nerdexam
Microsoft

AZ-400 · Question #578

Drag and Drop Question You have a GitHub organization. You are creating a GitHub Actions workflow. You need to perform authenticated API requests by using a GitHub app name App1. Which four actions sh

The correct answer is Register App1 and store the app ID as a GitHub Actions secret.; Generate a private key and store the key as a secret.; Install App1 in your organization.; Generate an installation access token.. To perform authenticated API requests using a GitHub App, you must first register the app and store its app ID as a secret, then generate a private key (stored as a secret) which is used to sign JWTs. Next, you install the app in your organization to grant it permissions, and fin

Submitted by yousef_jo· Mar 6, 2026Manage GitHub Actions secrets, authentication mechanisms, and integrate GitHub Apps for automated authenticated API access within workflows

Question

Drag and Drop Question You have a GitHub organization. You are creating a GitHub Actions workflow. You need to perform authenticated API requests by using a GitHub app name App1. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Answer:

Exhibit

AZ-400 question #578 exhibit

Answer Area

Drag items

Register App1 and store the app ID as a GitHub Actions secret.Generate a JSON Web Token (JWT).Generate a private key and store the key as a secret.Create an app manifest.Generate an installation access token.Install App1 in your organization.

Correct arrangement

  • Register App1 and store the app ID as a GitHub Actions secret.
  • Generate a private key and store the key as a secret.
  • Install App1 in your organization.
  • Generate an installation access token.

Explanation

To perform authenticated API requests using a GitHub App, you must first register the app and store its app ID as a secret, then generate a private key (stored as a secret) which is used to sign JWTs. Next, you install the app in your organization to grant it permissions, and finally you use the private key to generate an installation access token (which requires a JWT internally but the actionable step is obtaining the scoped token) that is used for authenticated API calls. This sequence follows GitHub's official authentication flow: register → key → install → token.

Topics

#GitHub Apps Authentication#GitHub Actions#Installation Access Tokens#API Security

Community Discussion

No community discussion yet for this question.

Full AZ-400 Practice