1. Amazon's "human-mandatory checks" concept refers to what category of review items?
✓ Correct — Correct.
Human-mandatory checks are specifically excluded from AI assistance because the model lacks the organizational context to evaluate them — not a question of seniority or formality.
2. A tiebreaker protocol that exists only in the team wiki but not in code review tooling will likely fail because:
Correct. The lesson states that protocols existing only in documentation and not in tooling will not be followed consistently under deadline pressure.
The lesson's argument is behavioral: deadline pressure causes people to skip documentation-only processes. Tooling enforcement is required for consistency.
3. What did the UK Government Digital Service find was the key factor in their decision log practice surviving seven years of team turnover?
✓ Correct — Correct. GDS attributed the practice's durability specifically to file-in-repo storage. External tools added friction that caused the practice to erode during leadership transitions.
GDS found that file-in-repo storage — numbered Markdown files at /docs/decisions/ — was the single factor that kept the practice alive through seven years of turnover. Proximity to code drives maintenance.
4. "Review quality variance" as defined in this module is distinct from "norm divergence" in what way?
Correct. Review quality variance is an individual-level phenomenon — the same code gets reviewed differently depending on who reviews it. Norm divergence is a team-level phenomenon — different teams develop different standards.
These are two distinct failure modes at different levels. Review quality variance is individual-level (reviewer identity determines outcome). Norm divergence is team-level (different teams have different implicit standards).
5. What does the DORA 2023 report identify as a key predictor of elite software delivery performance related to this module's topic?
✓ Correct — Correct. DORA 2023 identifies documentation quality as one of five predictors of elite delivery performance, with top quartile teams deploying 208× more frequently than the lowest quartile.
DORA 2023 cites documentation quality — not tooling or process metrics — as one of five elite team predictors. Top quartile documentation quality correlates with 208× higher deployment frequency.
6. The term "lint" originates from a tool written at Bell Labs in 1978. What language did it analyze?
Correct. Stephen Johnson's lint tool analyzed C code for suspicious constructs at Bell Labs in 1978.
Incorrect. The original lint tool was written by Stephen Johnson at Bell Labs to flag suspicious C constructs.
7. What is the correct status sequence for a decision record that was originally accepted and is now replaced by a newer decision?
✓ Correct — Correct. Superseded entries are never deleted — they move to Archived with a link to the replacement entry, preserving the historical record for post-incident analysis and audits.
The lifecycle is Active → Superseded → Archived, with the superseded entry linking to its replacement. Deletion is never correct — the historical chain has value for incident analysis and regulatory auditing.
8. "Accepted risk with compensating control" is listed as a legitimate suppression ground. What additional requirement must be met?
Correct. Accepted risk requires a named accountable person at the appropriate authority level — not just an engineer's informal judgment.
The lesson requires formal acceptance by a named accountable person at the appropriate authority level for this suppression category.
9. How does the module describe the relationship between a decision log entry and its associated PR?
✓ Correct — Correct. The decision log entry abstracts the key decision, while the PR retains the full deliberation — alternatives considered, timeline, code context. Both are needed; neither replaces the other.
The module uses the abstract/paper analogy: the entry summarizes the decision in retrievable form, while the PR preserves the full deliberation. Losing either half means losing part of the record.
10. In the two-level standards architecture, what is the correct description of the "domain-specific" tier?
Correct. The domain-specific tier is governed by domain leads, with override requiring sign-off and documented rationale — it sits between universal (no override) and team-local (free customization within bounds).
The domain-specific tier sits between universal and team-local. It requires domain lead sign-off for overrides but is not as strictly non-overridable as the universal tier.
11. Atlassian's 2019 State of Code Review report documented a team that achieved 100% Review Coverage Rate while simultaneously experiencing what outcome?
✓ Correct — Correct. This is the quintessential Goodhart's Law case for code review: 100% coverage achieved through rubber-stamp approvals, while EDR simultaneously increased 23%. Perfect compliance, worsening outcomes.
Incorrect. The Atlassian case showed EDR increasing by 23% despite perfect RCR — demonstrating that coverage compliance is not a proxy for review quality.
12. For a Critical/High severity finding where the human reviewer has LOW confidence in their counter-argument, the prescribed escalation path is:
Correct. Critical/High + low human confidence = immediate security lead review, no suppression permitted.
The matrix prescribes immediate security lead review with no suppression permitted for this combination.
13. A suppression rate of 70% or higher on a specific analysis rule should trigger what action, according to the lesson?
Correct. Rules with ≥70% suppression rates should be reviewed for retuning or removal — keeping them active conditions engineers to dismiss findings broadly.
The lesson prescribes review for retuning or removal — not automatic deletion or severity escalation.
14. After Heartbleed was disclosed in 2014, what specific change did the OpenSSL Foundation make to its development process?
Correct. The OpenSSL Foundation added mandatory Coverity scanning to their commit pipeline after Heartbleed.
Incorrect. The documented response was mandatory Coverity static analysis scanning on every commit — the same class of tool that would have caught the original vulnerability.
15. A "soft gate" in a CI pipeline is best described as:
Correct.
A soft gate logs a violation but allows the pipeline to continue — useful during ramp-up before converting to a hard gate.
16. Which of the following is the highest-priority defect class in AI-generated code — requiring the deepest correctness review?
Correct. Confident-but-wrong algorithm implementations — off-by-one errors, wrong complexity class, incorrect business logic — are the highest-priority defect class. They look polished and pass linting.
Incorrect. The highest-priority defect class is confidently incorrect algorithm implementations. They are syntactically polished and pass linting — but fail the correctness requirement, which is what matters most.
17. Apple's Security Engineering and Architecture (SEAR) team uses blind re-review for critical-severity findings. "Blind" means:
Correct. Blind re-review means the second engineer sees the code and finding but not the first reviewer's conclusion, reducing confirmation bias.
Blind re-review means the second reviewer does not see the first reviewer's conclusion — they evaluate independently to reduce confirmation bias.
18. What tag synonym ratio does the lesson identify as indicating retrieval failure risk?
✓ Correct — Correct. A tag synonym ratio above 2:1 — more than two tags per distinct concept — indicates that retrieval is likely to fail because searches for any single tag miss synonymous entries.
The lesson cites 2:1 as the retrieval failure threshold. Atlassian's Confluence research found teams typically reaching 4:1 within six months without a controlled vocabulary — double the danger threshold.
19. What approximate annual cost per engineer does raw event storage incur in a queryable data warehouse, according to the lesson?
✓ Correct — Correct. At $2–8/month per engineer per year of history, raw event storage is trivially inexpensive compared to the cost of being unable to retroactively recalculate metrics when definitions are found to be incorrect. Pre-aggregating to save storage cost is almost never the right trade-off.
Incorrect. Raw event storage costs approximately $2–8/month per engineer per year of history — trivially inexpensive given the value of maintaining the ability to retroactively redefine and recalculate metrics.
20. What is the correct tier assignment rule for a PR that adds a new package import and modifies a database query function — but does not touch authentication or cryptography?
Correct. New dependency introduction and database queries trigger Tier 2 — requiring a dependency audit (CVE check, approved registry) and injection zone check. Not Tier 3 absent authentication or cryptography involvement.
Incorrect. A new package import triggers a dependency audit; a database query change triggers injection zone checks. Together these require Tier 2. Tier 3 is reserved for authentication, cryptography, PII, payments, and multi-tenant isolation.