Capstone and certification · Module 2

Peer review and certification readiness

Before receiving your certification, you will review another learner's project and receive feedback on yours.

45 min 3 outcomes Capstone and certification

Previously

Capstone project build and evidence pack

Your capstone project is to design, build, and document a complete AI agent system that solves a real-world problem.

This module

Peer review and certification readiness

Before receiving your certification, you will review another learner's project and receive feedback on yours.

Next

Architecture challenge simulation

Before your final assessment, test your architectural decision-making skills with this professional simulation game.

Why this matters

Giving Feedback: Clone their repository Run their agent locally Review their documentation Test edge cases Provide constructive feedback using this template: ## Peer Review: [Project Name] ### What.

What you will be able to do

  • 1 Review a peer project using explicit security and quality criteria
  • 2 Respond to feedback with concrete, testable improvements
  • 3 Prepare for final certification questions across all stages

Before you begin

  • Completion of earlier levels in this track
  • Ability to explain design decisions to non-technical stakeholders

Common ways people get this wrong

  • State one failure mode and one mitigation before you move on.

6.2.1 Peer Review Process

6.2.1 Peer Review Process

Before receiving your certification, you will review another learner's project and receive feedback on yours.

Giving Feedback:

  1. Clone their repository

  2. Run their agent locally

  3. Review their documentation

  4. Test edge cases

  5. Provide constructive feedback using this template:

## Peer Review: [Project Name]

### What Works Well
- [Specific positive observations]

### Suggestions for Improvement
- [Constructive feedback with specific recommendations]

### Security Review
- [ ] Input validation present
- [ ] Output sanitisation present
- [ ] Appropriate access controls
- [ ] Audit logging implemented
- [ ] Secrets properly managed

### Documentation Review
- [ ] Clear setup instructions
- [ ] Architecture diagram included
- [ ] Limitations acknowledged
- [ ] Examples provided

### Overall Assessment
[Summary of your review]

Receiving Feedback:

  • Read feedback with an open mind

  • Ask clarifying questions if needed

  • Implement improvements where appropriate

  • Respond professionally to all feedback

6.2.2 Final Stage Assessment

After completing your capstone, take this practice assessment to test your knowledge. The timed stage assessments use the live published bank, so the exact question count is shown when the session starts.

6.2.3 Certification Details

Upon successful completion, you will receive:

Check yourself

Practice Assessment - Part 1 (Foundations and Core Concepts)

0 of 5 opened

What is the key difference between an LLM and an AI Agent?
  1. LLMs are always larger than agents
  2. Agents can perceive, reason, and take actions using tools
  3. LLMs cannot understand natural language
  4. Agents do not use language models

Correct answer: Agents can perceive, reason, and take actions using tools

AI Agents extend LLMs by adding the ability to perceive their environment, reason about goals, and take actions using tools. LLMs alone can only generate text.

What does the Observation step in ReAct provide?
  1. The user's original question
  2. The system prompt
  3. The result of a tool action fed back to reasoning
  4. The final answer

Correct answer: The result of a tool action fed back to reasoning

The Observation step provides the result of a tool action back to the agent's reasoning process. This grounds the agent's reasoning in real information.

What is a context window limitation?
  1. A visual element in the UI
  2. The maximum text an LLM can process at once
  3. A security restriction
  4. A rate limit

Correct answer: The maximum text an LLM can process at once

The context window is the maximum amount of text an LLM can process at once. Information beyond this limit is simply not seen by the model.

When should you use the Plan-and-Execute pattern instead of ReAct?
  1. For single-step tasks
  2. For complex multi-step tasks with clear goals
  3. When you do not have tools
  4. Only for debugging

Correct answer: For complex multi-step tasks with clear goals

Plan-and-Execute works best for complex multi-step tasks. The agent creates an upfront plan, then executes steps sequentially, which is more reliable for coordinated actions.

What is a vector database used for in agents?
  1. Storing user credentials
  2. Semantic search by meaning
  3. Managing rate limits
  4. Logging errors

Correct answer: Semantic search by meaning

Vector databases enable semantic search - finding things by meaning rather than keywords. Similar items have similar vectors, enabling retrieval of relevant information.

