Chapter 30: Quiz
Test your understanding of code review and quality assurance concepts. Each question has one best answer unless otherwise noted.
Question 1
What is the primary reason code review becomes more critical when working with AI-generated code?
A) AI-generated code is always lower quality than human-written code B) The developer who commits AI-generated code may not have reasoned through every line C) AI-generated code cannot be tested effectively D) Regulatory requirements mandate review of all AI-generated code
Answer
B — The Responsibility Principle states that developers take full responsibility for code they commit, regardless of whether it was AI-generated. The key challenge is that the developer may not have reasoned through every line, making review the critical verification step before code enters the shared codebase.Question 2
Which of the following is NOT a strength of AI code reviewers?
A) Consistent application of rules across all reviews B) Ability to analyze large changesets quickly C) Understanding whether code solves the right business problem D) Precise recall of language specifications
Answer
C — AI reviewers excel at consistency, speed, and technical accuracy. However, understanding whether code solves the correct business problem requires domain knowledge and context that AI reviewers lack unless explicitly provided. This is a key area where human reviewers are irreplaceable.Question 3
In a progressive quality gate rollout, which checks should be implemented in Phase 1 (Foundation)?
A) Strict type checking, mutation testing, complexity thresholds B) Formatting, basic linting, existing tests must pass C) Security scanning, coverage minimum at 80%, documentation checks D) AI-powered review, architecture analysis, performance profiling
Answer
B — Phase 1 focuses on foundational checks that are easy to adopt and provide immediate value: formatting (ruff format), basic linting (ruff check with default rules), and ensuring existing tests pass. More advanced checks like strict type checking, security scanning, and complexity thresholds are introduced in later phases.Question 4
What is the cyclomatic complexity of a function with one if-elif-else block containing three conditions and one nested for loop with an if statement inside?
A) 3 B) 4 C) 5 D) 6
Answer
C — Cyclomatic complexity starts at 1 (for the function itself). The if-elif-else block has three conditions: the initial `if` (+1), `elif` (+1), and the `else` is not counted separately. The `for` loop (+1) and the nested `if` (+1) add to the total. So: 1 (base) + 2 (if/elif) + 1 (for) + 1 (nested if) = 5.Question 5
Which Python tool has become the modern standard for linting due to being 10-100x faster than alternatives?
A) Pylint B) Flake8 C) Ruff D) Black
Answer
C — Ruff has rapidly become the standard Python linter due to its exceptional speed (10-100x faster than alternatives like Pylint and Flake8) and its comprehensive rule set that can replace multiple older tools in a single package.Question 6
What does the "B" rule prefix in Ruff configuration check for?
A) Built-in shadowing (flake8-builtins) B) Bugbear patterns (flake8-bugbear) C) Bandit security issues D) Boolean complexity
Answer
B — The "B" prefix in Ruff maps to flake8-bugbear rules, which catch common bug patterns and design problems. The "A" prefix handles built-in shadowing (flake8-builtins), and "S" handles security issues (flake8-bandit).Question 7
How does cognitive complexity differ from cyclomatic complexity?
A) Cognitive complexity counts lines of code while cyclomatic complexity counts branches B) Cognitive complexity adds penalties for nesting depth and non-linear flow C) Cognitive complexity only applies to object-oriented code D) Cognitive complexity is always higher than cyclomatic complexity
Answer
B — Cognitive complexity, developed by SonarSource, accounts for nesting depth (each nesting level adds extra points) and recognizes that some structures like `break` and `continue` are harder to follow. Cyclomatic complexity treats all decision points equally regardless of nesting depth.Question 8
A maintainability index of 58 indicates that the code is:
A) Highly maintainable B) Moderately maintainable C) Difficult to maintain D) Cannot be determined without additional metrics
Answer
C — The maintainability index scale rates code as: 85-100 (highly maintainable), 65-84 (moderately maintainable), and 0-64 (difficult to maintain). A score of 58 falls in the "difficult to maintain" range.Question 9
Which of the following is a common way AI coding assistants introduce technical debt?
A) Writing code that is too well-documented B) Using overly modern language features C) Generating similar but not identical code for related functionality D) Adding too many unit tests
Answer
C — AI often generates similar but not identical code for related functionality, creating duplication (pattern repetition) that should be abstracted into shared utilities. This is one of the primary mechanisms through which AI creates technical debt.Question 10
In the technical debt prioritization matrix, which combination should be fixed immediately?
A) High impact, low change frequency B) Low impact, high change frequency C) Low impact, low change frequency D) High impact, high change frequency
Answer
D — Code that has both high impact (affects reliability, security, or development speed) and high change frequency (modified often) should be the first target for debt reduction. This combination means the debt causes pain frequently and affects critical functionality.Question 11
What is the recommended maximum size for a code review changeset?
A) 50-100 lines B) 200-400 lines C) 500-1000 lines D) No limit if the code is AI-generated
Answer
B — Research consistently shows that review effectiveness drops dramatically for large changesets. The recommended range is 200-400 lines of code changes. Larger changesets should be broken into smaller, logical chunks for review.Question 12
Which review feedback label indicates a mandatory change before merge?
A) [SHOULD] B) [COULD] C) [MUST] D) [NIT]
Answer
C — [MUST] indicates a required change before merge, typically for bugs or security issues. [SHOULD] is strongly recommended but not blocking, [COULD] is optional, and [NIT] is for trivial stylistic preferences.Question 13
When reviewing AI-generated code, what is a "hallucinated API"?
