| Implement secure software development and compliance | The biggest domain. Organization and enterprise policies, rulesets, audit logging and reporting, vulnerability alerts, secret scanning and CodeQL enablement, Dependabot and security advisories, a security response plan, PAT and GitHub App rate limits, and approving apps by policy. | 25 to 30% |
| Manage GitHub Actions | Governing automation, not writing it: reuse policies for actions and workflows, organizational Actions policies, GitHub-hosted vs self-hosted runner options, runner groups, IP allow lists and networking including Azure private networking, secret scoping at organization and repository level, and third-party vault integration. | 20 to 25% |
| Manage GitHub identities and access | Managed users vs personal accounts, SAML SSO and 2FA enforcement, SCIM vs team sync and their key differences, choosing identity providers, organization and repository roles, enterprise teams, and access audits. | 15 to 20% |
| Administer GitHub Enterprise environment | The four deployment scenarios (GHEC with EMU, GHEC with Data Residency plus EMU, GHEC with personal accounts, GHES), licensing and billing models, license consumption monitoring, support bundles and diagnostics, and defining workflow, branching, review and release standards. | 10 to 15% |
| Monitor and optimize GitHub usage | Audit log and API usage analysis, spotting underutilized features and adoption patterns, interpreting usage reports for metered products, and license and resource cost optimization. | 10 to 15% |