Chapter 17 Quiz: GitHub Copilot and AI Code Assistants
Test your understanding of AI coding tools, trust calibration, and effective workflows. For each question, consider your answer before revealing it.
Question 1
What does GitHub Copilot use as its primary context signal when generating inline suggestions?
A) Your entire GitHub repository B) The current file, including code above and below the cursor C) Only the line immediately above the cursor D) Your project's README file
Answer
**B) The current file, including code above and below the cursor** Copilot reads the current file as its primary context — your imports, function names, variable names, comments, and the code structure surrounding your cursor position. It also reads other open files in your editor and, in Business/Enterprise tiers, can access broader repository context. But the current file is always the primary signal.Question 2
Which of the following is the most effective way to guide Copilot toward a specific implementation?
A) Use generic function names like process() or handle()
B) Write a precise, detailed comment immediately above the function describing inputs, outputs, constraints, and error handling
C) Let Copilot generate freely without context and pick the best suggestion
D) Only use Copilot for functions that already exist in open-source projects
Answer
**B) Write a precise, detailed comment immediately above the function describing inputs, outputs, constraints, and error handling** Copilot treats comments as intent specifications. The more specific and complete the comment — including input/output descriptions, error handling requirements, and constraints — the more likely the generated suggestion aligns with what you actually want. Vague comments produce vague code.Question 3
Which type of task warrants the HIGHEST level of trust in Copilot's suggestions with minimal review?
A) Authentication and session management code B) SQL query construction with user input C) Standard boilerplate patterns like Flask route setup or argparse configuration D) Cryptographic key generation
Answer
**C) Standard boilerplate patterns like Flask route setup or argparse configuration** Boilerplate code follows highly standardized patterns that appear thousands of times in training data. Copilot handles these reliably. Authentication, SQL with user input, and cryptography are all security-sensitive areas that require expert review regardless of how confident Copilot's suggestion appears.Question 4
Copilot suggests this database query in your code:
query = f"SELECT * FROM users WHERE email = '{user_email}'"
What is the problem?
A) The query is not using an ORM B) The f-string formatting is inefficient C) This is vulnerable to SQL injection because user input is interpolated directly into the query string D) The SELECT * pattern is bad practice
Answer
**C) This is vulnerable to SQL injection because user input is interpolated directly into the query string** Direct string interpolation of user input into SQL queries is a classic SQL injection vulnerability. An attacker can insert SQL syntax in the `user_email` value to manipulate the query. The correct approach is parameterized queries:cursor.execute("SELECT * FROM users WHERE email = ?", (user_email,))
Question 5
What is the primary difference between GitHub Copilot and Cursor?
A) Copilot only works with Python; Cursor works with all languages B) Cursor is a standalone AI-first IDE with deeper context capabilities; Copilot is a plugin for existing editors C) Copilot is free; Cursor requires a paid subscription D) Cursor only works with OpenAI models; Copilot works with any model
Answer
**B) Cursor is a standalone AI-first IDE with deeper context capabilities; Copilot is a plugin for existing editors** Cursor is a fork of VS Code rebuilt around AI as a first-class participant — not an add-on. Its Composer feature can edit multiple files simultaneously, and it can index and query across your entire codebase. Copilot adds AI capabilities to existing editors (VS Code, JetBrains, etc.) without replacing the editor itself. Both have paid tiers. Both support multiple languages.Question 6
When Copilot suggests an import for a package you have not used before, what should you do before running the code?
A) Trust Copilot — it has seen all public Python packages B) Run the code and see if it imports successfully C) Verify the package exists on the appropriate registry, confirm you're installing the legitimate package, and check the API against current documentation D) Only import packages you wrote yourself
Answer
**C) Verify the package exists on the appropriate registry, confirm you're installing the legitimate package, and check the API against current documentation** Copilot can hallucinate package names that do not exist, suggest deprecated packages, suggest packages that exist but have different APIs than suggested, or (in documented real-world cases) suggest package names that have been squatted by malicious actors. Always verify before installing a new dependency suggested by AI.Question 7
A developer uses Copilot's /tests command to generate a test suite for their function. The generated test includes:
def test_process_data():
result = process_data([1, 2, 3])
assert result is not None
What is wrong with this test?
A) pytest syntax is incorrect B) The test passes as long as the function doesn't raise an exception or return None, regardless of whether it produces correct output C) The test is testing the wrong function D) The assertion style is deprecated
Answer
**B) The test passes as long as the function doesn't raise an exception or return None, regardless of whether it produces correct output** `assert result is not None` is a trivially passing test for most functions. It tests almost nothing meaningful — only that the function didn't crash and didn't explicitly return None. A useful test would check the actual content of the result, verify it has the expected structure, confirm specific values are correct, or test that specific inputs produce specific outputs. Copilot-generated tests are sometimes trivially weak like this. Always review generated tests for meaningful assertions.Question 8
Which is the best use of conversational AI (Claude, ChatGPT) compared to Copilot in a development workflow?
A) Generating specific function implementations inside the editor B) Architecture discussions, design tradeoffs, and reasoning through complex problems C) Generating inline autocomplete suggestions as you type D) Running tests and viewing test output
Answer
**B) Architecture discussions, design tradeoffs, and reasoning through complex problems** Conversational AI excels at extended reasoning conversations: explaining tradeoffs, discussing architectural approaches, helping you think through complex problems, and providing educational explanations. Copilot excels at in-editor context-aware suggestions and rapid implementation of well-defined patterns. The tools are complements, not substitutes.Question 9
What does research on GitHub Copilot's productivity impact most consistently show?
