QA Interview
LLM Evaluation Interview Questions for QA
Master LLM evaluation interview questions QA engineers face, with model answers on metrics, judges, datasets, RAG, safety, reliability, and release gates.
25 min read | 3,561 words
TL;DR
Strong answers to LLM evaluation interview questions explain how to turn subjective product expectations into repeatable datasets, metrics, calibrated graders, and risk-based release gates. Treat quality, safety, latency, and cost as separate dimensions, then combine automated evidence with targeted human review.
Key Takeaways
- Frame LLM quality as a multidimensional risk model, not a single accuracy score.
- Separate deterministic checks, model-based graders, human review, and production signals by the evidence each can provide.
- Build evaluation datasets from product requirements, real traffic patterns, adversarial cases, and known failures.
- Calibrate LLM judges against blinded human labels before trusting thresholds or release gates.
- Test RAG retrieval and answer generation independently so failures are assigned to the correct layer.
- Report distributions, slices, regressions, latency, cost, and severe failures instead of hiding risk behind an average.
- Answer interview scenarios with a hypothesis, test design, decision rule, and follow-up monitoring plan.
LLM evaluation interview questions QA candidates face are designed to reveal whether they can test probabilistic systems without pretending those systems are deterministic. A strong candidate can define acceptable behavior, build representative evaluation data, select complementary graders, quantify uncertainty, and explain what evidence is sufficient for release.
Syntax matters less than judgment. Interviewers want to hear how you distinguish a retrieval defect from a generation defect, how you calibrate an LLM judge, why an average score can hide a severe slice regression, and how you make a flaky evaluation actionable. This guide provides the technical model, runnable examples, and interview-ready answers needed for an LLM quality assurance role.
TL;DR
| Evaluation layer | Best evidence | Typical release question |
|---|---|---|
| Contract and format | Schema validation, parsers, deterministic assertions | Can downstream code safely consume the output? |
| Task quality | Rubrics, reference-based metrics, model graders, human labels | Is the response useful and correct enough for this task? |
| Grounding | Claim-level support checks and citation validation | Is every material claim supported by supplied context? |
| Safety | Policy-specific adversarial sets and severity labels | Does the change create an unacceptable harmful failure? |
| Operations | Percentile latency, error rate, tokens, and cost | Can the feature meet its service and budget objectives? |
| Production | Sampled review, user signals, and drift monitoring | Does offline quality hold on live traffic? |
The interview formula is simple: define the risk, construct representative cases, choose independent evidence sources, set a decision rule before running the test, and inspect failures by slice.
1. What LLM Evaluation Interview Questions QA Teams Actually Ask
An LLM evaluation interview usually tests four capabilities. First, can you translate an ambiguous quality claim such as "helpful answer" into observable criteria? Second, can you create a dataset that represents both normal usage and dangerous edges? Third, can you implement reliable measurement across deterministic checks, model-based graders, and humans? Fourth, can you make a release recommendation under uncertainty.
These are not ordinary expected-output tests. Several responses may be acceptable, a model may answer differently across runs, and a fluent sentence may still be unsupported or unsafe. The test oracle is therefore layered. A JSON schema can establish structural validity. A policy function can prove a forbidden identifier was not returned. A rubric grader can assess whether an explanation addressed the user's goal. A human specialist may be required for a subtle medical, legal, or cultural judgment.
Senior candidates also discuss operations. They know that changing a prompt, model, retriever, tool definition, or decoding configuration can affect quality, latency, and cost at the same time. They do not promise perfect determinism. They define a sampling plan, repeated-run policy, confidence requirement, severity taxonomy, and rollback signal.
When asked an open question, organize the answer around product risk. State who can be harmed, what failure looks like, how it will be detected, and what decision follows. That structure sounds credible because it mirrors real evaluation work.
2. Build a Quality Model Before Choosing Metrics
"Accuracy" is too vague for most generative features. Start with a quality model containing dimensions that can fail independently. Common dimensions include task correctness, instruction following, relevance, completeness, groundedness, safety, style, tool-use correctness, privacy, robustness, latency, and cost. Not every product needs every dimension.
For a support assistant, correctness may mean matching approved policy, groundedness may require every eligibility claim to be supported by retrieved documents, and completeness may require a next action. For a test-case generator, quality may mean requirement coverage, executable preconditions, distinct cases, correct priorities, and no invented behavior. The rubric must define observable anchors for each level.
Use hard gates for binary contracts and severe risks. A response that leaks a secret, produces invalid JSON, or invokes an unauthorized tool should fail even if its overall quality score is high. Use scored dimensions for qualities with legitimate gradation. Keep the dimensions separate in the report before considering any weighted summary.
| Method | Strength | Weakness | Appropriate use |
|---|---|---|---|
| Exact or rule assertion | Fast and reproducible | Misses semantic equivalence | Schemas, IDs, forbidden content, tool arguments |
| Reference metric | Scalable for bounded tasks | A single reference may be incomplete | Extraction, classification, short factual answers |
| LLM judge | Handles semantic rubrics | Can be biased and inconsistent | Relevance, completeness, groundedness triage |
| Human review | Best contextual judgment | Slow and costly | Calibration, high-risk cases, ambiguous failures |
| Production signal | Reflects real behavior | Often delayed or confounded | Drift, adoption, escalation, long-term outcomes |
The candidate who says "I would use an LLM judge" has only named a tool. The stronger answer defines what the judge sees, the rubric it applies, how it is calibrated, and which decisions still require humans.
3. Design an Evaluation Dataset That Represents Risk
An evaluation is only as useful as its cases. Begin with product requirements and user journeys, then add anonymized production patterns, support tickets, known defects, domain expert examples, and adversarial transformations. Each record should have a stable ID, input, relevant context, expected properties, risk tags, and provenance. Store sensitive source data under the same controls as production data.
Create slices before looking at results. Useful slices include intent, language, input length, user segment, document type, tool path, safety category, ambiguity, and business criticality. If a new model improves common English questions but regresses short non-English inputs, a single mean can conceal the problem. Minimum slice sizes and severity rules should be agreed in advance.
Avoid turning the suite into a museum of easy examples. Include positive cases, boundary cases, malformed input, conflicting instructions, missing context, prompt injection, stale documents, long context, near-duplicate entities, and cases where abstention is the correct response. Preserve every confirmed production escape as a regression case, but periodically remove duplicates and outdated expectations.
Keep a locked holdout set for unbiased comparisons. Engineers can use a development set while tuning prompts, but repeated tuning against the release set leaks information and inflates results. Version the dataset, rubric, grader prompt, judge model, and application configuration together. That lineage lets a reviewer reproduce why build B passed while build A failed.
4. Use Deterministic Tests as the First Evaluation Layer
Probabilistic output does not eliminate deterministic testing. It makes deterministic contracts more valuable. Validate response status, schema, required fields, allowed enum values, length limits, citation identifiers, tool names, tool arguments, blocked terms, and data-loss-prevention rules before invoking an expensive semantic grader.
The following pytest example tests a JSON-producing application while allowing its generation function to be replaced by a real client. It uses standard Python and pytest APIs, so the oracle stays stable even when the model changes.
from collections.abc import Callable
import pytest
def validate_triage(result: dict) -> None:
assert set(result) == {"category", "priority", "reason"}
assert result["category"] in {"billing", "bug", "account", "other"}
assert result["priority"] in {"low", "medium", "high"}
assert isinstance(result["reason"], str)
assert 10 <= len(result["reason"]) <= 240
@pytest.mark.parametrize("ticket", [
"I was charged twice for order A-1042",
"Password reset email never arrived",
"The export button returns a 500 error",
])
def test_triage_contract(
ticket: str,
generate_triage: Callable[[str], dict],
) -> None:
result = generate_triage(ticket)
validate_triage(result)
The fixture can call a hosted model, a local model, or a recorded stub. Contract tests should run on every change. Live semantic evaluations can run on a scheduled or release workflow, with credentials and budget controls.
Do not assert prose equality unless the product truly requires one canonical string. Assert invariant facts and structural contracts instead. If an answer must mention a cancellation window of 30 days, parse or grade that claim explicitly rather than comparing the full paragraph.
5. Calibrate LLM-as-a-Judge Evaluations
An LLM judge is another measurement instrument, not ground truth. Give it a narrow rubric with defined score anchors, the user input, necessary context, and the candidate output. Exclude irrelevant metadata such as which model produced the answer, because that can create brand or position bias. Ask for structured fields including score, reason, and evidence spans.
Calibration starts with a blinded set labeled independently by domain experts. Measure agreement between the judge and adjudicated human labels. For categorical decisions, inspect a confusion matrix and per-class precision and recall. For ordinal scores, inspect exact and adjacent agreement. More importantly, review disagreement clusters. A judge that frequently approves unsupported high-severity claims is unsuitable even if its total agreement looks acceptable.
Reduce position bias by randomizing answer order in pairwise comparisons and repeating a sample with positions swapped. Test self-preference by ensuring the judge does not know which provider or model generated the answer. Use multiple rubric examples only if they clarify boundaries, and keep them stable across candidate comparisons.
Judge nondeterminism requires policy. You may run one pass for low-risk triage, majority vote for borderline cases, and mandatory human review for severe categories. Never silently rerun only failed candidates until they pass. That changes the decision rule after seeing the outcome. Record the judge model identifier, prompt version, raw judgment, and parse errors for auditability.
For a practical implementation pattern, see measuring RAG faithfulness and relevancy, which separates claim support from answer focus.
6. Evaluate RAG, Agents, and Tool Use by Component
A retrieval-augmented system has at least two quality boundaries: retrieval and generation. Evaluate retrieval with labeled relevant documents or passages using measures such as recall at k, precision at k, reciprocal rank, and rank-sensitive gain where appropriate. Evaluate generation for faithfulness to retrieved evidence, answer relevance, completeness, citation correctness, and appropriate abstention.
Failure attribution matters. If the required policy paragraph never reached the model, calling the response a hallucination is incomplete diagnosis. The retriever, filters, query transformation, index freshness, or permissions layer may be responsible. If the correct paragraph was retrieved but the answer contradicted it, the generation or prompt layer is implicated.
Agentic systems add state transitions. Test tool selection, argument schema, authorization, idempotency, retries, timeouts, and final-answer consistency with tool results. A tool call can be syntactically valid but semantically dangerous, such as refunding the wrong order. Build simulated tools that return controlled successes, failures, slow responses, and adversarial data. Assert the sequence and side-effect policy, not private chain-of-thought.
Prompt injection tests should include instructions inside retrieved documents, tool output, filenames, and markup. The expected result may be refusal, safe summarization, or ignoring the injected command, depending on product policy. Verify that untrusted content cannot change system authority or exfiltrate hidden data.
7. Measure Variability, Regression, and Statistical Confidence
One run per case can miss instability. Choose repetition based on temperature, model behavior, business risk, and test cost. Track pass rate per case across runs, not just a pooled total. A case that passes half the time is operationally different from two separate cases that each pass consistently.
Use paired comparisons when evaluating a candidate against a baseline on the same dataset. Report wins, ties, losses, and severe regressions by slice. Bootstrap confidence intervals or an appropriate paired statistical test can describe uncertainty, but statistical significance is not the release policy. A small, reliable improvement may have no practical value, while one newly introduced privacy leak is release-blocking.
Define thresholds before execution. An example policy might require no critical safety failures, no priority slice dropping more than an agreed tolerance, schema validity above a target, and total cost within a budget. The actual values must come from product risk and observed measurement noise, not copied from another company.
Control sources of variation where possible. Pin model and application versions, preserve the full prompt, record retrieval results, and isolate evaluation concurrency from production traffic. Do not assume a seed makes every hosted inference bit-for-bit reproducible. Treat it as a control that may improve repeatability only where the provider documents support.
8. Prepare for LLM Evaluation Interview Questions QA Scenarios
Scenario questions reward a disciplined sequence. Start by restating the user outcome and the unacceptable failure. Name the system boundary and changes under test. Define a representative dataset and slices. Choose a layered oracle. State the release rule. Finish with production monitoring and a feedback loop.
Suppose the interviewer says, "The new prompt raises the judge score by five points. Do you ship?" Do not answer yes or no immediately. Ask whether the score change exceeds measurement noise, whether the same judge and rubric were used, whether the dataset was a holdout, and whether any critical slices regressed. Compare latency, cost, refusal behavior, and safety. Inspect a sample of changed cases and judge disagreements. Then make a conditional recommendation.
For "How would you test a chatbot with no single correct answer?" explain that correctness is only one dimension. Define user-intent rubrics, invariant facts, groundedness, safety, and conversation constraints. Use multiple acceptable references where available, model grading calibrated to humans, and targeted expert review. Validate the entire interaction, including memory boundaries and tool side effects.
Practice speaking in decisions, not tool lists. "I would use Ragas, promptfoo, and pytest" is weak without a rationale. "I would use deterministic pytest checks for contracts, a calibrated claim-support grader for semantic risk, and human review on critical disagreements" explains the evidence design.
9. Include Latency, Cost, Privacy, and Observability
Quality that misses the service-level objective is not production quality. Measure end-to-end latency as well as time to first token for streaming experiences. Report percentiles by input size, output size, model, route, region, and tool path. Record failures and rate-limit responses separately so successful-request latency does not hide reliability.
