AZ-400 · Question #522
Hotspot Question You have a GitHub organization. You configure the personal access token (PAT) policy shown in the following exhibit. Use the drop-down menus to select the answer choice that completes
The correct answer is Restrict access via personal access tokens (classic): Restrict access via personal access tokens (classic) Organization members will not be allowed to access your organization using a personal access token (classic). This hotspot question tests knowledge of GitHub Organization PAT (Personal Access Token) policies, specifically how 'Restrict personal access tokens (classic)' and token expiration policies affect organization members and their ability to access organization resources.
Question
Exhibits
Answer Area
- Restrict access via personal access tokens (classic)Restrict access via personal access tokens (classic) Organization members will not be allowed to access your organization using a personal access token (classic)Allow access via personal access tokens (classic) API and Git access will be allowed using an organization member's personal access token (classic)Restrict access via personal access tokens (classic) Organization members will not be allowed to access your organization using a personal access token (classic)
Explanation
This hotspot question tests knowledge of GitHub Organization PAT (Personal Access Token) policies, specifically how 'Restrict personal access tokens (classic)' and token expiration policies affect organization members and their ability to access organization resources.
Approach. When a GitHub Organization enables the policy 'Restrict personal access tokens (classic)', members CANNOT use classic PATs to access organization resources unless an owner explicitly approves their token. For the expiration policy, when an organization sets a maximum allowed lifetime for PATs, any existing tokens that exceed that expiration limit will be revoked/blocked from accessing organization resources. Organization owners can set these restrictions so that: (1) classic PATs require approval before accessing org resources - meaning a member who creates a classic PAT will need owner approval to use it against org data; and (2) if a required expiration is enforced (e.g., tokens must expire within 30 days), tokens with no expiration or expiration beyond the maximum will be denied access. The correct selections would reflect that under these policies, members are BLOCKED from using unapproved or non-expiring classic PATs, while owners retain the ability to approve or exempt specific tokens.
Concept tested. GitHub Organization PAT policy management - specifically how 'Restrict personal access tokens (classic)' policy and PAT expiration enforcement controls member access to organization resources, requiring owner approval for classic PATs and enforcing maximum token lifetimes.
Topics
Community Discussion
No community discussion yet for this question.

