Week 4 - Testing, Security & Privacy : Copilot Free learning & cert prep

[Akash1134]

👋 Welcome to the final week of the GitHub Copilot Free learning journey and cert prep!

Over the past three weeks, we’ve learned a lot together—exploring Copilot, tackling super-engaging challenges, and gathering valuable feedback from all of you. It’s been amazing to see how these resources have helped shape your learning curve and exam prep!

Now, as we enter this last stretch, let’s make it count. This week is all about wrapping up strong, reinforcing key learnings, and getting you ready to ace that certification (if you're opting for one). Here’s what’s coming up:

• Testing with GitHub Copilot
  • Options for generating testing for your code
    • Enhance code quality through testing
    • Leverage GitHub Copilot for security and performance
  • Privacy fundamentals and context exclusions
    • Describe the different SKUs for GitHub Copilot
    • Identify content exclusions
    • Safeguards and Troubleshooting

If you’d like a recap of what we’ve covered throughout this series, see the detailed study guide.

Need a quick refresher or want to look back into earlier lessons?

• Week 1: Getting started! 🔢
• Week 2: Features & Data handling
• Week 3: Prompt Engineering & Productivity

Your First Move: Study Smart, Level Up! 🎯

• Microsoft Learn Modules (each of the modules has its own knowledge check exercise)
  • Develop unit tests using GitHub Copilot tools
  • Implement code improvements using GitHub Copilot tools
  • Guided project - Accelerate app development using GitHub Copilot tools
  • Management and customization considerations with GitHub Copilot
• GitHub Learning Pathways
  • Essentials of GitHub Copilot (series)
• Videos
  • GitHub Copilot Study Guide Series 3: Testing with GitHub Copilot
  • Test like a pro with Playwright and GitHub Copilot
  • Write better tests and stop breaking the build
  • Getting Started with Debugging in VS Code
  • Ways You're Not Using Copilot to Its Full Potential
  • Write Tests using GitHub Copilot Chat
  • Getting started with GitHub Copilot (Playlist with over 80 videos)
  • NEW: GitHub Copilot Tutorial with Visual Studio Code
  • NEW: Walkthrough for Everyone on Using the GitHub Copilot Free Offer
• Blogs and Resources
  • GitHub Copilot Trust Center
  • How GitHub Copilot is getting better at understanding your code
  • How to use GitHub Copilot: Prompts, tips, and use cases
  • How to responsibly adopt GitHub Copilot with the GitHub Copilot Trust Center
  • NEW: Introducing GitHub Copilot Agent Mode (Preview)
  • NEW: GitHub Copilot for Azure DevOps Users
• GitHub Docs
  • Subscription plans for GitHub Copilot (SKU’s)
  • Testing code
  • Writing tests with GitHub Copilot
  • Finding existing vulnerabilities in code
  • Configuring and auditing content exclusion
  • Troubleshooting GitHub Copilot
  • Use GitHub Copilot
  • Manage GitHub Copilot

Note

Here’s your friendly nudge: don’t forget—top participants will snag a GitHub Certifications exam voucher! 🎟️ and what’s more rewarding than finishing strong in the final week of this learning journey! Make this week count! 🚀

Knowledge Checkpoint 🏁 - Let’s See What You’ve Got! 🧠

1. When leveraging GitHub Copilot for unit testing, what is the most effective strategy to ensure the generated test cases cover edge cases?

(Choose two correct answers.)

A) Rely on Copilot’s first test suggestion and refine manually
B) Provide explicit comments describing edge case scenarios before writing the function
C) Use a combination of property-based testing and manually crafted assertions
D) Trust Copilot’s completion and execute tests without modifications

2. Copilot suggests a test case that fails due to floating-point precision errors. What should you do?

A) Ignore the test case and generate a new one
B) Modify assertions to account for precision tolerance
C) Use Copilot Chat to rewrite the function with better numerical stability
D) Disable Copilot when dealing with floating-point calculations

3. You need to ensure that Copilot-generated tests follow a Test-Driven Development (TDD) workflow. What is the best approach?

A) Write failing test cases before implementing the function
B) Let Copilot generate tests after writing the function
C) Use Copilot Chat to refactor existing tests post-development
D) Enable Copilot’s TDD mode

4. Which of these scenarios could cause GitHub Copilot to generate non-functional or incorrect test cases?

A) Using Copilot without an internet connection
B) Providing incomplete function definitions without parameter types
C) Using Copilot with multiple test frameworks in the same file
D) Asking Copilot to generate tests for functions written in a different programming language

5. GitHub Copilot Chat provides enhanced debugging capabilities. Which of the following strategies improve debugging efficiency?

(Choose two correct answers.)

A) Asking Copilot Chat to explain unexpected test failures
B) Using Copilot Chat to automatically resolve compilation errors
C) Providing error logs to Copilot Chat for step-by-step troubleshooting
D) Relying entirely on Copilot’s debugging suggestions without verification

6. You are working on an API that processes large JSON payloads. Copilot keeps generating tests with small sample data. How do you fix this?