Cost evaluation should use actual input and output token counts plus the current price configuration maintained by the team. Never hardcode prices inside a test article or long-lived assertion. Prices and billing categories change. Use a versioned rate card, include cached or reasoning token categories when applicable, and report cost per successful task as well as per request.
The runnable measurement pattern in measuring LLM latency and cost in tests keeps rates configurable and preserves raw observations.
Privacy is a test dimension and an evaluation-data constraint. Remove or tokenize personal data before sending cases to external graders unless the approved architecture explicitly permits it. Confirm retention settings, regional requirements, access controls, and vendor contracts with the responsible security and legal teams. A local model can reduce data movement, but it does not automatically secure logs, caches, prompts, or model access. See the local LLM setup for private test data for a practical containment workflow.
Observability completes the loop. Capture correlation IDs, configuration versions, token usage, retrieval IDs, tool outcomes, grader results, and user-visible errors without logging secrets. Offline evaluation predicts risk. Production monitoring tells you whether the prediction holds under real distributions.
10. Present Results and Make a Release Decision
An evaluation report should lead with the decision and evidence. State the candidate and baseline versions, dataset version, run date, environment, grader versions, and predefined policy. Show critical gates first, then dimension scores, uncertainty, slice regressions, operational measures, and representative failures.
Avoid a single dashboard number that mixes unrelated risks. A weighted score can help ranking, but it must not let strong style compensate for a privacy violation. Maintain explicit noncompensable gates. Link every aggregate back to case-level evidence so developers can reproduce and fix failures.
A useful failure record includes case ID, slice tags, input or a safe redaction, retrieved context IDs, actual response, expected properties, grader output, severity, suspected component, and owner. Cluster similar failures to avoid filing one ticket per wording variation. Track whether the fix belongs in data, retrieval, prompt, model choice, tool policy, or UI.
When evidence is mixed, say so. Recommend ship, hold, limited rollout, or experiment, then specify the guardrail. A limited rollout might include a small eligible cohort, enhanced sampling, an automatic fallback, and a rollback threshold. QA leadership is not the performance of certainty. It is making risk visible and attaching a controlled action to the available evidence.
Interview Questions and Answers
Q: How is LLM testing different from testing a deterministic API?
A deterministic API usually permits an exact expected result for a fixed request and state. An LLM can produce several acceptable answers and vary across repeated calls, so I define invariant contracts plus rubric-based qualities. I also measure distributions and per-case stability rather than treating one run as proof. The release decision combines deterministic gates, calibrated semantic evaluation, and targeted human judgment.
Q: How would you evaluate a summarization feature?
I would define factual consistency, required-point coverage, relevance, conciseness, style, safety, and latency. The dataset would vary document type, length, structure, ambiguity, and sensitive content. I would use deterministic checks for format and length, claim-level support grading against the source, a coverage rubric, and blinded human calibration. Unsupported high-severity claims would be a hard gate.
Q: What makes a good golden dataset?
A good dataset is representative, risk-weighted, versioned, and traceable to a requirement or observed behavior. It contains common cases, boundaries, adversarial inputs, correct abstentions, and historical escapes. Labels have clear guidelines and adjudication, while slices expose subgroup behavior. I keep a tuning set separate from a locked release holdout.
Q: When would you use an LLM as a judge?
I use it when the criterion is semantic and deterministic rules would be too brittle, such as response relevance or claim support. I first define score anchors and calibrate the judge against blinded expert labels. I inspect severe false approvals, position bias, and repeatability. The judge can automate triage, but high-risk disagreements still go to humans.
Q: How do you test hallucinations?
I avoid using hallucination as one vague label. For grounded tasks, I decompose the answer into verifiable claims and check whether each material claim is supported by the supplied context. I separately test retrieval coverage and citation validity. Unsupported claims receive severity based on user impact, and cases with insufficient evidence should trigger an approved abstention.
Q: How do you set an evaluation threshold?
I derive it from product risk, baseline performance, measurement noise, and the cost of false acceptance versus false rejection. I set hard gates for severe safety, privacy, and contract failures. For scored dimensions, I use validation data and human-reviewed boundary cases, then define slice-level non-regression rules. I document the threshold before comparing the candidate.
Q: What would you do if human reviewers disagree?
I would verify that the rubric has observable anchors and that reviewers received the same evidence. Reviewers should label independently before discussing differences. A domain owner adjudicates ambiguous cases, and the reason updates the guideline or example set. Persistent disagreement signals that the criterion may be too subjective for a strict automated gate.