A) An API that is poorly documented B) A call to a function, method, or library that does not actually exist C) An API endpoint that returns incorrect data D) A deprecated API that still works
Answer
B — Hallucinated APIs occur when AI models generate calls to functions, methods, or libraries that do not exist. This is a unique risk with AI-generated code that reviewers must specifically check for during the review process.Question 14
What does the "Quality Ratchet" technique ensure?
A) Quality metrics increase by a fixed percentage each sprint B) Quality metrics can only go up, never down C) Every PR must improve at least one quality metric D) Quality improvements are tracked in a separate backlog
Answer
B — The Quality Ratchet technique sets a rule that quality metrics can only go up (or stay the same), never go down. For example, if test coverage is at 78%, no PR can reduce it below 78%. This prevents gradual degradation while allowing flexible progress.Question 15
In the recommended Human-AI Review Loop, what is the correct order of steps?
A) AI review → Human review → Automated tools → Developer self-review B) Developer generates → Automated tools → AI review → Human review C) Developer generates → Developer self-review → Automated tools → AI review → Human review D) Developer generates → Human review → AI review → Automated tools
Answer
C — The correct order is: (1) Developer generates code with AI, (2) Developer performs self-review, (3) Automated tools analyze, (4) AI performs preliminary review, (5) Human peer reviewer examines, (6) Developer addresses feedback. This progressively escalates from fast automated checks to deeper human analysis.Question 16
Which Bandit rule ID detects the use of eval() or exec()?
A) B101 B) B303 C) B307 D) B608
Answer
C — B307 detects the use of `eval()` or `exec()`, which can be security vulnerabilities. B101 detects assert usage, B303 detects insecure hash functions, and B608 detects SQL injection via string formatting.Question 17
What is the recommended investment ratio for balancing feature work and quality improvement?
A) 95/5 (features/quality) B) 80/20 (features/quality) C) 50/50 (features/quality) D) 100/0 (features only, quality is implicit)
Answer
B — A common ratio is 80/20: 80% feature work and 20% quality improvement (refactoring, test writing, documentation, dependency updates). Some teams follow Google's 70/20/10 model. Dedicating explicit time to quality improvement prevents gradual accumulation of technical debt.Question 18
Which of the following is a WARNING signal of poor quality culture?
A) Developers voluntarily write tests before being asked B) Review comments are predominantly constructive and educational C) Pre-commit hooks are routinely skipped D) Technical debt discussions happen proactively
Answer
C — Routinely skipping pre-commit hooks is a warning signal of poor quality culture. The other options (voluntary testing, constructive reviews, proactive debt discussions) are all positive signals indicating a healthy quality culture.Question 19
When configuring mypy for strict type checking, which option disallows functions without type annotations?
A) warn_return_any = true
B) check_untyped_defs = true
C) disallow_untyped_defs = true
D) no_implicit_optional = true
Answer
C — `disallow_untyped_defs = true` requires that all function definitions have type annotations. `warn_return_any` warns when functions return `Any`, `check_untyped_defs` still checks functions without annotations (but allows them), and `no_implicit_optional` disallows implicit `Optional` types.Question 20
What is the primary purpose of the AI Assistance Disclosure section in a PR template?
A) To assign blame if the code has bugs B) To ensure transparency about AI tool usage for appropriate review C) To track AI tool licensing costs D) To comply with AI regulation laws
Answer
B — The AI Assistance Disclosure section promotes transparency about how code was generated so reviewers can adjust their review approach accordingly. AI-generated code may need different review focus areas (checking for hallucinated APIs, assumption validation, pattern alignment) than hand-written code.Question 21
In continuous quality monitoring, what matters more than absolute metric values?
A) The number of tools running in CI B) Trends over time C) Comparison with industry benchmarks D) The frequency of metric collection
Answer
B — Trends matter more than absolute values. A team at 75% test coverage that is steadily improving is healthier than a team at 85% that is slowly declining. Dashboards should prominently display trend indicators alongside absolute numbers.Question 22
Which of the following should be a NON-BLOCKING quality gate stage?
A) Linting B) Type checking C) AI-powered review D) Unit test execution
Answer
C — AI-powered review should be non-blocking (advisory). It provides feedback that human reviewers can consider, but it should not automatically block merges because AI review can produce false positives and lacks the contextual judgment to make merge decisions. Linting, type checking, and test execution should be blocking gates.Question 23
What is the SQALE method used for?
A) Measuring test coverage B) Quantifying technical debt in terms of remediation time C) Calculating cyclomatic complexity D) Grading code review quality
Answer
B — SQALE (Software Quality Assessment based on Lifecycle Expectations) provides a framework for quantifying technical debt in terms of remediation time. For each issue, you estimate the time to fix it, then sum across all issues to get total technical debt, expressed as a ratio of total development time.Question 24
According to the chapter, how long should a code review session typically last before attention quality drops?
A) 15-30 minutes B) 60-90 minutes C) 2-3 hours D) There is no time limit for thorough reviews
Answer
B — Studies suggest that reviewers find the majority of issues within the first 60-90 minutes. After that, attention fades and quality drops. If a review takes longer than 90 minutes, the changeset is probably too large and should be broken into smaller pieces.Question 25
Which statement best captures the chapter's stance on AI-generated code review?
A) AI review will fully replace human review within two years B) Human review is unnecessary if automated tools are comprehensive enough C) The appropriate stance is "trust but verify" — use AI's productivity benefits while verifying through multiple review layers D) AI-generated code should never be committed to production repositories