GH-100 Question #52: Real Exam Question with Answer & Explanation

Question

You are using GitHub-hosted runners and need to securely deploy to an internal system. The security team requires that these runners use IP address ranges that would not be shared with other companies. Which of the following approaches would meet their requirements?

Options

• AGitHub-hosted larger runners with Azure private networking
• BGitHub-hosted standard runners, using the IP addresses provided in "actions" from
• CGitHub-hosted standard runners, using the IP addresses provided in "api" from
• DGitHub-hosted larger runners with static IP addresses

Explanation

Larger GitHub-hosted runners can be assigned static IP addresses that are dedicated exclusively to your organization - meaning no other company on GitHub shares those IP ranges. This directly satisfies the security team's requirement, since internal firewall rules can allowlist only your organization's IPs.

Why the distractors fail:

• A (Azure private networking): Private networking governs how runners connect to your internal resources, but it does not give your runners unique, organization-exclusive IP addresses. The underlying runner IPs can still be shared infrastructure.
• B ("actions" IP ranges): The actions IP range from the GitHub meta API is the shared pool used by all companies' standard runners - exactly the shared-IP scenario the security team wants to avoid.
• C ("api" IP ranges): The api IP range covers GitHub's API endpoints, not runner egress traffic - it's the wrong metadata key entirely, and standard runners still use shared IPs.

Memory tip: Think Static = Sole ownership. Only option D puts "static" in the answer, and "static" means those IPs belong to you alone - no sharing with other tenants. If the exam ever mentions "IP ranges not shared with other companies," scan for the word static.

No community discussion yet for this question.