: "Incorrect. If you need a self-hosted runner to communicate with GitHub via a proxy server, you must add all proxy configurations to your runner before starting it."
-    - content: "Add the IP address or IP address range of your runners at repository level."
-      isCorrect: false
-      explanation: "Incorrect. If your organization has configured an IP allowlist, you must add the IP address or IP address range of your self-hosted runners to the IP allowlist. IP allowlists are found in an organization's Settings."
-  - content: "What are encrypted secrets?"
-    choices:
-    - content: "Encrypted secrets are authentication tokens you can generate in your account settings."
-      isCorrect: false
-      explanation: "Incorrect. The authentication tokens you can create in your account settings are personal access tokens (PATs)."
-    - content: "Encrypted secrets are the equivalent of SSH keys in GitHub."
-      isCorrect: false
-      explanation: "Incorrect. SSH keys are also called SSH keys in GitHub."
-    - content: "Encrypted secrets are encrypted environment variables you can create to store sensitive information."
-      isCorrect: true
-      explanation: "Correct. Once created, encrypted secrets become available for use in your workflows and actions at the level at which they were created (organization, repository, or environment)."
-  - content: "Which credential type poses the greatest security risk if used to access repositories from GitHub Actions??"
-    choices:
-    - content: "Repository deploy keys"
-      isCorrect: false
-      explanation: "Incorrect. Repository deploy keys are actually recommended as they grant access only to a single repository."
-    - content: "Personal access token (classic)"
-      isCorrect: true
-      explanation: "Correct. Personal access tokens (classic) grant broad access to all repositories you have access to, creating unnecessary security risks."
-    - content: "GitHub App tokens"
-      isCorrect: false
-      explanation: "Incorrect. GitHub App tokens provide granular permissions and are recommended for cross-repository access."
-    - content: "GITHUB_TOKEN"
-      isCorrect: false
-      explanation: "Incorrect. GITHUB_TOKEN is not recommended as it's intentionally scoped to a single repository."
-  - content: "Which feature in GitHub allows you to enforce that automated tests must pass before code can be merged to the main branch?"
-    choices:
-    - content: "Organization secrets"
-      isCorrect: false
-      explanation: "Incorrect. Organization secrets store sensitive information like API keys and credentials for use in GitHub Actions workflows. While important for security, they don't enforce automated test requirements before merging code."
-    - content: "Repository rule sets"
-      isCorrect: true
-      explanation: "Correct. Repository rule sets allow you to enforce policies across branches, including requiring status checks (which represent automated tests) to pass before merging. As stated in the content: \"Rule Sets can enforce that certain Actions (e.g., tests) must pass before merges\" and under Components of Rule Sets, it mentions \"Require status checks to pass before merging\" as a Pull Request Requirement."
-    - content: "Workflow templates"
-      isCorrect: false
-      explanation: "Incorrect. Workflow templates help standardize automation across an organization by providing predefined workflow structures, but they don't enforce that those workflows must pass before merging. They simply make it easier to create consistent workflows."
-    - content: "Runner groups"
-      isCorrect: false
-      explanation: "Incorrect. Runner groups organize self-hosted runners in GitHub Actions, allowing you to control which repositories can use specific runners. They don't enforce test requirements before merging code."
-
-    - content: "Which of the following is a feature unique to GitHub Enterprise Cloud (GHEC)?"
-      choices:
-        - content: "Requires on-premises deployment and infrastructure management"
-          isCorrect: false
-          explanation: "Incorrect. This describes GitHub Enterprise Server (GHES), not GHEC. GHEC is hosted and managed by GitHub in the cloud."
-        - content: "Provides centralized user management with identity provider integration"
-          isCorrect: true
-          explanation: "GHEC supports centralized user management and integrates with identity providers using SAML (for SSO) and SCIM (for user provisioning), which is a key feature of cloud-hosted enterprise solutions."
-        - content: "Must be installed and maintained by the organization's IT team"
-          isCorrect: false
-          explanation: "Incorrect. GHEC is maintained by GitHub and requires no installation or infrastructure management by the organization."
-        - content: "Operates entirely within a private cloud environment"
-          isCorrect: false
-          explanation: "Incorrect. GHEC operates in GitHub’s public cloud infrastructure, not a private cloud."
-
     - content: "What actions can you take at enterprise level to manage the use of GitHub Actions in your enterprise instance?"
       choices:
         - content: "Create workflow templates"
@@ -126,51 +48,94 @@ quiz:
           explanation: "Incorrect. SSH keys are also called SSH keys in GitHub."
         - content: "Encrypted secrets are encrypted environment variables you can create to store sensitive information."
           isCorrect: true
-          explanation: "Correct. Once created, encrypted secrets become available for use in your workflows and actions at the level at which they were created (organization or repository)."
+          explanation: "Correct. Once created, encrypted secrets become available for use in your workflows and actions at the level at which they were created (organization, repository, or environment)."
 
