GitHub Copilot · 35% of the exam

Developer Use Cases — IDE, CLI, Chat: free practice questions

5 sample questions from our 12-question bank for this domain — answers and explanations included. These are the same scenario-based style as the real GitHub exam.

1. A developer highlights a JavaScript function in VS Code that is throwing an unexpected TypeError at runtime. They want GitHub Copilot to diagnose and rewrite the function to fix the error. Which inline chat command is most appropriate?

  • A. /explain
  • B. /tests
  • C. /fix✓ Correct
  • D. /doc
Explanation

/fix is specifically designed to analyze highlighted code with an error and propose a corrected version — it is the correct command for diagnosing and rewriting buggy code. /explain describes what code does but does not rewrite it. /tests generates unit tests for the selected code, which would not directly repair the TypeError. /doc generates documentation comments and does not address runtime errors.

2. A developer wants GitHub Copilot to generate more accurate and context-aware code completions for a new module. Which TWO of the following practices BEST optimize the context available to Copilot?

  • A. Keep related files (e.g., interfaces, utility modules) open in editor tabs alongside the file being edited✓ Correct
  • B. Close all other editor tabs so Copilot only focuses on the current file
  • C. Write descriptive comments above the function or class explaining intent before writing the implementation✓ Correct
  • D. Restart VS Code before each coding session to clear Copilot's memory
  • E. Set the file language mode to Plain Text to avoid syntax interference
Explanation

Keeping related files open in editor tabs provides Copilot with broader context (imports, types, interfaces) that directly improves suggestion relevance — Copilot uses open tabs as part of its context window. Writing descriptive comments before the implementation acts as a natural-language prompt that steers Copilot's suggestions toward the intended behavior. Closing all tabs does the opposite of context optimization — it removes potentially valuable context. Restarting VS Code does not affect Copilot's suggestion quality; Copilot does not retain memory between sessions in a way that restarting would improve. Changing the language mode to Plain Text disables syntax-aware completions and would reduce, not improve, suggestion quality.

3. A developer asks GitHub Copilot Chat to generate unit tests for a function that reads from a database. Copilot produces tests that call the real database. What is the BEST next step to improve the test suite?

  • A. Accept the tests as-is because Copilot's database calls are sandboxed
  • B. Refine the prompt to ask Copilot to mock the database dependency, specifying the test framework in use✓ Correct
  • C. Switch to a different AI model inside Copilot Chat
  • D. Use /fix on the generated tests to automatically add mocking
Explanation

Refining the prompt to explicitly request mocking of the database dependency (and specifying the framework, e.g., Jest with jest.mock or Python's unittest.mock) guides Copilot to produce isolated, fast, and reliable unit tests. Copilot's generated tests are not sandboxed — they would attempt to connect to a real database if run. Switching AI models does not change the fundamental need to specify mocking intent in the prompt. /fix is designed to repair broken or erroring code, not to restructure test architecture from scratch; a targeted prompt is far more effective here.

4. A security engineer reviews a GitHub Copilot-generated authentication module and discovers it constructs a SQL query using string concatenation with user input, introducing a SQL injection vulnerability. The engineer also notices Copilot used a deprecated hashing algorithm. Which statement BEST characterizes these findings in the context of Copilot's known limitations?

  • A. These are bugs introduced by the developer's prompt; Copilot itself never generates insecure patterns
  • B. Copilot may reproduce insecure patterns from its training data and may reference outdated APIs — generated code must always be reviewed, especially for security-critical logic✓ Correct
  • C. The SQL injection can be fixed by re-running /fix, which automatically detects and patches injection vulnerabilities
  • D. Copilot guarantees secure code when used with GitHub Advanced Security enabled in the repository
Explanation

This scenario directly illustrates two documented Copilot limitations: it can reproduce insecure coding patterns present in its training data (such as SQL injection via string concatenation), and it can suggest outdated or deprecated APIs (such as MD5 or SHA-1 for password hashing) because its training has a knowledge cutoff. Human review — especially by someone with security expertise — is always required. The claim that Copilot never generates insecure patterns is false; this is explicitly called out in Copilot's documentation. /fix addresses syntactic or logical errors flagged in code but does not perform security auditing or vulnerability scanning. GitHub Advanced Security provides scanning tools but does not alter or guarantee the quality of Copilot's output at generation time.

5. A developer is working on a Node.js project and types the following comment in their editor before an empty function body: ``` // Parse a JWT token, verify its signature using the app secret, and return the decoded payload. Throw an error if expired. ``` Copilot generates a complete implementation. Which statement BEST describes the role of this comment in the Copilot workflow?

  • A. The comment is purely cosmetic; Copilot ignores natural language and only uses surrounding code for context
  • B. The comment acts as a natural-language prompt that guides Copilot's code generation by expressing intent before the implementation exists✓ Correct
  • C. The comment causes Copilot to search the internet for a matching implementation
  • D. The comment must follow a specific syntax (like JSDoc) to be interpreted correctly by Copilot
Explanation

Comments serve as natural-language prompts — one of the most powerful context optimization techniques for Copilot. By expressing intent, expected behavior, and edge cases in a comment before writing code, the developer steers Copilot toward a much more relevant and accurate suggestion. Copilot does not ignore natural language; it is a core part of its training and context window. Copilot does not perform live internet searches — it generates from a pre-trained model. Copilot does not require a specific comment syntax like JSDoc; plain English prose comments are fully understood and effective.

7 more questions in this domain

Practice the full bank with instant grading, flashcards, and a timed mock exam.

Start practicing free