A) Manually modify Copilot’s output to include large payloads
B) Provide comments specifying ‘test with large JSON data’ before invoking Copilot
C) Enable Copilot’s ‘large dataset’ mode in settings
D) Increase the timeout value for Copilot to process larger requests

7. What is the primary function of GitHub Copilot’s content exclusion settings?

A) Prevent Copilot from accessing sensitive internal documentation
B) Restrict Copilot from suggesting code similar to private repositories
C) Block Copilot from using specific types of data when generating suggestions
D) Limit Copilot’s ability to suggest insecure code patterns

8. In what situation might GitHub Copilot generate insecure code, even when security settings are enabled?

(Choose two correct answers.)

A) When Copilot is used without context-aware suggestions
B) When Copilot generates code for outdated cryptographic practices like MD5 hashing
C) When Copilot is used in a private repository with strict security settings
D) When Copilot generates suggestions based on similar insecure patterns from public repositories

9. You are using GitHub Copilot to generate tests for a function handling financial transactions. However, Copilot consistently misses testing for integer overflow errors. What should you do?

A) Increase the number of test cases Copilot generates
B) Explicitly add a comment describing edge cases, like integer overflows, before invoking Copilot
C) Use Copilot Chat to ask for ‘comprehensive financial validation tests’
D) Modify Copilot’s configuration to generate stricter tests

10. When writing JavaScript tests with Jest, how can you ensure Copilot generates async test cases correctly?

A) Add @async as an annotation
B) Provide comments specifying ‘test async functions’
C) Manually modify Copilot-generated test cases
D) Change Jest’s settings to enable async mode

11. A developer is generating test cases using Copilot Chat in Visual Studio Code but notices that Copilot is not suggesting relevant test scenarios. What could be the reason?

A) Copilot is not trained to write test cases
B) Copilot only generates tests when a function is explicitly documented
C) Copilot is missing necessary function comments or contextual prompts
D) The test framework is not supported by Copilot

12. Which of the following GitHub Copilot SKUs offers enterprise-wide content exclusion settings for security-sensitive codebases?

A) GitHub Copilot Individual
B) GitHub Copilot for Business
C) GitHub Copilot Enterprise
D) GitHub Copilot Pro

13. You want Copilot to generate secure cryptographic implementations. Which of these approaches is the best?

A) Specify ‘Use secure cryptographic methods’ in comments
B) Copy Copilot’s first suggestion and manually verify security
C) Disable Copilot when writing encryption functions
D) Enable Copilot’s security-enhanced mode

14. You have a function handling user authentication, and Copilot generates the following test case:

def test_authenticate_user():
    assert authenticate("admin", "password123") == True

What is the most critical issue with this test?

A) The test lacks edge cases
B) It uses hardcoded credentials, which is a security risk
C) Copilot should generate negative test cases as well
D) All of the above

15. Which of the following GitHub Copilot security safeguards help mitigate accidental exposure of credentials in generated code?

(Choose two correct answers.)

A) Copilot automatically detects API keys and removes them
B) Copilot respects repository secrets settings and avoids using secret keys in suggestions
C) Copilot flags insecure patterns but does not block suggestions
D) GitHub Copilot’s content filters prevent suggesting hardcoded credentials

Share your reactions 🚀 below or in the comment section.

[Ronaldo-001]

Lezz go!!

[golh30]

Let's join.

[johnniekpng]

Go go go

[hemanthnutakki]

let's go

[paulsuv9]

Lets go!!! 🚀🚀🚀

[mvark]

Many words contain silent or extra letters that make pronunciation tricky. If your native language follows phonetic spelling (where words are pronounced as they are written), you might instinctively apply the same logic to English. This may lead to unexpected mistakes - like pronouncing the “t” in ballet or being puzzled by why colonel is pronounced ker-nil.

To help with this, I started compiling a list of such tricky words in a Google Spreadsheet. Then, I learned that Google Sheets can function as a read-only database, so I built a simple web app using the Google Sheets API and JavaScript to display the constantly updated list online.

Recently, I discovered Datasette, a fantastic open-source tool that converts CSV files into SQLite database tables, and also allows you to browse, view, facet, filter, share, and explore data.

Datasette also exposes the contents of a CSV file as a JSON API. I wanted to adapt my original app, which relied on Google Sheets, to use this capability. I downloaded the list as a CSV file and uploaded it to Datasette, which I self-hosted on Glitch. Glitch.com is a platform that lets you create, remix, and host web apps without worrying about servers or complex setup.

Instead of coding everything from scratch, I used GitHub Copilot inside Visual Studio Code.

For the Prompt battle that was announced last week, I wanted to start with a very basic prompt and expected to refine based on its output.

To my amazement, with just this prompt to the Claude 3.5 Sonnet option in Copilot Chat, it gave me a working sample 🤯 -

Use this JSON endpoint: https://rightful-veiled-lyr.glitch.me/data.json?sql=select+word%2C+pronunciation+from+aphonetic and display the key-value pairs on a web page.

I didn't have to refine, it read my mind yet again with a prompt of about 10 words!

For my hobby apps, I like styling to be "minimal but functional" and it generated code in that fashion.

Try my PhonaTick app, check the code of the third app in my WebApps collection and let me know what you think!

Besides experiencing the magical powers of GitHub Copilot, the other big thing I learnt was how simple it was to host a JSON API with the open-source Datasette tool.

