Use GitHub Copilot responsibly
Drill 13 practice questions focused entirely on Use GitHub Copilot responsibly for the GitHub GH-300 exam. Tap an answer for instant feedback and a full explanation — no sign-up, always free.
A developer on your team uses GitHub Copilot to scaffold a customer eligibility function for a lending application. Copilot generates logic that filters applicants based on ZIP code and a variable named 'neighborhood_risk_score'. The code compiles and passes the existing unit tests. As the reviewer responsible for responsible AI practices, what is the most appropriate action before merging?
While building a user-registration service, a developer accepts a GitHub Copilot suggestion that adds a helpful debug log line. During code review, a teammate notices the suggested statement writes the full request body—including the user's plaintext password and email—to the application log. What is the most responsible way to handle this Copilot suggestion?
A developer uses GitHub Copilot to generate a full suite of unit tests for a newly written payment-reconciliation module. All the generated tests pass on the first run, and the developer wants to merge the module into the main branch, citing the passing tests as evidence of correctness. What is the most responsible next step before relying on these tests?
A backend developer asks GitHub Copilot to add rate-limiting to a Node.js service. Copilot suggests code that imports a package named 'express-smart-throttle' and calls a method configureAdaptiveLimits(). The developer has never heard of this package, and the suggestion looks clean and syntactically correct. What is the most responsible next step before committing the code?
You lead a team of junior developers who have adopted GitHub Copilot. Over several sprints, you notice that some developers accept nearly every suggestion without reading it, struggle to explain how their merged code works during reviews, and cannot debug issues when Copilot is unavailable. Which responsible-use strategy best addresses this over-reliance while retaining Copilot's productivity benefits?
A front-end developer uses GitHub Copilot to scaffold a new customer sign-up form for a public government service that must meet WCAG accessibility standards. Copilot quickly generates a working HTML form with styled inputs and a submit button, and the visual layout looks correct in the browser. Before merging, what is the most responsible action the developer should take regarding the generated code?
Your engineering team at a regulated financial firm has adopted GitHub Copilot. During a code audit, a compliance reviewer asks how the team ensures transparency about which code was AI-assisted, so that reviewers can apply appropriate scrutiny and the organization can demonstrate responsible AI governance. The team currently uses Copilot heavily but keeps no record of where it was used. What is the most responsible practice to adopt?
A backend engineer accepts a Copilot suggestion that loads all customer records into memory and filters them with a nested loop to find matching orders. The code passes unit tests against the small test fixture and works fine in local development. During a code review, a senior engineer flags a concern about deploying this to production, where the customer table contains millions of rows. What is the most responsible way to handle this situation before merging?
While building a payment-processing service, a developer accepts a Copilot suggestion that wraps a database write in a try/catch block. On review, the catch block simply logs nothing and returns a default success value, silently swallowing any exception. Copilot presented this as an idiomatic pattern. What is the most responsible way for the developer to handle this suggestion?
While adding a JSON parsing library to a Node.js microservice, a developer accepts a GitHub Copilot suggestion that pins a specific older version of a popular package in package.json. The build succeeds and tests pass. During a later security review, the team's SCA (software composition analysis) scanner flags this exact version as having a known critical CVE that was patched in a newer release. What is the most responsible conclusion the team should draw about using Copilot for dependency management going forward?
A backend developer accepts a GitHub Copilot suggestion for a regular expression that validates user-submitted email addresses in a public-facing web form. The regex works correctly against the developer's sample inputs and is merged. Two weeks later, the service experiences intermittent CPU spikes and request timeouts whenever certain malformed inputs are submitted. What responsible-use practice should the developer have applied before merging the Copilot-suggested regex?
While building a proprietary product, a developer accepts a large, distinctive block of code that GitHub Copilot suggested. A teammate later notices the block appears nearly identical to a snippet from a well-known open-source project distributed under a copyleft (GPL) license. What is the most responsible way to handle this situation before shipping?
A backend developer accepts a GitHub Copilot suggestion that implements password hashing using an outdated MD5 algorithm. The developer notices the code compiles and passes existing unit tests. According to responsible AI usage principles, what is the most appropriate next step before merging this code?
More GH-300 practice
Keep going with the other GitHub Copilot domains, or take a full timed mock exam.
← Back to GH-300 overview