GH-100 Question #18: Real Exam Question with Answer & Explanation

Question

What additional capability does secret scanning offer for private repositories on GitHub Enterprise Cloud?

Options

• AAllows custom pattern definitions for internal secret formats.
• BDisables any code that contains a secret.
• CRewrites history to remove secrets.
• DRevokes GitHub access tokens automatically.

Explanation

GitHub Enterprise Cloud's secret scanning extends beyond detecting publicly-known token formats by allowing organizations to define custom patterns that match their internal or proprietary secret formats - things like internal API keys, database connection strings, or custom token schemas that GitHub wouldn't know about by default. This is the key differentiator for private repos on Enterprise Cloud, giving teams control over what counts as a "secret" in their specific context.

Why the distractors are wrong:

• B - Secret scanning alerts on secrets; it doesn't disable or block code execution.
• C - Rewriting git history is a separate manual process (e.g., git filter-repo); secret scanning has no such capability.
• D - GitHub does automatically revoke some exposed tokens (like GitHub PATs) via its partner program, but this applies broadly, not as a private-repo-only Enterprise Cloud feature.

Memory tip: Think "private = proprietary." Private repositories in enterprises often have private/internal secret formats, so the extra capability is defining custom (private) patterns - matching the "private" theme of the question.

No community discussion yet for this question.