[hemanthnutakki]

Initially built a web app using the Google Sheets API but later switched to Datasette, an open-source tool that converts CSV files into SQLite databases and exposes them as JSON APIs. Hosting this on Glitch, they adapted their app to fetch data from the new API.

Using GitHub Copilot inside VS Code, they were impressed by how a short prompt generated a working sample instantly. They also appreciated how Datasette made JSON API hosting simple. Their PhonaTick app is now live, and they invite feedback on it, as well as on the code of their WebApps collection.

[mvpkenlin]

Let's go

[kalharatennakoon]

Hey @Akash1134 👋,
Here are my answers.

1. B & C
2. B
3. A
4. B
5. A & C
6. B
7. B
8. B & D
9. B
10. B
11. C
12. C
13. A
14. D
15. A & B

[Ronaldo-001]

Thanks @Akash1134 for providing these amazing resources !

Here are my answers:

1. When leveraging GitHub Copilot for unit testing, what is the most effective strategy to ensure the generated test cases cover edge cases?

(Choose two correct answers.)

• ❌ A) Rely on Copilot’s first test suggestion and refine manually
• ✅ B) Provide explicit comments describing edge case scenarios before writing the function
• ✅ C) Use a combination of property-based testing and manually crafted assertions
• ❌ D) Trust Copilot’s completion and execute tests without modifications

Reason: Explicitly defining edge cases helps Copilot generate more comprehensive tests. Property-based testing ensures broader coverage beyond standard unit tests.

---

2. Copilot suggests a test case that fails due to floating-point precision errors. What should you do?

• ❌ A) Ignore the test case and generate a new one
• ✅ B) Modify assertions to account for precision tolerance
• ❌ C) Use Copilot Chat to rewrite the function with better numerical stability
• ❌ D) Disable Copilot when dealing with floating-point calculations

Reason: Floating-point precision issues are common; using assertions with tolerance helps resolve them effectively.

---

3. You need to ensure that Copilot-generated tests follow a Test-Driven Development (TDD) workflow. What is the best approach?

• ✅ A) Write failing test cases before implementing the function
• ❌ B) Let Copilot generate tests after writing the function
• ❌ C) Use Copilot Chat to refactor existing tests post-development
• ❌ D) Enable Copilot’s TDD mode

Reason: TDD requires writing failing tests first, then implementing the function to make them pass.

---

4. Which of these scenarios could cause GitHub Copilot to generate non-functional or incorrect test cases?

• ❌ A) Using Copilot without an internet connection
• ✅ B) Providing incomplete function definitions without parameter types
• ❌ C) Using Copilot with multiple test frameworks in the same file
• ❌ D) Asking Copilot to generate tests for functions written in a different programming language

Reason: Lack of type definitions can lead to inaccurate test suggestions.

---

5. GitHub Copilot Chat provides enhanced debugging capabilities. Which of the following strategies improve debugging efficiency?

(Choose two correct answers.)

• ✅ A) Asking Copilot Chat to explain unexpected test failures
• ❌ B) Using Copilot Chat to automatically resolve compilation errors
• ✅ C) Providing error logs to Copilot Chat for step-by-step troubleshooting
• ❌ D) Relying entirely on Copilot’s debugging suggestions without verification

Reason: Understanding test failures and providing error logs help debug effectively, but manual verification is essential.

---

6. You are working on an API that processes large JSON payloads. Copilot keeps generating tests with small sample data. How do you fix this?

• ❌ A) Manually modify Copilot’s output to include large payloads
• ✅ B) Provide comments specifying ‘test with large JSON data’ before invoking Copilot
• ❌ C) Enable Copilot’s ‘large dataset’ mode in settings
• ❌ D) Increase the timeout value for Copilot to process larger requests

Reason: Providing specific instructions in comments helps Copilot generate more relevant test cases.

---

7. What is the primary function of GitHub Copilot’s content exclusion settings?

• ❌ A) Prevent Copilot from accessing sensitive internal documentation
• ✅ B) Restrict Copilot from suggesting code similar to private repositories
• ❌ C) Block Copilot from using specific types of data when generating suggestions
• ❌ D) Limit Copilot’s ability to suggest insecure code patterns

Reason: Content exclusion prevents Copilot from referencing private/internal data when generating suggestions.

---

8. In what situation might GitHub Copilot generate insecure code, even when security settings are enabled?

• ✅ A) When Copilot is used without context-aware suggestions
• ❌ B) When Copilot generates code for outdated cryptographic practices like MD5 hashing
• ❌ C) When Copilot is used in a private repository with strict security settings
• ❌ D) When Copilot generates suggestions based on similar insecure patterns from public repositories

Reason: Without context-aware suggestions, Copilot may generate insecure code.

---

9. You are using GitHub Copilot to generate tests for a function handling financial transactions. However, Copilot consistently misses testing for integer overflow errors. What should you do?

• ❌ A) Increase the number of test cases Copilot generates
• ✅ B) Explicitly add a comment describing edge cases, like integer overflows, before invoking Copilot
• ❌ C) Use Copilot Chat to ask for ‘comprehensive financial validation tests’
• ❌ D) Modify Copilot’s configuration to generate stricter tests

Reason: Clearly specifying edge cases helps Copilot cover scenarios like integer overflows.

---

10. When writing JavaScript tests with Jest, how can you ensure Copilot generates async test cases correctly?

• ❌ A) Add @async as an annotation
• ✅ B) Provide comments specifying ‘test async functions’
• ❌ C) Manually modify Copilot-generated test cases
• ❌ D) Change Jest’s settings to enable async mode

Reason: Explicit instructions help Copilot generate async test cases correctly.

---

11. A developer is generating test cases using Copilot Chat in Visual Studio Code but notices that Copilot is not suggesting relevant test scenarios. What could be the reason?

• ❌ A) Copilot is not trained to write test cases
• ❌ B) Copilot only generates tests when a function is explicitly documented
• ✅ C) Copilot is missing necessary function comments or contextual prompts
• ❌ D) The test framework is not supported by Copilot

Reason: Lack of proper context can lead to irrelevant test suggestions.

---

12. Which of the following GitHub Copilot SKUs offers enterprise-wide content exclusion settings for security-sensitive codebases?

• ❌ A) GitHub Copilot Individual
• ❌ B) GitHub Copilot for Business
• ✅ C) GitHub Copilot Enterprise
• ❌ D) GitHub Copilot Pro

Reason: Only the Enterprise SKU provides organization-wide content exclusion settings.

---

13. You want Copilot to generate secure cryptographic implementations. Which of these approaches is the best?

• ✅ A) Specify ‘Use secure cryptographic methods’ in comments
• ❌ B) Copy Copilot’s first suggestion and manually verify security
• ❌ C) Disable Copilot when writing encryption functions
• ❌ D) Enable Copilot’s security-enhanced mode

Reason: Providing security-focused instructions helps ensure better cryptographic implementations.

---

14. You have a function handling user authentication, and Copilot generates the following test case:

def test_authenticate_user():
    assert authenticate("admin", "password123") == True

What is the most critical issue with this test?

• ❌ A) The test lacks edge cases
• ❌ B) It uses hardcoded credentials, which is a security risk
• ❌ C) Copilot should generate negative test cases as well
• ✅ D) All of the above

Reason: Hardcoded credentials are a major security risk, and lack of negative/edge cases weakens the test.

---

15. Which of the following GitHub Copilot security safeguards help mitigate accidental exposure of credentials in generated code?

• ✅ A) Copilot automatically detects API keys and removes them
• ✅ B) Copilot respects repository secrets settings and avoids using secret keys in suggestions
• ❌ C) Copilot flags insecure patterns but does not block suggestions
• ❌ D) GitHub Copilot’s content filters prevent suggesting hardcoded credentials
  Reason: Copilot proactively removes sensitive data and respects repo secret settings.

This week really tested me and was also really interesting!

[SatyamSharma007]

Lets go

[RAVINDRA8008]

Excited for the final stretch! 🚀 The journey with GitHub Copilot has been amazing, and this last week looks packed with valuable insights. Ready to dive into testing, security, and performance optimization! Let’s finish strong! 💪🔥 #GitHubCopilot #LearningJourney

[hemanthnutakki]

Absolutely @RAVINDRA8008 ! 🚀 This final stretch is going to be epic! Testing, security, and performance optimization are such crucial areas—can’t wait to dive deeper. Let’s keep the momentum going and finish strong! 💪🔥 #GitHubCopilot #LearningJourney

[RAVINDRA8008]

This has been an incredible learning experience! 🎉 Looking forward to refining my testing skills and making the most of GitHub Copilot. Who else is excited for the final week? Let’s ace this together! 💻✅ #CopilotCertPrep

[hemanthnutakki]

This is awesome! 🎉 Your journey from Google Sheets to Datasette, plus the smooth integration with Glitch, sounds like a great learning experience. It's amazing how Copilot nailed your intent with such a minimal prompt! 🤯

I'll definitely check out PhonaTick and the WebApps collection. The combination of minimal yet functional styling with easy-to-host JSON APIs makes this super interesting. Thanks for sharing your experience—this could inspire others looking to streamline their data-driven web apps! 🚀

[hemanthnutakki]

This journey has been amazing! 🎉 I'm excited to keep sharpening my testing skills and making the most of GitHub Copilot. Who else is pumped for the final week? Let’s finish strong and ace this together! 💻🚀

[SatyamSharma007]

1. When leveraging GitHub Copilot for unit testing, what is the most effective strategy to ensure the generated test cases cover edge cases?
   ✅ B) Provide explicit comments describing edge case scenarios before writing the function
   ✅ C) Use a combination of property-based testing and manually crafted assertions

2. Copilot suggests a test case that fails due to floating-point precision errors. What should you do?
   ✅ B) Modify assertions to account for precision tolerance

3. You need to ensure that Copilot-generated tests follow a Test-Driven Development (TDD) workflow. What is the best approach?
   ✅ A) Write failing test cases before implementing the function

4. Which of these scenarios could cause GitHub Copilot to generate non-functional or incorrect test cases?
   ✅ B) Providing incomplete function definitions without parameter types

5. GitHub Copilot Chat provides enhanced debugging capabilities. Which of the following strategies improve debugging efficiency?
   ✅ A) Asking Copilot Chat to explain unexpected test failures
   ✅ C) Providing error logs to Copilot Chat for step-by-step troubleshooting

6. You are working on an API that processes large JSON payloads. Copilot keeps generating tests with small sample data. How do you fix this?
   ✅ B) Provide comments specifying ‘test with large JSON data’ before invoking Copilot

7. What is the primary function of GitHub Copilot’s content exclusion settings?
   ✅ B) Restrict Copilot from suggesting code similar to private repositories

8. In what situation might GitHub Copilot generate insecure code, even when security settings are enabled?
   ✅ A) When Copilot is used without context-aware suggestions

9. You are using GitHub Copilot to generate tests for a function handling financial transactions. However, Copilot consistently misses testing for integer overflow errors. What should you do?
   ✅ B) Explicitly add a comment describing edge cases, like integer overflows, before invoking Copilot

10. When writing JavaScript tests with Jest, how can you ensure Copilot generates async test cases correctly?
    ✅ B) Provide comments specifying ‘test async functions’

11. A developer is generating test cases using Copilot Chat in Visual Studio Code but notices that Copilot is not suggesting relevant test scenarios. What could be the reason?
    ✅ C) Copilot is missing necessary function comments or contextual prompts

12. Which of the following GitHub Copilot SKUs offers enterprise-wide content exclusion settings for security-sensitive codebases?
    ✅ C) GitHub Copilot Enterprise

13. You want Copilot to generate secure cryptographic implementations. Which of these approaches is the best?
    ✅ A) Specify ‘Use secure cryptographic methods’ in comments

14. You have a function handling user authentication, and Copilot generates the following test case:

def test_authenticate_user():  
    assert authenticate("admin", "password123") == True  

What is the most critical issue with this test?
✅ D) All of the above

15. Which of the following GitHub Copilot security safeguards help mitigate accidental exposure of credentials in generated code?
    ✅ A) Copilot automatically detects API keys and removes them
    ✅ B) Copilot respects repository secrets settings and avoids using secret keys in suggestions

[paulsuv9]

Great insights on using Copilot for generating unit tests! I’ve found it particularly useful for catching edge cases. Have you tried integrating it with your CI/CD pipeline for automated testing?

[RAVINDRA8008]

Great point! Copilot is amazing for edge cases. Automating tests in CI/CD would take it to the next level! Have you set this up? Curious to learn more! 🔍🚀

[paulsuv9]

One unique way to use Copilot is to generate security tests. It can help identify potential vulnerabilities early in the development process.

[RAVINDRA8008]

Great point! 🔥 Using Copilot to generate security tests is a game-changer. Catching vulnerabilities early saves so much time and effort! Have you found a specific prompt or approach that works best for this? Would love to hear more! 🚀

[mvpkenlin]

Here are my answers for the week 4 challenge.

1. When leveraging GitHub Copilot for unit testing, what is the most effective strategy to ensure the generated test cases cover edge cases?

(Choose two correct answers.)
🟢 B) Provide explicit comments describing edge case scenarios before writing the function
🟢 C) Use a combination of property-based testing and manually crafted assertions

Note

A is incorrect. From unit 4 of Develop unit tests using GitHub Copilot tools", we learned that we need to explicit asking GitHub Copilot suggest additional edge cases that should be tested
D is incorrect. Again, we should always fo code review and modify if needed

2. Copilot suggests a test case that fails due to floating-point precision errors. What should you do?

🟢 B) Modify assertions to account for precision tolerance

Note

A is incorrect because we should not ignore the test case
C is incorrect because this is trying to modify the function but there is still chance to have floaing-point precision errors.
D is incorrect because disabling Copilot does not help
So B would be the best answer, by modifying assertions to account for precision tolerance.

3. You need to ensure that Copilot-generated tests follow a Test-Driven Development (TDD) workflow. What is the best approach?

🟢 A) Write failing test cases before implementing the function

Note

Traditional TDD approach is creating test cases before implmenting the function. if we want to make sure Copilot-generated tests follow the TDD workflow, we should do the same.
B is incorrect as this does not fall into TDD workflow
C is incorrect as this is only updating/modifying the code but it does not fall into TDD workflow too.
D is incorrect as there is no such mode.

4. Which of these scenarios could cause GitHub Copilot to generate non-functional or incorrect test cases?

🟢 B) Providing incomplete function definitions without parameter types

Note

A is incorrect, without internet connection, Copilot cannot work.
C & D are incorrect as they won't lead to incorrect test cases, although that it is not recommended
B is correct becuase your definitions isn't complete.

5. GitHub Copilot Chat provides enhanced debugging capabilities. Which of the following strategies improve debugging efficiency?

(Choose two correct answers.)
🟢 A) Asking Copilot Chat to explain unexpected test failures
🟢 C) Providing error logs to Copilot Chat for step-by-step troubleshooting

Note

A is correct, asking Copilot to explain would help us to understand the reason and improve it.
C is correct, with the logs, GitHub Copilot could offer more targeted suggestions.

6. You are working on an API that processes large JSON payloads. Copilot keeps generating tests with small sample data. How do you fix this?

🟢 B) Provide comments specifying ‘test with large JSON data’ before invoking Copilot

Note

A is incorrect, we need to have additional manual effort.
B is correct, we specific ‘test with large JSON data’ in prompt would work
C is incorrect, there is no such setting.
D is incorrect, increasing timeout does not generate large JSON playloads.

7. What is the primary function of GitHub Copilot’s content exclusion settings?

🟢 B) Restrict Copilot from suggesting code similar to private repositories

Note

A is incorrect, GitHub Copilot does not access internal documentation.
B is correct, We could exclude repo so that GitHub Copilot won't use the content to inform its suggestion
C is incorrect, We could not exclude specific types of data
D is incorrect, it doesn't help to limit GitHub Copilot to suggest insecure code patterns
Source: Manage content exclusions - Microsoft Learn

8. In what situation might GitHub Copilot generate insecure code, even when security settings are enabled?

(Choose two correct answers.)
🟢 B) When Copilot generates code for outdated cryptographic practices like MD5 hashing
🟢 D) When Copilot generates suggestions based on similar insecure patterns from public repositories

Note

A is incorrect, it is not cause insecure code.
B is correct, outdated cryptographic is already a secure issue.
C is incorrect, with this settings won't help stopping the chance that GitHub Copilot generate insecure code
D is correct, GitHub Copilot is trained on public repo and it will generate similar insecure code if some public repo contains insecure code.
Resource: Finding existing vulnerabilities in code

9. You are using GitHub Copilot to generate tests for a function handling financial transactions. However, Copilot consistently misses testing for integer overflow errors. What should you do?

🟢 B) Explicitly add a comment describing edge cases, like integer overflows, before invoking Copilot

Note

B is correct as we could describe edge cases in the prompt to generate more appropriate test cases.
Resource: Exercise - Create unit tests for specific conditions by using GitHub Copilot

10. When writing JavaScript tests with Jest, how can you ensure Copilot generates async test cases correctly?

🟢 B) Provide comments specifying ‘test async functions’

Note

B is correct, we could explicit instruct GitHub Copilot to generate async test cases like this.

11. A developer is generating test cases using Copilot Chat in Visual Studio Code but notices that Copilot is not suggesting relevant test scenarios. What could be the reason?

🟢 C) Copilot is missing necessary function comments or contextual prompts

Note

A is incorrect, as GitHub Copilot is already trained to write test cases
B is incorrect, it could still able to generate tests
D is incorrect, as long as you have installed the test framework package added to your project, GitHub Copilot should be able to generate test cases.
Resource: Visual Studio Code support for unit tests

12. Which of the following GitHub Copilot SKUs offers enterprise-wide content exclusion settings for security-sensitive codebases?

🟢 C) GitHub Copilot Enterprise

Note

Only Enterprise provides enterprise-wide context exclusion settings.

13. You want Copilot to generate secure cryptographic implementations. Which of these approaches is the best?

🟢 A) Specify ‘Use secure cryptographic methods’ in comments

Note

A is correct. It is the same as generate test cases for Edge cases. We could explicitly specify it in the prompt when asking GitHub Copilot to generate.

14. You have a function handling user authentication, and Copilot generates the following test case: What is the most critical issue with this test?

🟢 D) All of the above

Note

All A, B, C are correct. This test case does not handle edge cases. It also hardcoded credtial, and there is missing negative test cases.

15. Which of the following GitHub Copilot security safeguards help mitigate accidental exposure of credentials in generated code?

(Choose two correct answers.)
🟢 B) Copilot respects repository secrets settings and avoids using secret keys in suggestions
🟢 D) GitHub Copilot’s content filters prevent suggesting hardcoded credentials

Note

B & D are correct, GitHub Copilot could only avoid generating credentials
A is incorrect, GitHub Copilot does not able to remove.
C is incorrect, GitHub Copilot does not flag and block, instead you could apply Content Exclusion

[RAVINDRA8008]

Day 3 of the final week, and the momentum is strong! 🚀 Today’s focus: mastering testing, security, and performance with GitHub Copilot. Loving the hands-on learning—so many new ways to improve code quality! 💻🔥 What’s been your biggest takeaway so far? Let’s share and learn together! 💪 #GitHubCopilot #LevelUp #CodeBetter

[johnniekpng]

Here are my answers:

1. When leveraging GitHub Copilot for unit testing, what is the most effective strategy to ensure the generated test cases cover edge cases? (Choose two correct answers.)

B) Provide explicit comments describing edge case scenarios before writing the function: This gives Copilot context, guiding it to generate tests for those specific scenarios.
C) Use a combination of property-based testing and manually crafted assertions: Property-based testing generates many inputs, helping to find edge cases. Manually crafted assertions ensure specific, critical edge cases are tested. Copilot can assist with both.

2. Copilot suggests a test case that fails due to floating-point precision errors. What should you do?

B) Modify assertions to account for precision tolerance: Floating-point arithmetic often leads to slight inaccuracies. Instead of expecting exact equality, use assertions that check if the result is within an acceptable range.

3. You need to ensure that Copilot-generated tests follow a Test-Driven Development (TDD) workflow. What is the best approach?

A) Write failing test cases before implementing the function: This is the core principle of TDD. Copilot can help you write these initial failing tests based on your descriptions of the intended functionality.

4. Which of these scenarios could cause GitHub Copilot to generate non-functional or incorrect test cases?

B) Providing incomplete function definitions without parameter types: Copilot relies on context. Without type information, it may make incorrect assumptions, leading to flawed tests.

5. GitHub Copilot Chat provides enhanced debugging capabilities. Which of the following strategies improve debugging efficiency? (Choose two correct answers.)

A) Asking Copilot Chat to explain unexpected test failures: Copilot Chat can analyze the code and failure to provide insights.
C) Providing error logs to Copilot Chat for step-by-step troubleshooting: This gives Copilot Chat the necessary context to understand the problem.

6. You are working on an API that processes large JSON payloads. Copilot keeps generating tests with small sample data. How do you fix this?

B) Provide comments specifying ‘test with large JSON data’ before invoking Copilot: Explicitly instructing Copilot about the data size is the most direct way to influence its output.

7. What is the primary function of GitHub Copilot’s content exclusion settings?

B) Restrict Copilot from suggesting code similar to private repositories: Content exclusion prevents Copilot from using or suggesting code from specified files or directories. This is crucial for protecting sensitive code, proprietary algorithms, or internal documentation. It also helps to prevent Copilot from completing code or answering chat prompts.

8. In what situation might GitHub Copilot generate insecure code, even when security settings are enabled? (Choose two correct answers.)

B) When Copilot generates code for outdated cryptographic practices like MD5 hashing: Copilot's training data might include outdated or insecure practices.
D) When Copilot generates suggestions based on similar insecure patterns from public repositories: This is a fundamental risk. Copilot learns from public code, which may contain vulnerabilities.

9. You are using GitHub Copilot to generate tests for a function handling financial transactions. However, Copilot consistently misses testing for integer overflow errors. What should you do?

B) Explicitly add a comment describing edge cases, like integer overflows, before invoking Copilot: Directly guiding Copilot with specific edge case instructions is key.

10. When writing JavaScript tests with Jest, how can you ensure Copilot generates async test cases correctly?

B) Provide comments specifying ‘test async functions’: Clear communication with Copilot through comments is generally the best approach.

11. A developer is generating test cases using Copilot Chat in Visual Studio Code but notices that Copilot is not suggesting relevant test scenarios. What could be the reason?

C) Copilot is missing necessary function comments or contextual prompts: Copilot needs context to generate relevant suggestions. Lack of comments or clear instructions is the most likely cause.

12. Which of the following GitHub Copilot SKUs offers enterprise-wide content exclusion settings for security-sensitive codebases?

C) GitHub Copilot Enterprise: Enterprise offers the most comprehensive features, including organization-wide content exclusion.
Content exclusion is also available for Copilot Business.

13. You want Copilot to generate secure cryptographic implementations. Which of these approaches is the best?

A) Specify ‘Use secure cryptographic methods’ in comments: Guiding Copilot with specific instructions is the most reliable way to influence its output towards security.

14. You have a function handling user authentication, and Copilot generates the following test case:
def test_authenticate_user():
assert authenticate("admin", "password123") == True
What is the most critical issue with this test?

D) All of the above:
B) It uses hardcoded credentials, which is a security risk: Storing or testing with hardcoded credentials (such as "admin" and "password123") is a bad practice. If this code were exposed or shared, it could reveal sensitive information or give attackers a template for brute-force attacks.

A) The test lacks edge cases: The test only evaluates one specific case: successful authentication with "admin" and "password123". It doesn't test edge cases such as invalid usernames, incorrect passwords, empty inputs, or special characters.
C) Copilot should generate negative test cases as well: A comprehensive test suite for authentication should include negative test cases to ensure the system handles failure scenarios properly.

15. Which of the following GitHub Copilot security safeguards help mitigate accidental exposure of credentials in generated code? (Choose two correct answers.)

A) Copilot automatically detects API keys and removes them: Copilot has filters to identify and block common insecure patterns, including hardcoded credentials.
B) Copilot respects repository secrets settings and avoids using secret keys in suggestions: GitHub Copilot is designed to work with your repository’s secret settings so that any secrets stored there are not inadvertently exposed through AI-generated suggestions.
D) GitHub Copilot’s content filters prevent suggesting hardcoded credentials: This is a key security feature of Copilot.
Copilot has an AI-based vulnerability prevention system.

[mvark]

The wording of Q14 is tricky as it asks for "the most critical issue" but provides an option to select all 3 choices.

[hemanthnutakki]

We're in the final stretch! 🚀 This journey with GitHub Copilot has been incredible, and the last week is set to be full of valuable insights. Time to dive deep into testing, security, and performance optimization. Let’s stay focused and finish strong! 💪🔥 #GitHubCopilot #KeepLearning

[hemanthnutakki]

Day 3 of the final week, and the momentum just keeps building! 🚀 Today’s deep dive is all about mastering testing, security, and performance optimization with GitHub Copilot. It’s incredible to see how AI can enhance code quality, catch vulnerabilities, and suggest optimizations in real time.

