Use this quick start guide to collect all the information about Microsoft GitHub Actions (GH-200) Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the GH-200 Microsoft GitHub Actions exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual Microsoft GitHub Actions certification exam.
The Microsoft GitHub Actions certification is mainly targeted to those candidates who want to build their career in GitHub domain. The Microsoft GitHub Actions exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of Microsoft GitHub Actions.
Microsoft GitHub Actions Exam Summary:
| Exam Name | Microsoft GitHub Actions |
| Exam Code | GH-200 |
| Exam Price | $99 (USD) |
| Duration | 100 mins |
| Number of Questions | 72 |
| Passing Score | 700 / 1000 |
| Books / Training | GH-200T00-A: Automate your workflow with GitHub Actions |
| Schedule Exam | Pearson VUE |
| Sample Questions | Microsoft GitHub Actions Sample Questions |
| Practice Exam | Microsoft GH-200 Certification Practice Exam |
Microsoft GH-200 Exam Syllabus Topics:
| Topic | Details |
|---|---|
Author and manage workflows (20-25%) |
|
| Configure workflow triggers and events |
- Configure workflows to run for scheduled, manual, webhook, and repository events - Choose appropriate scope, permissions, and events for workflow automation - Define and validate workflow_dispatch inputs (types, required, defaults) and pass inputs to reusable workflows via workflow_call with inputs and secrets mapping |
| Design and implement workflow structure |
- Use jobs, steps, and conditional logic - Implement dependencies between jobs - Use workflow commands and environment variables - Use service containers (services:) for dependent services (databases, queues); configure ports, health checks, and container options - Use strategy and matrix to generate job variations (OS, language/runtime versions); apply include/exclude; control fail-fast and max-parallel; optimize matrix size for cost and performance; account for runner image changes (Ubuntu 20.04 deprecation, Windows Server 2025 migration for windows-latest) - Implement YAML anchors and aliases (&, * and merge <<) to reuse repeated mappings/steps within a single workflow file - Use predefined contexts (github, runner, env, vars, secrets, inputs, matrix, needs, strategy, job, steps, github.event, github.ref) to access workflow, repository, and runtime metadata; understand immutable actions behavior and version pinning requirements - Evaluate expressions with ${{ }} referencing contexts; distinguish static (workflow parse) vs runtime evaluation; prevent secret leakage in logs and expressions - Leverage editor tooling (GitHub Actions VS Code extension / YAML schema completion, metadata IntelliSense, validation) to author and maintain workflows efficiently |
| Manage workflow execution and outputs |
- Configure caching and artifact management; apply retention policies via REST APIs (logs, artifacts, workflow runs) at org/repo level - Pass data between jobs and steps (artifacts, outputs, environment files via GITHUB_ENV and GITHUB_OUTPUT, reusable workflow outputs) - Generate job summaries using GITHUB_STEP_SUMMARY for rich Markdown reports (test results, coverage, links) - Add workflow status badges and environment protections |
Consume and troubleshoot workflows (15-20%) |
|
| Interpret workflow behavior and results |
- Identify workflow triggers and effects from configuration and logs - Diagnose failed workflow runs using logs and run history - Expand and interpret YAML anchors, aliases, and merged mappings when analyzing workflow configuration - Interpret matrix expansions, correlate job names to matrix axes, analyze failures across variants, and selectively rerun individual matrix jobs |
| Access workflow artifacts and logs |
- Locate workflows, logs, and artifacts in the UI and via API - Download and manage workflow artifacts |
| Use and manage workflow templates |
- Consume organization-level and reusable workflows - Consume non-public organization workflow templates - Use starter workflows (public and private/non-public templates); customize and adapt; distinguish from reusable workflows and composite actions - Differentiate starter workflows (copy scaffold, independent after creation) vs reusable workflows (central versioned definition invoked via workflow_call) vs composite actions (encapsulated step logic) - Contrast disabling and deleting workflows |
Author and maintain actions (15-20%) |
|
| Create and troubleshoot custom actions |
- Identify and implement action types (JavaScript, Docker, composite); understand immutable actions rollout on hosted runners and implications for version pinning and registry sources - Troubleshoot action execution and errors |
| Define action structure and metadata |
- Specify required files, directory structure, and metadata - Implement workflow commands within actions |
| Distribute and maintain actions |
- Select distribution models (public, private, marketplace) - Publish actions to the GitHub Marketplace - Apply versioning and release strategies |
Manage GitHub Actions for the enterprise (20-25%) |
|
| Distribute and govern actions and workflows |
- Define and manage reusable components and templates - Control access to actions and workflows within the enterprise - Configure organizational use policies |
| Manage runners at scale |
- Configure and monitor GitHub-hosted and self-hosted runners - Apply IP allow lists and networking settings - Manage runner groups and troubleshoot runner issues - Identify preinstalled software/tool versions on GitHub-hosted runners (image release notes, toolcache) and install additional software at runtime (setup-* actions, package managers, caching, container images, custom self-hosted images) |
| Manage encrypted secrets and variables |
- Define and scope encrypted secrets and variables at the organization, repository, and environment levels - Access and use secrets and variables in workflows and actions; manage secrets and variables programmatically via REST APIs |
Secure and optimize automation (10-15%) |
|
| Implement security best practices |
- Use environment protections and approval gates - Identify and use trustworthy actions from the Marketplace - Mitigate script injection (sanitize/validate inputs, least-privilege permissions, avoid untrusted data in run:, proper shell quoting, prefer vetted actions over inline scripts) - Understand GITHUB_TOKEN lifecycle (ephemeral, scoped), configure granular permissions, contrast with PAT; restrict write scopes - Use OIDC token (id-token permission) for cloud provider federation to eliminate long-lived cloud secrets - Pin third-party actions to full commit SHAs; align with immutable actions enforcement on hosted runners; avoid floating @main/@v\* without justification - Enforce action usage policies (organization/repository allow/deny lists, required reviewers for unverified actions) - Generate and verify artifact attestations / provenance (e.g., SLSA, build metadata) and integrate into deployment verification |
| Optimize workflow performance and cost |
- Configure caching and artifact retention for efficiency; apply retention policies programmatically via REST APIs - Recommend strategies for scaling and optimizing workflows |
To ensure success in Microsoft GitHub Actions certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for Microsoft GitHub Actions (GH-200) exam.