-    - content: What is a key benefit of using **reusable workflows** in GitHub Actions?
+    - content: "Which credential type poses the greatest security risk if used to access repositories from GitHub Actions?"
       choices:
-        - content: Prevents any external contributors from running workflows
+        - content: "Repository deploy keys"
           isCorrect: false
-          explanation: Reusable workflows improve standardization, but they do not automatically block external contributors. Security settings must be configured separately.
-        - content: Reduces redundancy and maintenance overhead
+          explanation: "Incorrect. Repository deploy keys are actually recommended as they grant access only to a single repository."
+        - content: "Personal access token (classic)"
           isCorrect: true
-          explanation: Reusable workflows help avoid repetitive configuration across multiple repositories, reducing maintenance effort.
-        - content: Can only be used in the same repository where they are defined
+          explanation: "Correct. Personal access tokens (classic) grant broad access to all repositories you have access to, creating unnecessary security risks."
+        - content: "GitHub App tokens"
           isCorrect: false
-          explanation: Reusable workflows can be referenced from a different repository, allowing broader reuse.
-        - content: Automatically restricts all workflows to internal users
+          explanation: "Incorrect. GitHub App tokens provide granular permissions and are recommended for cross-repository access."
+        - content: "GITHUB_TOKEN"
           isCorrect: false
-          explanation: GitHub does not enforce internal-only workflow execution unless explicitly configured.
+          explanation: "Incorrect. GITHUB_TOKEN is not recommended as it's intentionally scoped to a single repository."
 
-    - content: What is a primary benefit of using **GitHub-hosted runners** instead of self-hosted runners?
+    - content: "Which feature in GitHub allows you to enforce that automated tests must pass before code can be merged to the main branch?"
       choices:
-        - content: Full control over hardware and software configuration
-          isCorrect: false
-          explanation: Full control is a feature of self-hosted runners.
-        - content: Ability to access internal/private networks
+        - content: "Organization secrets"
           isCorrect: false
-          explanation: GitHub-hosted runners do not have direct access to internal networks.
-        - content: Automatic updates for the OS and preinstalled packages
+          explanation: "Incorrect. Organization secrets store sensitive information like API keys and credentials for use in GitHub Actions workflows. While important for security, they don't enforce automated test requirements before merging code."
+        - content: "Repository rule sets"
           isCorrect: true
-          explanation: GitHub-hosted runners are automatically updated by GitHub, including OS patches and preinstalled tools.
-        - content: Custom installation of non-standard software
+          explanation: "Correct. Repository rule sets allow you to enforce policies across branches, including requiring status checks (which represent automated tests) to pass before merging."
+        - content: "Workflow templates"
           isCorrect: false
-          explanation: Custom installation is supported with self-hosted runners, not GitHub-hosted ones.
+          explanation: "Incorrect. Workflow templates help standardize automation across an organization by providing predefined workflow structures, but they don't enforce that those workflows must pass before merging."
+        - content: "Runner groups"
+          isCorrect: false
+          explanation: "Incorrect. Runner groups organize self-hosted runners but don’t enforce test requirements before merging code."
 