Loving the hands-on learning—there are so many techniques to refine workflows and write more robust, efficient code! 💻🔥

What’s been your biggest takeaway so far? Let’s share our insights and learn from each other as we push toward the finish line! 💪 #GitHubCopilot #CodeBetter #KeepLearning

[mvark]

My answers with reasoning to Week 4 questions -

1. B, C) When leveraging GitHub Copilot for unit testing, the most effective strategies to ensure the generated test cases cover edge cases are:

• Providing explicit comments describing edge case scenarios before writing the function
• Using a combination of property-based testing and manually crafted assertions

2 B) When dealing with floating-point precision errors in test cases suggested by Copilot, the most effective approach is to modify the assertions to account for a precision tolerance. This is because floating-point calculations can often result in small discrepancies due to the inherent imprecision of representing decimal numbers in binary. By allowing for a small margin of error (tolerance) in the assertions, you can make the test more robust and less prone to failing due to minor precision issues.

Python's math.isclose function can be used to compare two floating-point numbers with a specified tolerance.

3 A) To ensure that Copilot-generated tests follow a Test-Driven Development (TDD) workflow, the best approach is to write failing test cases before implementing the function. This aligns with the core principles of TDD, which emphasizes writing tests before writing the actual code.

While it sounds appealing, there is currently no specific "TDD mode" in Copilot.

4 B) GitHub Copilot may generate non-functional or incorrect test cases if incomplete function definitions without parameter types are provided. This is because Copilot may not be able to infer the correct data types, function behavior, or edge cases.

Copilot doesn't work offline at all, so without an internet connection it won't generate any code rather than incorrect code.

5 A,C)To improve debugging efficiency:

• Ask Copilot Chat to explain unexpected test failures
• Provide error logs to Copilot Chat for step-by-step troubleshooting

6 B) You are working on an API that processes large JSON payloads. If Copilot keeps generating tests with small sample data, provide comments specifying ‘test with large JSON data’ before invoking Copilot. By explicitly mentioning "test with large JSON data" in comments, you signal the intent to generate tests with substantial payloads.

7 B) The primary function of GitHub Copilot’s content exclusion settings is to restrict Copilot from suggesting code similar to private repositories.

When you exclude certain files or directories, GitHub Copilot won't use the content in those files to inform its suggestions. This action can lead to more secure and compliant code suggestions. It's essential to carefully analyze which files should be excluded to balance security and functionality.

8 B, D) Even with security settings enabled, GitHub Copilot may still generate code that uses outdated or insecure cryptographic practices, such as MD5 hashing, if it's trained on codebases that use these practices. This is because Copilot's primary goal is to generate code that is similar to what it has seen before, rather than to ensure the security of the generated code.

Similarly, if Copilot is trained on public repositories that contain insecure code patterns, it may generate suggestions that replicate these patterns, even if security settings are enabled. This is because Copilot's training data is sourced from public repositories, which may not always reflect the latest security best practices.

While Copilot Chat can help find some common security vulnerabilities and help you fix them, you should not rely on Copilot for a comprehensive security analysis. Using security tools and features will more thoroughly ensure your code is secure.

9 B) If Copilot consistently misses testing for integer overflow errors, explicitly add a comment describing edge cases, like integer overflows, before invoking Copilot

By explicitly mentioning integer overflow cases in comments, you're directly guiding Copilot to consider these scenarios. Comments serve as prompts that influence the generated code's focus and coverage.

Copilot doesn't have configuration settings for test generation strictness.

10 B) When writing JavaScript tests with Jest, you can ensure Copilot generates async test cases correctly by providing comments specifying ‘test async functions’.

Comments like "// async test" or "// test async function" signal to Copilot that the test involves asynchronous operations

Jest is an open source project maintained by Facebook, and it's especially well suited for React code testing.

11 C) If Copilot Chat in Visual Studio Code is not suggesting relevant test scenarios, a likely reason is that Copilot is missing necessary function comments or contextual prompts.

GitHub Copilot Chat uses your code's context and semantics to suggest assertions that ensure the function is working correctly.

12 C) GitHub Copilot Enterprise offers enterprise-wide content exclusion settings for security-sensitive codebases.

Organizations and enterprises with a subscription to GitHub Copilot Business or GitHub Copilot Enterprise can prevent Copilot from accessing certain content.

13 B) If you want Copilot to generate secure cryptographic implementations, copying Copilot’s first suggestion and manually verifying security is the best approach among the provided options. It balances Copilot’s assistance with human verification. This ensures that any potential vulnerabilities are identified and addressed before deployment.

While specifying ‘Use secure cryptographic methods’ in comments can guide Copilot, it does not guarantee that the generated code will be secure as the prompt is too generic. Copilot may not fully interpret or implement the security requirements as intended.

There is no explicit "security-enhanced mode" to enable.

As the question explicitly states "You want Copilot to generate secure cryptographic implementations." disabling Copilot when writing encryption functions entirely doesn't seem like a good option.

14 B) The most critical issue with this test case:
def test_authenticate_user():
assert authenticate("admin", "password123") == True
...is that it uses hardcoded credentials, which is a security risk.

The question mentions "most critical issue" so "All of the above" doesn't seem reasonable.

15 B, D) The following GitHub Copilot security safeguards help mitigate accidental exposure of credentials in generated code?
Copilot respects repository secrets settings and avoids using secret keys in suggestions
GitHub Copilot’s content filters prevent suggesting hardcoded credentials
While Copilot has preventive measures, it doesn't automatically detect and remove API keys after they're generated. It tries to prevent suggesting them in the first place.

Copilot does more than just flag patterns; it actively tries to prevent suggesting insecure code.