GitHub Agentic AI Developer · 25% of the exam

Agentic Workflow Orchestration and Deployment: free practice questions

5 sample questions from our 12-question bank for this domain — answers and explanations included. These are the same scenario-based style as the real GitHub exam.

1. A team deploys their agentic workflow backend on GitHub Codespaces for development testing. They want to understand the key limitations of Codespaces as a production deployment target for always-on agent backends. Which statement MOST accurately describes a critical limitation?

  • A. Codespaces cannot access GitHub APIs because they run in an isolated network with no outbound internet access
  • B. Codespaces automatically suspend after a configurable idle timeout period (defaulting to 30 minutes), making them unsuitable for persistent, always-on background agents without active user interaction✓ Correct
  • C. Codespaces do not support custom Docker container images, so the agent's runtime environment cannot be customized
  • D. Codespaces bill at the same rate as GitHub-hosted Actions runners, so there is no cost difference between the two deployment options
Explanation

Option B is correct because Codespaces are designed as interactive cloud development environments and implement automatic suspension after an idle timeout (default 30 minutes, configurable up to a maximum). An always-on agent backend requires continuous uptime; a Codespace that suspends when not interactively used would silently stop processing events, making it unreliable for production agentic workloads. Option A is wrong because Codespaces do have full outbound internet access and can call GitHub APIs and external services — network isolation is not a Codespaces limitation. Option C is wrong because Codespaces fully support custom dev container configurations via `devcontainer.json`, including custom Docker images, Dockerfiles, and feature sets. Option D is wrong because Codespaces and GitHub-hosted Actions runners use entirely different billing models: Codespaces bill by core-hours and storage, while Actions bill by minute of job execution; the rates and cost structures are not equivalent.

2. An engineering team is building a GitHub Copilot coding agent pipeline. When Copilot is assigned an issue, it should create a branch named with a specific convention (`agent/<issue-number>-<slug>`), make code changes, and open a draft PR. A developer reports that Copilot is creating branches with random names instead. What is the MOST likely cause?

  • A. The repository's branch protection rules are blocking Copilot from writing to branches matching the `agent/*` pattern
  • B. The issue was not assigned directly to the Copilot coding agent; it was instead mentioned in a comment, so Copilot used default branch naming
  • C. Copilot's branch naming follows its internal conventions unless a custom naming template is configured in the repository's Copilot settings or the issue template specifies the convention✓ Correct
  • D. The `GITHUB_TOKEN` used by Copilot lacks the `contents: write` permission required to create named branches
Explanation

Option C is correct because the GitHub Copilot coding agent applies its own default branch naming logic unless the repository is configured with a custom branch naming convention or the workflow/issue template explicitly instructs the agent on naming. Without explicit configuration, Copilot uses its built-in heuristics, which may not match the team's desired `agent/<issue-number>-<slug>` convention. Option A is wrong because branch protection rules would prevent branch creation entirely and result in an error, not a branch with a different name. Option B is wrong because assignment vs. mention may affect whether the agent triggers, but once triggered, the naming behavior is governed by configuration, not the trigger method. Option D is wrong because a `contents: write` permission failure would prevent any branch from being created and would surface as a permission error, not as a branch with a different name; the symptom describes incorrect naming, not creation failure.

3. A team is monitoring a multi-step agentic GitHub Actions workflow that intermittently fails at the LLM API call step due to rate limiting (HTTP 429 responses). They want to implement resilient retry logic without modifying the underlying action code. Which approach BEST addresses this within the workflow definition?