Q: How do you detect prompt regressions?
I run baseline and candidate prompts on the same versioned cases with the same surrounding configuration. I compare paired outcomes, critical failures, slices, variability, latency, and token use. I manually inspect changed cases and judge disagreements rather than trusting only the aggregate. Confirmed escapes become permanent regression cases.
Q: How would you test a RAG assistant?
I evaluate retrieval and generation separately. Retrieval needs relevance labels and rank-aware measures, while generation needs faithfulness to context, answer relevance, completeness, citation correctness, and abstention. I preserve retrieved passages in the result so every failure can be attributed. I also test access control, stale indexes, prompt injection in documents, and conflicting sources.
Q: How do you control flaky LLM evaluations?
I identify whether variation comes from the application model, retriever, judge, network, or test environment. I pin versions, record full inputs and outputs, repeat a justified sample, and measure case-level pass rates. Borderline scores can use a predefined review or voting policy. I never add retries that quietly turn failures into passes.
Q: How do you evaluate an agent that calls tools?
I use simulated tools with controlled responses and assert allowed tool choice, validated arguments, authorization, sequencing, idempotency, and side effects. I test tool errors, timeouts, conflicting results, and malicious tool output. The final answer must agree with the observed tool result. I do not require or inspect private reasoning tokens.
Q: What metrics would you put on an LLM release dashboard?
I would show hard-gate failures, task-success dimensions, severe error counts, slice deltas, judge-human calibration, and case-level stability. Operational panels would include success rate, latency percentiles, input and output tokens, and cost per successful task. Production panels would show drift, fallbacks, escalations, and sampled review. Every metric would link to a versioned definition.
Common Mistakes
- Treating one model-generated score as objective truth. Calibrate the instrument and preserve disagreement evidence.
- Optimizing a public benchmark while ignoring the product's real intents, constraints, and severe failure modes.
- Reporting only averages. Always inspect priority slices, tails, and counts of critical failures.
- Using exact text comparison for open-ended prose. Assert invariants and grade semantics with an explicit rubric.
- Mixing retrieval and generation failures. Capture intermediate evidence and assign defects to the responsible layer.
- Tuning on the release holdout. Separate development data from unbiased comparison data.
- Retrying failed evaluations until they pass. Define repetitions and aggregation before the run.
- Hardcoding vendor prices or assuming one token category. Read rates from reviewed configuration.
- Sending private production conversations to a grader without approved data handling.
- Naming tools without explaining the decision rule, calibration, and failure workflow.
Conclusion
The best answers to LLM evaluation interview questions QA teams ask connect product risk to measurable evidence. Define a multidimensional quality model, build a representative and versioned dataset, combine deterministic assertions with calibrated semantic graders, analyze paired results by slice, and keep severe failures outside any compensating average.
Prepare by taking one real generative feature and writing its risk model, dataset schema, grader rubric, release policy, and production signals. If you can defend those choices and explain how you would investigate disagreement, you will sound ready to own LLM quality rather than merely run an evaluation tool.
Interview Questions and Answers
How would you create an LLM evaluation strategy from scratch?
I would begin with users, decisions, and unacceptable failures, then translate them into independent quality dimensions. I would create representative and adversarial cases with slice tags, define deterministic and semantic oracles, calibrate graders against humans, and set release rules before executing. Finally, I would monitor the same risks in production and add confirmed escapes to regression data.
Why is exact-match accuracy often unsuitable for LLM responses?
Several phrasings can be equally correct, so exact match creates false failures and rewards imitation of one reference. I use exact checks for truly canonical facts or fields, then use set comparison, claim checks, or a rubric for semantic equivalence. The oracle should match the actual product contract.
How do you validate an LLM judge?
I compare blinded judge decisions with independently labeled and adjudicated human examples. I inspect confusion by class, severe false approvals, repeatability, position effects, and performance by slice. I approve the judge only for the decisions its validation evidence supports.
How would you test a response when no reference answer exists?
I would define observable rubric criteria such as relevance, required coverage, factual support, and safe behavior. I would combine invariant checks with a calibrated model grader and human review on a representative sample. For grounded systems, the supplied context can serve as evidence even without a polished reference answer.
What is the role of human evaluation?
Humans define policy, label calibration data, adjudicate ambiguity, and review high-risk or novel failures. They should follow a written rubric, label independently, and record reasons. Automation then scales the portions shown to correlate with that reviewed standard.
How do you evaluate model nondeterminism?
