GitHub Foundations — Question 6

As a developer, you need to make sure that only actions from trusted sources are available for use in your GitHub Enterprise Cloud organization. Which of the following statements are true? (Each correct answer presents a complete solution. Choose three.)

Answer options

• A. Actions can be published to an internal marketplace.
• B. GitHub-verified actions can be collectively enabled for use in the enterprise.
• C. Specific actions can individually be enabled for the organization, including version information.
• D. Actions can be restricted to only those available in the enterprise.
• E. Individual third-party actions enabled with a specific tag will prevent updated versions of the action from introducing vulnerabilities.
• F. Actions created by GitHub are automatically enabled and cannot be disabled.

Correct answer: A, B, C

Explanation

Options A, B, and C are correct as they describe valid methods for managing actions in a GitHub Enterprise Cloud organization by allowing publication to an internal marketplace, enabling verified actions collectively, and permitting individual action enablement with version control. Options D, E, and F are incorrect because they either misrepresent the restriction capabilities of actions, the security implications of third-party actions, or the automatic enabling of GitHub-created actions.