Microsoft DevOps Engineer Expert AZ-400 Practice Question
Your organization hosts multiple repositories on GitHub Enterprise Cloud. You are authoring a workflow in repo "finance-app" that must create a pull request in repo "security-policies" located in the same organization. Organizational policy forbids classic or fine-grained personal access tokens and requires that any credential be short-lived (≤1 hour) and centrally revocable by administrators. What is the most appropriate authentication mechanism to use in the workflow to satisfy these constraints?
Store a classic personal access token as an organization secret and reference it in the workflow.
Create a fine-grained personal access token scoped to both repositories and add it as a repository secret.
Generate an installation access token for a GitHub App that has the required repository permissions and use it within the workflow.
Use the default GITHUB_TOKEN provided to the workflow run.
A GitHub App installation access token is short-lived (expires after one hour by default), can be scoped to one or more repositories-including repositories other than the workflow's own-and can be revoked centrally by removing the App or its installation. The default GITHUB_TOKEN is automatically generated but is limited to the repository that triggers the workflow and therefore cannot create pull requests in another repository. Classic and fine-grained personal access tokens can be scoped to multiple repositories, but they are developer-managed, live for up to one year, and do not meet the organization's requirement for centrally managed rotation and revocation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a GitHub App installation access token?
Open an interactive chat with Bash
Why is the default GITHUB_TOKEN limited in functionality?
Open an interactive chat with Bash
What is the difference between classic personal access tokens and fine-grained personal access tokens?
Open an interactive chat with Bash
Microsoft DevOps Engineer Expert AZ-400
Develop a security and compliance plan
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .