GitHub Copilot · 20% of the exam

Responsible AI and Copilot Fundamentals: free practice questions

5 sample questions from our 24-question bank for this domain — answers and explanations included. These are the same scenario-based style as the real GitHub exam.

1. A software engineering manager reads that GitHub Copilot's suggestions can sometimes reflect biases present in the training data. Under GitHub's Responsible AI framework, which principle is MOST directly concerned with identifying and mitigating such biases?

  • A. Reliability and Safety
  • B. Privacy and Security
  • C. Fairness✓ Correct
  • D. Inclusiveness
Explanation

Fairness is the Responsible AI principle most directly concerned with ensuring AI systems do not perpetuate or amplify biases related to race, gender, disability, or other attributes. Bias in training data that affects outputs is a fairness concern. Option A is incorrect: Reliability and Safety addresses whether the system behaves as expected and avoids causing harm, not specifically bias in outputs. Option B is incorrect: Privacy and Security pertains to protecting personal data and preventing unauthorized access. Option D is incorrect: Inclusiveness is about ensuring AI is designed to benefit all people and not exclude groups, which is related but is a broader design principle rather than the specific mitigation of training-data bias.

2. A platform engineering team is deploying GitHub Copilot across an enterprise with strict egress controls. They need to understand which network endpoints must be reachable for Copilot to function correctly. Which of the following BEST represents a required network consideration for GitHub Copilot?

  • A. Copilot requires direct UDP access to GitHub's AI inference servers on port 443
  • B. The developer's IDE must be able to reach GitHub's Copilot API endpoints over HTTPS (port 443), and firewall or proxy rules must allow these connections✓ Correct
  • C. Copilot operates entirely offline after an initial model download, so no persistent network access is required
  • D. Copilot only requires access to github.com; all AI inference is performed locally within the IDE plugin
Explanation

GitHub Copilot is a cloud-based service. The IDE extension sends code context to GitHub's servers over HTTPS (port 443), and the AI inference is performed server-side. Enterprise deployments must ensure that firewalls and proxies allow outbound HTTPS to GitHub's Copilot API endpoints (e.g., api.github.com, copilot-proxy.githubusercontent.com). Option A is incorrect: Copilot uses TCP/HTTPS, not UDP, for communication. Option C is incorrect: Copilot does not download a local model and does not function offline; all inference is cloud-based. Option D is incorrect: inference is not performed locally in the IDE plugin, and additional endpoints beyond just github.com may need to be allowlisted.

3. A developer asks why GitHub Copilot sometimes declines to generate a suggestion when they prompt it to write code that automates unauthorized access to a system. Which GitHub Copilot capability is responsible for this behavior?

  • A. Duplicate detection, which blocks suggestions that match known exploit code in public repositories
  • B. Content filtering, which screens prompts and outputs to suppress suggestions that violate Copilot's content policies✓ Correct
  • C. Token limit enforcement, which truncates prompts that are too long to process safely
  • D. The context window reset, which clears dangerous context before generating a response
Explanation

GitHub Copilot includes content filtering (responsible AI safeguards) that evaluates both the prompt and the potential output against content policies. Requests to generate harmful code — such as code enabling unauthorized access — are suppressed by these filters. Option A is incorrect: duplicate detection is concerned with matching public code for copyright/license reasons, not with blocking harmful intent. Option C is incorrect: token limits are a technical constraint on input length, not a safety mechanism for harmful content. Option D is incorrect: there is no 'context window reset' mechanism designed to clear dangerous context; this is not a real Copilot feature.

4. An enterprise IT administrator is setting up GitHub Copilot for a large organization and needs to ensure Copilot can communicate through the company's corporate proxy. According to GitHub's network requirements, which of the following is the correct approach?

  • A. Copilot bypasses all proxies by default and requires a direct internet connection; no proxy configuration is supported
  • B. Copilot uses the system-level proxy settings or IDE-level proxy configuration and requires access to specific GitHub and Azure OpenAI endpoints✓ Correct
  • C. Proxy support is only available for Copilot Enterprise, not for Copilot for Business
  • D. Administrators must install a dedicated Copilot network agent on-premises to route traffic through a proxy
Explanation

Correct: GitHub Copilot respects system-level proxy settings (and IDE proxy configurations in supported editors) and requires outbound access to specific endpoints (e.g., api.githubcopilot.com, and related GitHub/Azure infrastructure). Organizations with proxies must ensure these endpoints are allowed. | Wrong - No proxy support: This is incorrect; GitHub explicitly documents proxy support and Copilot works with standard HTTP/HTTPS proxies configured at the OS or IDE level. | Wrong - Enterprise only for proxy: Proxy support is not gated to Copilot Enterprise; it is available across Business and Individual plans as well. | Wrong - On-premises network agent: No such dedicated on-premises agent exists for Copilot; it uses standard proxy configurations rather than a proprietary network appliance.

5. Your organization uses GitHub Copilot for Business. A compliance officer asks whether GitHub stores the code snippets sent to Copilot to train future versions of the model. Which statement accurately reflects the data handling policy for Copilot for Business?

  • A. Code snippets (prompts and suggestions) are retained for 28 days and then used for model training
  • B. Code snippets are retained indefinitely but anonymized before being used for training
  • C. Prompts and suggestions are not retained by GitHub and are not used to train the underlying model✓ Correct
  • D. Only suggestions that the developer accepts are retained and used for model fine-tuning
Explanation

Correct: For GitHub Copilot for Business (and Enterprise), prompts and suggestions are not retained beyond fulfilling the request and are explicitly not used to train the underlying model — a key privacy differentiator from the Individual plan's default settings. | Wrong - Retained for 28 days: This misrepresents the policy; Business/Enterprise plans do not retain snippets for training at all. | Wrong - Retained indefinitely but anonymized: Anonymization is irrelevant here because Business/Enterprise data is not retained for training regardless of anonymization. | Wrong - Only accepted suggestions: This describes a plausible-sounding partial policy, but it is incorrect; Copilot for Business does not retain any prompts or suggestions for training purposes.

19 more questions in this domain

Practice the full bank with instant grading, flashcards, and a timed mock exam.

Start practicing free