GitHub Copilot · Difficulty

Hard GH-300 practice questions

Challenge — multi-step scenarios, trade-offs, and subtle distinctions. 16 hard questions available — no sign-up, always free.

Question 1 of 16

A security lead configures content exclusions in the organization settings to block Copilot from using a directory named 'secrets/' that contains credential files. A developer later asks the security lead whether excluding these files also guarantees that the file names, directory structure, and paths within 'secrets/' are hidden from GitHub's servers and never referenced anywhere. What is the accurate response?

Reviewed for accuracy · Report an issue
Question 2 of 16

An organization has configured content exclusions for a repository named 'payments-core' so that Copilot ignores its files inside developers' IDEs. A security lead notices that when browsing that same repository on GitHub.com and using Copilot Chat in the web interface to ask about the excluded files, the assistant still references their contents. The lead asks you to explain this behavior. What is the most accurate explanation?

Reviewed for accuracy · Report an issue
Question 3 of 16

A platform team excludes the repository directory /libs/pricing-engine/** using Copilot content exclusions. A developer working in a separate microservice repository writes code that imports and calls a public helper function whose name and signature happen to match one defined in the excluded pricing-engine directory. The developer is surprised when Copilot completions in the microservice still suggest usages referencing that function name. What is the best explanation for this behavior?

Reviewed for accuracy · Report an issue
Question 4 of 16

A backend developer notices that ever since the platform team added a content exclusion rule for the repository's `/config/legacy-secrets/` directory, Copilot completions in a nearby service file feel less accurate. The service file itself is not excluded, but it imports and calls helper functions defined in files under the excluded directory. The developer asks why the suggestions in the allowed file seem to have gotten worse. What is the most accurate explanation?

Reviewed for accuracy · Report an issue
Question 5 of 16

Your organization has configured Copilot content exclusions on a repository named 'payments-core' to block Copilot from using its files as context. A developer creates a personal fork of 'payments-core' into their own GitHub account and clones that fork locally. When they open files from the forked clone in their IDE, they notice Copilot provides inline completions using content from those files. They open a support ticket claiming content exclusions are broken. What is the most accurate explanation of this behavior?

Reviewed for accuracy · Report an issue
Question 6 of 16

A backend engineer notices that GitHub Copilot completions feel slower when working inside a very large monolithic file compared to smaller files. A teammate suggests this is because Copilot is 'sending the whole repository to be analyzed on every keystroke.' Which explanation most accurately describes what actually happens in the code-suggestion lifecycle?

Reviewed for accuracy · Report an issue
Question 7 of 16

Your organization has configured content exclusions to prevent Copilot from accessing files under a sensitive `/secrets` directory. A developer on the team uses an older third-party editor with a Copilot plugin that does not yet support content exclusions. During a security review, you must explain what happens when this developer works in that editor. Which statement accurately describes the behavior?

Reviewed for accuracy · Report an issue
Question 8 of 16

A developer is testing a `serialize(order)` / `deserialize(bytes)` pair for an order object. Example-based unit tests keep passing, but production occasionally corrupts orders with unusual field combinations the developer never thought to write cases for. They want Copilot to help generate tests that catch these unforeseen combinations without hand-authoring each input. Which prompt approach best leverages Copilot for this need?

Reviewed for accuracy · Report an issue
Question 9 of 16

A developer selects a legacy `calculateShippingCost` function that has no documentation and asks Copilot Chat with `/tests` to generate a unit test suite. The function contains several conditional branches whose business meaning is unclear (e.g., a discount applied only when `weight > 50 && region == 'INTL'`). Copilot produces tests that pass, but the developer is unsure whether the assertions reflect the *intended* behavior or merely the *current* behavior. What is the most appropriate next step to maximize the value of the generated tests?

Reviewed for accuracy · Report an issue
Question 10 of 16

A developer asks Copilot Chat to generate unit tests for a `calculateDiscount(price, tier)` function. Copilot produces tests that all pass, but a subsequent mutation testing run reveals that several mutants (e.g., changing `>=` to `>`, or `*0.9` to `*0.8`) survive because no test fails when the logic is altered. What is the most effective way to use Copilot to address this gap?

Reviewed for accuracy · Report an issue
Question 11 of 16

A developer on your team uses GitHub Copilot to scaffold a customer eligibility function for a lending application. Copilot generates logic that filters applicants based on ZIP code and a variable named 'neighborhood_risk_score'. The code compiles and passes the existing unit tests. As the reviewer responsible for responsible AI practices, what is the most appropriate action before merging?

Reviewed for accuracy · Report an issue
Question 12 of 16

A developer maintains a Node.js service that iterates over an array of 500 user IDs and, inside the loop, calls an external REST endpoint once per ID with `await fetch(...)`. The endpoint also exposes a bulk lookup route that accepts up to 100 IDs per request. The developer selects the loop and asks Copilot Chat: "Refactor this to reduce the number of network round trips." What is the most appropriate way to evaluate Copilot's suggested refactor before merging it?

Reviewed for accuracy · Report an issue
Question 13 of 16

A backend developer accepts a GitHub Copilot suggestion for a regular expression that validates user-submitted email addresses in a public-facing web form. The regex works correctly against the developer's sample inputs and is merged. Two weeks later, the service experiences intermittent CPU spikes and request timeouts whenever certain malformed inputs are submitted. What responsible-use practice should the developer have applied before merging the Copilot-suggested regex?

Reviewed for accuracy · Report an issue
Question 14 of 16

While building a proprietary product, a developer accepts a large, distinctive block of code that GitHub Copilot suggested. A teammate later notices the block appears nearly identical to a snippet from a well-known open-source project distributed under a copyleft (GPL) license. What is the most responsible way to handle this situation before shipping?

Reviewed for accuracy · Report an issue
Question 15 of 16

An enterprise has enabled the public-code matching filter (duplicate detection) for all its Copilot seats. A developer notices that when they ask Copilot Chat to explain a well-known open-source algorithm, the response still reproduces a recognizable code snippet resembling public code, even though inline code completions rarely produce such matches. A compliance officer asks you to explain why the filter did not consistently block this. What is the most accurate explanation?

Reviewed for accuracy · Report an issue
Question 16 of 16

A developer on an Enterprise Cloud plan reports that even after their organization owner enabled the 'Suggestions matching public code' filter to Allow, no matching suggestions appear. The developer confirms their personal Copilot settings also allow matching public code. What is the most likely reason the filter is still blocking these suggestions?

Reviewed for accuracy · Report an issue