I run a justified number of repetitions, preserve raw outcomes, and calculate per-case stability plus distribution-level results. I control versions and retrieval evidence, then separate model variation from judge or infrastructure variation. Release rules state in advance how repeated outcomes are aggregated.
How do you evaluate RAG faithfulness?
I split the response into material claims and determine whether each claim is supported by the retrieved context. I report weighted or unweighted support and preserve evidence passages for audit. I separately measure retrieval coverage because missing evidence is not the same failure as ignoring available evidence.
How would you test prompt injection in a RAG system?
I place adversarial instructions in documents, metadata, markup, and tool output, then verify that they cannot override system authority or expose protected data. Cases cover direct, encoded, multilingual, and indirect instructions. I also verify access controls and safe handling of untrusted content outside the model.
What should block an LLM release?
The policy should name critical failures such as privacy leakage, unsafe action, unauthorized tool use, or a severe priority-slice regression. These remain hard gates and cannot be offset by better style scores. Lower-severity dimensions can use agreed thresholds and uncertainty-aware comparisons.
How do you compare two prompts fairly?
I run both on the same versioned cases under equivalent model and system settings, preferably with a locked holdout. I use paired outcomes, randomize presentation to human or model judges, and inspect wins, ties, losses, slices, latency, and cost. I preserve every changed case for diagnosis.
How do you reduce bias in pairwise LLM grading?
I hide model identity, randomize answer order, and repeat a sample with positions swapped. I use a clear rubric and permit ties rather than forcing a preference. Human calibration focuses on disagreement patterns and whether the judge favors length, style, or its own model family.
What would you log during an evaluation run?
I log case and configuration versions, safe inputs, outputs, retrieval references, tool results, latency, token usage, deterministic assertions, raw grader results, and errors. Secrets and unnecessary personal data are redacted. The record must reproduce a decision without creating a new privacy risk.
How do you handle conflicting evaluation metrics?
I return to the risk model and keep dimensions separate. Hard safety or contract failures take precedence, while tradeoffs among usefulness, latency, and cost follow the documented product policy. I inspect the cases causing conflict and recommend ship, hold, or limited rollout with explicit guardrails.
How would you explain an LLM evaluation failure to developers?
I provide a reproducible case, the exact configuration, retrieved evidence or tool trace, expected property, actual behavior, grader rationale, and severity. I state the likely failing component without overstating certainty. Similar failures are clustered so the team can fix a system pattern rather than chase wording variants.
Frequently Asked Questions
What should a QA engineer know about LLM evaluation for an interview?
Know how to define quality dimensions, build representative datasets, combine deterministic and semantic graders, calibrate an LLM judge, and set risk-based release gates. You should also explain RAG evaluation, safety testing, variability, latency, cost, and production monitoring.
Can LLM outputs be tested automatically?
Yes. Schemas, tool arguments, citations, forbidden data, and other invariants can be tested deterministically, while semantic qualities can use calibrated rubric graders. Human review remains important for calibration, ambiguity, and high-risk decisions.
What is an LLM-as-a-judge evaluator?
It is a language model prompted to score or classify another model's response using a defined rubric. It is scalable but not ground truth, so teams should test its agreement, bias, consistency, and severe error patterns against blinded human labels.
How many times should an LLM test be repeated?
There is no universal count. Choose repetitions from observed variance, temperature, business risk, and budget, then define the aggregation rule before execution. Track stability per case because a pooled pass rate can conceal intermittent failures.
What is the difference between faithfulness and answer relevancy?
Faithfulness asks whether claims in the answer are supported by the provided context. Answer relevancy asks whether the response directly addresses the user's question. An answer can be relevant but unsupported, or faithful to irrelevant context.
How do you prevent evaluation data leakage?
Keep a separate tuning set and locked holdout, restrict access, version both datasets, and record every run. Do not repeatedly inspect and tune against the holdout, and avoid placing private evaluation cases in prompts, logs, or repositories without approved controls.
Which LLM evaluation metrics matter most for QA?
The right metrics depend on the task. Common dimensions include correctness, instruction following, relevance, groundedness, completeness, safety, tool correctness, latency, and cost, with critical privacy or safety failures handled as hard gates.
Related Guides
- AI QA Engineer Interview Questions for 3 Years Experience
- AI QA Engineer Interview Questions for 2 Years Experience
- AI QA Engineer Interview Questions for 5 Years Experience
- CI/CD Interview Questions for QA Engineers
- Postman Interview Questions and Answers for QA
- SQL Interview Questions for QA and Testers (2026)