A security lead is defining autonomy levels for GitHub Copilot use across several repositories. Match each autonomy level to the most appropriate guardrail. Which mapping is correct?
1. Chat-only design assistance
2. Agent creates draft pull requests
3. Agent uses external MCP tools
4. Agent changes security-sensitive code
A. Require human review and passing checks before merge
B. Limit tools, secrets, and network access explicitly
C. Keep output advisory and review manually
D. Require CODEOWNERS and security review gates
E. Allow direct commits to protected default branch
F. Disable audit trails for faster iterationChoose an answer
Tap an option to check your answer.
Correct answer: 1-C, 2-A, 3-B, 4-D.
Why this is the answer
For chat-only design assistance (1), the output is advisory and should be reviewed manually (C) as it's not directly executable code. When an agent creates draft pull requests (2), requiring human review and passing checks before merging (A) ensures quality and correctness before integration. If an agent uses external MCP (Managed Cloud Provider) tools (3), limiting tools, secrets, and network access explicitly (B) is crucial to minimize potential attack surfaces and unauthorized actions. For an agent changing security-sensitive code (4), requiring CODEOWNERS and security review gates (D) adds essential layers of human oversight and specialized security scrutiny due to the high-risk nature of the changes.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed