nerdexam
Microsoft

AZ-400 · Question #522

Hotspot Question You have a GitHub organization. You configure the personal access token (PAT) policy shown in the following exhibit. Use the drop-down menus to select the answer choice that completes

The correct answer is Restrict access via personal access tokens (classic): Restrict access via personal access tokens (classic) Organization members will not be allowed to access your organization using a personal access token (classic). This hotspot question tests knowledge of GitHub Organization PAT (Personal Access Token) policies, specifically how 'Restrict personal access tokens (classic)' and token expiration policies affect organization members and their ability to access organization resources.

Submitted by helene.fr· Mar 6, 2026Develop a security and compliance plan

Question

Hotspot Question You have a GitHub organization. You configure the personal access token (PAT) policy shown in the following exhibit. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point. Answer:

Exhibits

AZ-400 question #522 exhibit 1
AZ-400 question #522 exhibit 2

Answer Area

  • Restrict access via personal access tokens (classic)Restrict access via personal access tokens (classic) Organization members will not be allowed to access your organization using a personal access token (classic)
    Allow access via personal access tokens (classic) API and Git access will be allowed using an organization member's personal access token (classic)Restrict access via personal access tokens (classic) Organization members will not be allowed to access your organization using a personal access token (classic)

Explanation

This hotspot question tests knowledge of GitHub Organization PAT (Personal Access Token) policies, specifically how 'Restrict personal access tokens (classic)' and token expiration policies affect organization members and their ability to access organization resources.

Approach. When a GitHub Organization enables the policy 'Restrict personal access tokens (classic)', members CANNOT use classic PATs to access organization resources unless an owner explicitly approves their token. For the expiration policy, when an organization sets a maximum allowed lifetime for PATs, any existing tokens that exceed that expiration limit will be revoked/blocked from accessing organization resources. Organization owners can set these restrictions so that: (1) classic PATs require approval before accessing org resources - meaning a member who creates a classic PAT will need owner approval to use it against org data; and (2) if a required expiration is enforced (e.g., tokens must expire within 30 days), tokens with no expiration or expiration beyond the maximum will be denied access. The correct selections would reflect that under these policies, members are BLOCKED from using unapproved or non-expiring classic PATs, while owners retain the ability to approve or exempt specific tokens.

Concept tested. GitHub Organization PAT policy management - specifically how 'Restrict personal access tokens (classic)' policy and PAT expiration enforcement controls member access to organization resources, requiring owner approval for classic PATs and enforcing maximum token lifetimes.

Reference. https://docs.github.com/en/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization

Topics

#GitHub#personal access tokens (PAT)#security policies#access control

Community Discussion

No community discussion yet for this question.

Full AZ-400 Practice