Practice Assessment - Part 2 (Security and Ethics)

0 of 5 opened

Why cannot prompt injection be fully prevented according to NCSC?
  1. Security researchers have not tried hard enough
  2. LLMs cannot distinguish between instructions and data
  3. It requires too much computing power
  4. Only applies to open-source models

Correct answer: LLMs cannot distinguish between instructions and data

The UK NCSC explains that LLMs fundamentally cannot distinguish between developer instructions and user input. Everything is concatenated into one prompt with no security boundary.

What is indirect prompt injection?
  1. The user directly inputs malicious commands
  2. Malicious instructions hidden in content the agent processes
  3. A type of SQL injection
  4. Injection that happens slowly over time

Correct answer: Malicious instructions hidden in content the agent processes

Indirect prompt injection is when malicious instructions are hidden in content the AI processes (emails, documents, websites), not in the user's direct input.

What is the principle of least privilege?
  1. Users should have no permissions
  2. Agents should only access the minimum tools and data required
  3. All actions need admin approval
  4. Permissions should never be granted

Correct answer: Agents should only access the minimum tools and data required

Least privilege means giving agents only the minimum access they need to complete their task. This limits potential damage if the agent is compromised.

When is human-in-the-loop approval most critical?
  1. For all agent actions
  2. Only for low-risk information retrieval
  3. For high-risk actions like financial transactions
  4. Never, as it slows everything down

Correct answer: For high-risk actions like financial transactions

Human oversight is most critical for high-risk actions such as financial transactions, sending communications on behalf of users, or system modifications.

What must high-risk AI systems provide under the EU AI Act?
  1. Open source code
  2. Conformity assessments, human oversight, and transparency
  3. Free access for all users
  4. Real-time government monitoring

Correct answer: Conformity assessments, human oversight, and transparency

The EU AI Act requires high-risk AI systems to provide conformity assessments, human oversight mechanisms, and transparency documentation.

Practice Assessment - Part 3 (Practical and Advanced)

0 of 5 opened

What protocol does MCP use for communication?
  1. REST
  2. GraphQL
  3. JSON-RPC 2.0
  4. WebSocket only

Correct answer: JSON-RPC 2.0

MCP uses JSON-RPC 2.0 for communication between clients and servers, with transport details defined by the current specification.

What is the main advantage of LoRA for fine-tuning?
  1. Better model accuracy
  2. Dramatically reduced memory and compute requirements
  3. Faster inference speed
  4. Larger context windows

Correct answer: Dramatically reduced memory and compute requirements

LoRA adds small trainable matrices while keeping the base model frozen. This reduces trainable parameters by 10x or more, making fine-tuning feasible on consumer hardware.

What is critical for multi-tenant agent systems?
  1. Using the biggest possible model
  2. Complete data isolation between tenants
  3. Sharing all resources for efficiency
  4. Having a single database

Correct answer: Complete data isolation between tenants

In multi-tenant systems, each customer's data must be completely isolated. One tenant should never access another's data.

What is exponential backoff used for?
  1. Compressing data
  2. Increasing wait time between retry attempts
  3. Encrypting communications
  4. Measuring performance

Correct answer: Increasing wait time between retry attempts

Exponential backoff means increasing the wait time between retry attempts (e.g., 1s, 2s, 4s, 8s). This prevents overwhelming services during outages.

What is the Supervisor pattern in multi-agent systems?
  1. One agent watches for security threats
  2. A central agent routes requests to specialised sub-agents
  3. All agents report to a human supervisor
  4. The largest model supervises smaller ones

Correct answer: A central agent routes requests to specialised sub-agents

In the Supervisor pattern, a central supervisor agent receives requests and routes them to specialised sub-agents based on the task type, then synthesises their responses.

Artefact and reflection

Artefact

Peer review record

Reflection

Where in your work would review a peer project using explicit security and quality criteria change a decision, and what evidence would make you trust that change?

Optional practice

Run another project locally and test real edge cases

Back to AI Agents