Bob's AI Fundamentals Platform

Question 1

A company deploys an AI-powered customer support chatbot that can access internal company documents. What is the MOST important reason to apply access controls to the chatbot?

A) To improve response speed B) To reduce training costs C) To prevent unauthorized access to sensitive information D) To increase model accuracy

Question 2

An employee uploads confidential customer information into a public AI tool without approval. Which security concern is MOST relevant?

A) Data exposure B) Model drift C) Feature engineering D) Hyperparameter tuning

Question 3

An organization wants to reduce the risk of unauthorized users accessing AI systems. Which security practice would be MOST effective?

A) Increasing model size B) Implementing strong authentication C) Increasing storage capacity D) Expanding training datasets

Question 4

A security team is reviewing who has access to an AI application and removing unnecessary permissions. Which security principle are they applying?

A) Data minimization B) Explainability C) Least privilege D) Availability

Question 5

An AI model is used to process sensitive healthcare information. Which security objective is MOST important?

A) Protecting the confidentiality of patient data B) Increasing model complexity C) Improving training speed D) Expanding data storage

Question 6

An organization discovers that attackers are attempting to manipulate prompts submitted to an AI assistant. What type of AI-specific threat is being attempted?

A) Data backup B) Prompt injection C) Data archiving D) Network segmentation

Question 7

A company maintains a list of identified AI risks, risk owners, and mitigation plans. What is this document commonly called?

A) Model card B) Security dashboard C) Data catalog D) Risk register

Question 8

Why is continuous monitoring important for AI systems?

A) AI risks and system behavior can change over time B) It guarantees compliance with all regulations C) It eliminates the need for governance D) It prevents all security incidents

Question 9

A security team wants to identify potential threats before an AI system is deployed. Which activity should they perform?

A) Model retraining B) Threat modeling C) Data visualization D) Feature selection

Question 10

An organization uses a centralized vault to store API keys and service credentials used by AI applications. What security capability is being implemented?

A) Data labeling B) Model validation C) Secrets management D) Feature engineering

Question 11

A company uses a third-party AI service to process customer requests. What is the MOST important security activity before adopting the service?

A) Increasing model accuracy B) Vendor risk assessment C) Expanding storage capacity D) Reducing response times

Question 12

An attacker repeatedly submits requests to a deployed AI model in an attempt to understand how it works. Which attack technique is MOST likely being used?

A) Model extraction B) Data retention C) Data classification D) Explainability testing

Question 13

A security team discovers that an AI model is using outdated permissions that allow unnecessary database access. What action should be taken FIRST?

A) Increase storage capacity B) Retrain the model C) Review and reduce permissions D) Disable monitoring

Question 14

A company digitally signs model artifacts before deployment. What risk is this control primarily designed to reduce?

A) Unauthorized modification of models B) Data quality issues C) Infrastructure costs D) Model drift

Question 15

An organization wants to reduce the impact of a compromised user account. Which security control would be MOST effective?

A) Larger training datasets B) Multi-factor authentication C) Faster processors D) More storage

Question 16

A model begins producing less accurate results because customer behavior has changed significantly since training. Which risk is MOST likely occurring?

A) Supply chain compromise B) Prompt injection C) Model drift D) Credential theft

Question 17

Why is network segmentation valuable for AI environments?

A) It isolates systems and limits attacker movement B) It improves explainability C) It eliminates bias D) It increases model size

Question 18

An AI system relies on an open-source library that later receives a critical security vulnerability disclosure. What category of risk does this BEST represent?

A) Ethical risk B) Compliance risk C) Operational risk D) Supply chain risk

Question 19

A security team reviews logs showing who accessed an AI model, when access occurred, and what actions were performed. What security objective does this MOST directly support?

A) Accountability B) Hyperparameter tuning C) Data labeling D) Model optimization

Question 20

An organization discovers a high-risk vulnerability affecting a production AI application. What should determine the urgency of remediation?

A) The age of the model B) The likelihood and potential impact of exploitation C) The number of developers involved D) The size of the training dataset

Question 21

A financial services company uses a third-party foundation model to assist with customer interactions. During a security review, the organization realizes it has limited visibility into how the model was trained and governed. What is the MOST significant security concern?

A) Model accuracy B) Supply chain and vendor risk C) Network latency D) Data storage costs

Question 22

A threat modeling exercise identifies that an attacker could manipulate prompts to bypass system safeguards and retrieve sensitive information. What should be the organization's FIRST priority?

A) Increase model size B) Improve explainability documentation C) Implement controls to reduce prompt injection risk D) Expand training datasets

Question 23

An organization discovers that multiple AI systems have been deployed without documented ownership or accountability. Which governance risk is MOST likely?

A) Increased transparency B) Reduced operational costs C) Improved compliance readiness D) Inability to manage and respond to security incidents effectively

Question 24

A company maintains AI risk registers, performs threat modeling, reviews vendor security controls, and continuously monitors production systems. Which security approach is being demonstrated?

A) Defense-in-depth B) Reactive incident management C) Risk-based AI security governance D) Infrastructure optimization

Question 25

A board of directors receives reports showing increased prompt injection attempts, unresolved vendor security findings, and growing model risk exposure. What is the MOST appropriate action for leadership?

A) Ignore the findings until an incident occurs B) Focus only on improving model accuracy C) Delegate all responsibility to technical teams D) Review risk treatment plans and ensure appropriate governance actions are taken

AI Security Quiz