  • A. Set `continue-on-error: true` on the failing step so the workflow always completes regardless of the error
  • B. Use the `retry-action` community action (or equivalent) wrapping the LLM call step, configured with exponential backoff and a maximum retry count✓ Correct
  • C. Add a second identical job in the workflow that re-runs the same step in case the first job fails, gated with `if: failure()`
  • D. Increase the `timeout-minutes` value on the failing step to give the API more time to recover
Explanation

Option B is correct because dedicated retry actions (such as `nick-fields/retry` or similar community actions) wrap a failing step and re-execute it with configurable delays and exponential backoff — exactly the pattern needed for transient rate-limit errors — without requiring changes to the underlying action's source code. Option A is wrong because `continue-on-error: true` suppresses the error and moves on, meaning subsequent steps that depend on the LLM output will receive no valid data, leading to downstream failures or incorrect behavior; it does not retry. Option C is wrong because running a duplicate job on failure re-runs the entire job, not just the failing step, which wastes resources and resets all prior successful steps unnecessarily; it is also not configurable with backoff. Option D is wrong because `timeout-minutes` controls how long a step is allowed to run before being killed; increasing it does not cause a retry on failure and has no effect on an HTTP 429 error that returns immediately.

4. A security-conscious team wants to add a human approval gate to their agentic deployment workflow so that no AI-generated code is automatically merged into the `main` branch without a human review. Which GitHub Actions feature is the MOST direct way to enforce this gate?

  • A. Add a `timeout-minutes: 0` setting to the deploy job to pause it indefinitely
  • B. Configure an Environment with required reviewers in the repository settings and assign the deployment job to that environment✓ Correct
  • C. Use an `if: github.actor == 'copilot'` conditional to skip the merge step when the actor is an AI agent
  • D. Add a `sleep 3600` command in the workflow step before the merge to give reviewers time to cancel the run
Explanation

Option B is correct because GitHub Actions Environments support required reviewer approvals: when a job targets a protected environment, the workflow pauses and waits for a designated human reviewer to approve before the job executes. This is the canonical, built-in human-in-the-loop gate for deployment workflows. Option A is wrong because `timeout-minutes: 0` is not valid syntax for pausing a workflow; the timeout setting cancels a job after a duration, not suspends it for review. Option C is wrong because skipping the merge step entirely when the actor is an AI agent means the workflow never merges, which defeats the purpose — the goal is to merge after human approval, not to block merging unconditionally. Option D is wrong because inserting a `sleep` command is a fragile anti-pattern: it does not provide a structured approval interface, burns billable runner minutes during the wait, and does not prevent the workflow from eventually proceeding without actual human confirmation.

5. A platform engineer is designing an orchestrator-worker multi-agent system on GitHub Actions. The orchestrator job decomposes a task into subtasks and must fan out to three parallel worker jobs, then aggregate results. Which Actions feature is MOST appropriate for implementing this fan-out/fan-in pattern?

  • A. Job `needs` dependencies with `strategy: matrix` on the worker jobs, and a final aggregator job that lists all worker jobs in its `needs` array✓ Correct
  • B. A single job with sequential steps that call each worker agent one at a time using `run:` shell commands
  • C. Using `workflow_call` to invoke three separate reusable workflows in sequence within the same job
  • D. Defining three separate `.github/workflows/` files and triggering each with a `repository_dispatch` event from the orchestrator
Explanation

Option A is correct because `strategy: matrix` allows the worker jobs to run in parallel across multiple configurations simultaneously, and listing all worker jobs in the aggregator's `needs` array creates the fan-in gate — execution only continues after all parallel workers succeed. This is the canonical GitHub Actions fan-out/fan-in pattern. Option B is wrong because sequential steps negate parallelism; workers run one after another, dramatically increasing total runtime and defeating the purpose of parallel agent decomposition. Option C is wrong because `workflow_call` used in sequence within a single job is still serial; reusable workflows do not automatically execute in parallel when called from the same job step. Option D is wrong because while `repository_dispatch` can trigger separate workflows, orchestrating aggregation across asynchronously triggered workflows requires complex external state tracking and is not natively supported as a built-in fan-in mechanism.

7 more questions in this domain

Practice the full bank with instant grading, flashcards, and a timed mock exam.

Start practicing free
Agentic Workflow Orchestration and Deployment — Free GitHub Agentic AI Developer Practice Questions | DataCertPrep — Certification Prep