A payments team wants Copilot cloud agent to handle low-risk dependency cleanup faster. The repository has required reviews, required status checks, secret scanning, and branch protection on main. The proposed policy lets Copilot research issues, create a branch, commit changes, and open a draft pull request. The policy does not allow Copilot to approve, mark ready, or merge its own pull request. Security wants delivery speed improved without removing accountability. Which autonomy level best fits this policy?
Choose an answer
Tap an option to check your answer.
Correct answer: Agent-created draft PRs with human merge gates.
Why this is the answer
The correct option, "Agent-created draft PRs with human merge gates," aligns perfectly with the described policy. Copilot researches, creates a branch, commits changes, and opens a draft pull request, but cannot approve or merge it. This maintains human oversight and accountability, satisfying the security team's requirement. "Chat-only suggestions" is too restrictive, as the policy allows Copilot to write to the repository. "Agent commits directly to the protected branch" is incorrect because the policy explicitly states Copilot opens a draft PR, not directly commits to main. "Automatic merge after Copilot code review passes" is also incorrect, as the policy prohibits Copilot from approving or merging its own PRs, requiring human intervention.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed