40 questions / 10 random questions
Random questions, instant feedback, and review for missed questions.
View recommended Git & CI/CD resources →
How should you safely undo a commit that has already been shared?
Answer: Create an inverse commit with git revert
revert adds an inverse change without rewriting shared history.
You need the latest main changes in a shared feature branch without rewriting collaborators' history. What is appropriate?
Answer: Merge main into the feature branch
On a shared branch, merge integrates changes while preserving existing commit IDs.
You want to bring one commit made on the wrong branch into the current branch. Which operation fits?
Answer: git cherry-pick <commit>
cherry-pick applies a selected commit's change onto the current branch.
You want to stage only parts of a file and leave the rest for a later commit. What is appropriate?
Answer: git add -p
git add -p stages selected hunks interactively.
A private key was accidentally committed locally but not pushed. What should you do first?
Answer: Revoke or rotate the key, remove it from history, and prevent recurrence
Secrets can remain in history, so rotate them, clean the history, and add preventive scanning.
Which practice makes a pull request easier to review?
Answer: Keep one purpose, a small diff, and explain verification
A small focused PR makes impact and verification easier to understand.
What should you always verify after resolving a merge conflict?
Answer: No conflict markers remain and tests plus diff review pass
A syntactically resolved conflict can still be semantically wrong, so review and test it.
You want to keep a tracked file locally but stop tracking it. What is appropriate?
Answer: Run git rm --cached and add it to .gitignore
.gitignore does not affect already tracked files, so remove the file from the index.
You need to efficiently identify which commit introduced a regression among many candidates. What is appropriate?
Answer: Use git bisect to binary-search good and bad revisions
bisect binary-searches between known good and bad commits and can run tests.
You need to temporarily put aside unfinished changes and switch to an urgent fix. What is appropriate?
Answer: Use git stash push and restore it later
stash temporarily saves unfinished changes so you can switch work safely.
You want a durable release reference with metadata and optional signing. What is appropriate?
Answer: Create an annotated tag
An annotated tag stores tagger, date, message, and can be signed.
What is the issue with repeatedly committing large generated binaries to normal Git history?
Answer: History grows and clone or fetch becomes slow
Git retains historical versions, so large binaries increase storage and transfer costs.
Which repository setting prevents direct pushes to main and requires reviewed changes?
Answer: Use branch protection rules requiring PR reviews and status checks
Protection rules restrict direct pushes and require reviews or checks before merge.
When is history-rewriting rebase generally safest?
Answer: When cleaning up your own unshared local branch
Unshared history can be cleaned without invalidating collaborators' references.
On your own branch, how can you reduce the risk of overwriting someone else's newer update when force-pushing?
Answer: Use --force-with-lease
--force-with-lease updates only if the remote tip still matches your expectation.
What is the primary purpose of continuous integration?
Answer: Frequently integrate small changes and detect problems early with automated checks
CI integrates and validates changes early to surface conflicts and defects sooner.
You want to promote the same commit from staging to production after validation. What is appropriate?
Answer: Promote one immutable artifact across environments
Promoting the same artifact prevents differences between tested and deployed content.
A flaky test fails intermittently. What is appropriate?
Answer: Find and fix or quarantine the cause rather than hiding it with unlimited retries
Ignoring flaky tests erodes trust in CI and hides real failures.
What is a sound approach for deploying a backward-compatible database schema change?
Answer: Expand first, support both versions, then contract after migration
Expand/contract preserves compatibility while old and new app versions coexist.
How should you detect problems quickly after production deployment?
Answer: Monitor key SLIs and error rates, stopping or rolling back on thresholds
Release decisions benefit from user-impact metrics and automated guardrails.
What characterizes blue-green deployment?
Answer: Maintain old and new environments and switch traffic between them
Blue-green enables pre-switch validation and fast rollback at the cost of duplicate capacity.
What is the goal of a canary release?
Answer: Expose a new version to a subset, then expand based on metrics
A canary limits exposure while validating production behavior.
Which practice is appropriate for pipeline secrets?
Answer: Use short-lived credentials from a secret store, mask logs, and apply least privilege
Short-lived least-privilege credentials and redaction reduce exposure.
How do you improve dependency reproducibility?
Answer: Commit the lock file and verify pinned versions in CI
A lock file shares one dependency resolution and reduces surprise upgrades.
Which issue should CI cache design avoid?
Answer: Using weak keys that reuse caches across incompatible dependency states
A false cache hit can use stale dependencies and create hard-to-reproduce failures.
What should you consider before adding more parallel jobs?
Answer: Measure dependencies, shared-resource contention, cost, and bottlenecks
Parallelism can speed work but may add contention, cost, and ordering failures.
Which protection is appropriate for a production deployment job?
Answer: Use protected environments, approval, scoped credentials, and audit logs
Production should restrict permissions and execution while preserving traceability.
How should pipeline changes be made safely?
Answer: Review as code, test or dry-run it, and roll it out gradually
A pipeline controls the production path and needs the same review and testing as application code.
Which pipeline measure reduces supply-chain attack risk?
Answer: Pin and verify external actions and dependencies to trusted versions or SHAs
Pinning and verification reduce the risk of executing unexpected upstream changes.
What is the first step in improving a slow pipeline?
Answer: Measure each stage or job and identify the critical path
Measurement identifies the real bottleneck before choosing caching, parallelism, or test splitting.
What basic GitHub Actions setting runs a workflow on pull requests?
Answer: on: pull_request
on defines events that trigger a workflow.
Which keyword makes job B run after job A succeeds?
Answer: needs
needs declares dependencies between jobs.
Which setting prevents concurrent deployments and cancels an outdated run for the same environment?
Answer: concurrency with cancel-in-progress
A concurrency group controls runs for the same target and can cancel stale ones.
What is a safe policy for GITHUB_TOKEN?
Answer: Explicitly set minimum required permissions at workflow or job scope
Restricting permissions reduces the impact of a compromised step.
Which feature helps maintain the same deployment procedure across repositories?
Answer: A reusable workflow
A reusable workflow centralizes a workflow and accepts inputs from callers.
Which feature runs the same tests across multiple OS and version combinations?
Answer: strategy.matrix
A matrix expands jobs for combinations of variables.
What is the strictest way to minimize tampering risk for a referenced third-party action?
Answer: Pin it to a reviewed full commit SHA
A full SHA fixes execution to one commit; updates should be reviewed explicitly.
What should you use for approval and environment secrets before production deployment?
Answer: GitHub environment protection rules and secrets
An environment applies approval rules and environment-specific secrets to jobs.
What is a safe approach to secrets in workflows triggered by fork pull requests?
Answer: Do not expose secrets or write tokens to untrusted code; carefully separate privileged events
Treat fork code as attacker-controlled and isolate privileged operations.
What should you inspect first when troubleshooting a failed workflow?
Answer: The failing job or step logs, relevant inputs, and recent changes
Logs and recent diffs help isolate permission, input, environment, or command failures.