GitHub Foundations — Question 21

Which of the following scenarios requires a developer to explicitly use the GITHUB_TOKEN or github.token secret within a workflow? (Choose two.)

Answer options

• A. passing the GITHUB_TOKEN secret to an action that requires a token as an input
• B. making an authenticated GitHub API request
• C. checking out source code with the actions/checkout@v3 action
• D. assigning non-default permissions to the GITHUB_TOKEN

Correct answer: A, B

Explanation

The correct answers are A and B because both scenarios require the explicit use of the GITHUB_TOKEN to function properly. Option C does not require this as the actions/checkout@v3 action automatically uses the GITHUB_TOKEN without needing to pass it explicitly. Option D is incorrect because assigning non-default permissions is a configuration step rather than a direct usage of the token within a workflow.