-    - content: What is the best practice when managing **encrypted secrets** in GitHub Actions?
+    - content: "Which of the following is a feature unique to GitHub Enterprise Cloud (GHEC)?"
       choices:
-        - content: Print secrets in workflow logs to assist with debugging
+        - content: "Requires on-premises deployment and infrastructure management"
+          isCorrect: false
+          explanation: "Incorrect. This describes GitHub Enterprise Server (GHES), not GHEC."
+        - content: "Provides centralized user management with identity provider integration"
+          isCorrect: true
+          explanation: "Correct. GHEC supports centralized user management and integrates with identity providers using SAML and SCIM."
+        - content: "Must be installed and maintained by the organization's IT team"
           isCorrect: false
-          explanation: Secrets should never be exposed in logs.
-        - content: Use the same secret across all repositories for consistency
+          explanation: "Incorrect. GHEC is maintained by GitHub and requires no installation or infrastructure management."
+        - content: "Operates entirely within a private cloud environment"
           isCorrect: false
-          explanation: Sharing the same secret increases security risk and violates the principle of least privilege.
-        - content: Limit access by defining secrets at the lowest necessary level
+          explanation: "Incorrect. GHEC operates in GitHub’s public cloud infrastructure."
+
+    - content: "What is a key benefit of using **reusable workflows** in GitHub Actions?"
+      choices:
+        - content: "Prevents any external contributors from running workflows"
+          isCorrect: false
+          explanation: "Incorrect. Security settings must be configured separately."
+        - content: "Reduces redundancy and maintenance overhead"
           isCorrect: true
-          explanation: Scoping secrets appropriately minimizes exposure and enhances security.
-        - content: Store secrets in the GitHub Actions log archive
+          explanation: "Correct. Reusable workflows help avoid repetitive configuration across multiple repositories."
+        - content: "Can only be used in the same repository where they are defined"
           isCorrect: false
-          explanation: Storing secrets in logs is unsafe and not a recommended practice.
+          explanation: "Incorrect. Reusable workflows can be referenced from other repositories."
+        - content: "Automatically restricts all workflows to internal users"
+          isCorrect: false
+          explanation: "Incorrect. This must be explicitly configured."
 
+    - content: "What is a primary benefit of using **GitHub-hosted runners** instead of self-hosted runners?"
+      choices:
+        - content: "Full control over hardware and software configuration"
+          isCorrect: false
+          explanation: "Incorrect. That’s a benefit of self-hosted runners."
+        - content: "Ability to access internal/private networks"
+          isCorrect: false
+          explanation: "Incorrect. GitHub-hosted runners lack access to internal networks."
+        - content: "Automatic updates for the OS and preinstalled packages"
+          isCorrect: true
+          explanation: "Correct. GitHub-hosted runners are maintained and updated by GitHub."
+        - content: "Custom installation of non-standard software"
+          isCorrect: false
+          explanation: "Incorrect. That’s supported in self-hosted runners."
 
+    - content: "What is the best practice when managing **encrypted secrets** in GitHub Actions?"
+      choices:
+        - content: "Print secrets in workflow logs to assist with debugging"
+          isCorrect: false
+          explanation: "Incorrect. Secrets should never be exposed in logs."
+        - content: "Use the same secret across all repositories for consistency"
+          isCorrect: false
+          explanation: "Incorrect. It violates the principle of least privilege."
+        - content: "Limit access by defining secrets at the lowest necessary level"
+          isCorrect: true
+          explanation: "Correct. This minimizes exposure and enhances security."
+        - content: "Store secrets in the GitHub Actions log archive"
+          isCorrect: false
+          explanation: "Incorrect. Storing secrets in logs is unsafe and discouraged."