A) Copilot reduces code quality significantly and should only be used for throwaway scripts B) Productivity gains are largest for boilerplate-heavy tasks; code quality outcomes depend heavily on whether developers review suggestions carefully C) Less experienced developers benefit most from Copilot D) Copilot produces productivity improvements only for teams over 10 developers
Answer
**B) Productivity gains are largest for boilerplate-heavy tasks; code quality outcomes depend heavily on whether developers review suggestions carefully** GitHub's research found average task completion speed improvements of around 55%, concentrated in boilerplate-heavy work. Research on code quality is more mixed — some studies find similar error rates to manually written code, others find elevated bug rates in AI-assisted code when developers accept suggestions without careful review. The experience paradox also holds: more experienced developers tend to get more from Copilot because they can evaluate suggestions more quickly and accurately.Question 10
Copilot suggests the following password comparison:
if user.stored_password == provided_password:
return True
What is the security issue?
A) Using == for comparison is not valid Python
B) Storing and comparing plaintext passwords, and using non-constant-time comparison that enables timing attacks
C) The variable names are not PEP 8 compliant
D) This will fail if the password contains special characters
Answer
**B) Storing and comparing plaintext passwords, and using non-constant-time comparison that enables timing attacks** Two issues: passwords should never be stored or compared as plaintext — they should be hashed with a strong algorithm like bcrypt or Argon2. Second, even if comparing hashes, regular equality comparison is vulnerable to timing attacks: an attacker can measure small differences in comparison time to learn information about the correct hash. Use `hmac.compare_digest()` for constant-time comparison, and use a proper password hashing library like `bcrypt` or `passlib`.Question 11
Why do more experienced developers tend to get more value from Copilot than less experienced ones?
A) Copilot's interface is designed for experienced developers and is hard for beginners to use B) More experienced developers can quickly evaluate whether a suggestion is correct and catch problems before they become bugs; less experienced developers may accept suggestions they cannot evaluate C) Copilot only suggests advanced code patterns that beginners would not understand D) Less experienced developers do not have access to Copilot subscriptions
Answer
**B) More experienced developers can quickly evaluate whether a suggestion is correct and catch problems before they become bugs; less experienced developers may accept suggestions they cannot evaluate** This "experience paradox" emerges consistently in research. The value of AI code suggestions depends on the human's ability to evaluate them. Experienced developers have the background to rapidly assess whether a suggestion is correct, complete, and appropriate — so they get the speed benefits without incurring quality costs. Less experienced developers may lack the background to catch subtle errors, meaning they can introduce bugs they also cannot easily diagnose.Question 12
Which of the following is the most appropriate use of the /doc Copilot Chat command?
A) Generating the complete documentation website for your project B) Generating an initial docstring for an existing function, which you then review and enhance with context AI cannot know C) Replacing all inline comments in your codebase automatically D) Generating API documentation for public-facing endpoints without review
Answer
**B) Generating an initial docstring for an existing function, which you then review and enhance with context AI cannot know** AI-generated documentation accurately describes what code does mechanically — parameters, return values, basic behavior. It consistently misses why: the business context, design decisions, caveats, historical reasons for implementation choices. Use `/doc` for the structural scaffolding of documentation, then add the contextual knowledge that only humans who understand the system can provide.Question 13
What is a key differentiator of Amazon CodeWhisperer (Amazon Q Developer) compared to other AI coding assistants?
A) It is the only free option among major AI code assistants B) It only supports Java programming C) Deep integration with AWS services, including AWS-specific security scanning and AWS SDK suggestions D) It works offline without any internet connection
Answer
**C) Deep integration with AWS services, including AWS-specific security scanning and AWS SDK suggestions** Amazon Q Developer's primary differentiation is its deep integration with the AWS ecosystem. It can suggest correct AWS SDK calls, reference AWS service documentation, and flag security issues specific to AWS configurations. For teams building primarily on AWS, this domain-specific knowledge creates value that general-purpose tools cannot match. Tabnine, not Amazon Q, is the primary tool differentiating on self-hosted/privacy options.Question 14
When asking Copilot Chat to debug a problem, which approach is most likely to produce useful output?
A) "My code doesn't work. Fix it." B) "What is wrong with this function?" followed by the function code C) Providing the full error message with stack trace, the relevant code, the language/framework context, when the error occurs, and what you've already tried D) Asking multiple unrelated questions in a single chat message
Answer
**C) Providing the full error message with stack trace, the relevant code, the language/framework context, when the error occurs, and what you've already tried** Structured debugging prompts produce structured, useful responses. AI assistants diagnose better when they have all the relevant information upfront: the exact error, the stack trace, the code producing it, the environmental context, and the reproduction conditions. "Fix it" gives the assistant almost no information to work with. The debugging template in the chapter formalizes this principle.Question 15
Which statement best describes the appropriate mental model for AI code assistants?
A) AI code assistants are reliable enough to accept suggestions without review for most tasks B) AI code assistants are too unreliable to use in production codebases C) AI code assistants function like a fast, knowledgeable junior developer who lacks your specific project context, security requirements, and business rules — useful for many tasks but requiring review calibrated to task risk D) AI code assistants are primarily useful for experienced developers who already know the correct answer and want to type it faster