A security reviewer is investigating a Copilot-created pull request that modified payment validation code. The reviewer needs to prove which agent session produced the changes and who initiated the work. Which option best explains the traceability evidence? Select one answer.
Enterprise audit log search:
query: action:pull_request.create actor:Copilot repo:octo-org/payments-api
timestamp=2026-05-27T01:43:12Z
action=pull_request.create
repo=octo-org/payments-api
actor=Copilot
actor_is_agent=true
user=maya-dev
agent_session_id=38e5c8a2-72b1-43a7-b623-55c0a7f8b901
pull_request=142
head_ref=copilot/fix-payment-rounding
Pull request timeline:
01:42 Copilot started work
01:43 Copilot pushed commit 92a71bc
01:44 Copilot opened draft pull request #142Choose an answer
Tap an option to check your answer.
Correct answer: The session ID links Copilot activity to maya-dev.
Why this is the answer
The correct answer is "The session ID links Copilot activity to maya-dev" because the audit log clearly shows agentsessionid=38e5c8a2-72b1-43a7-b623-55c0a7f8b901 and user=maya-dev. This directly links the specific Copilot session that made the changes to the user who initiated it, providing the required traceability. "The PR is approved because Copilot opened it" is incorrect; opening a PR does not equate to approval. "The workflow actor owns the change request" is too general and doesn't specify how ownership is proven in this context. "The draft state hides audit log attribution" is incorrect; the audit log explicitly attributes the action regardless of the PR's draft status.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed