CY0-001 Practice Questions: Basic AI concepts related to cybersecurity Domain

Correct answer (A): Embeddings are vector representations that can preserve sensitive semantic information from the source data. A vector database built from restricted incident reports should be protected with appropriate access controls, retention limits, and data minimization even if it does not store the original raw text.

Why the other options are wrong:
- Option B: This is a common misconception. Even without exact sentences, embeddings may still encode sensitive semantic information.
- Option C: Semantic search can be useful for incident response. The problem is the access and retention of sensitive derived data.
- Option D: Embeddings do not replace all source documents, and the stem does not indicate a need to retrain a model.

Correct answer (B): The retrieved document contains instructions aimed at the AI assistant rather than the human reader. In a RAG workflow, malicious instructions embedded in retrieved content can attempt to override the model's intended behavior, which is indirect prompt injection.

Why the other options are wrong:
- Option A: Data poisoning affects training, fine-tuning, or feedback data. The stem shows malicious content being retrieved at inference time, not corruption of the training set.
- Option C: Membership inference attempts to determine whether a record was included in training. The scenario involves manipulating model behavior through context.
- Option D: Model drift is performance degradation due to changing conditions. The artifact shows a malicious instruction, not a gradual model behavior shift.

Correct answer (B): AI agents that can take high-impact actions should have explicit permission boundaries, audit logging, and human approval before disruptive operations. Allowing lower-risk actions while gating endpoint isolation balances safety and operational value.

Why the other options are wrong:
- Option A: Faster response is attractive, but full autonomy for disruptive actions increases the risk of unsafe containment based on an incorrect AI decision.
- Option C: Disabling all alert queries is unnecessarily restrictive and does not address the specific risk of high-impact actions.
- Option D: Content filtering can reduce unsafe text outputs, but it is not a substitute for authorization, permission boundaries, or human approval.

Correct answer (A): The scenario indicates possible poisoning of fine-tuning data: attacker-influenced labels appear to have changed model behavior for a malicious domain. The best next step is to investigate the origin and integrity of the labeled data and quarantine suspect records before further model use or tuning.

Why the other options are wrong:
- Option B: Temperature affects generation variability in some AI systems, but it does not address poisoned labels or training data integrity.
- Option C: Model drift can occur over time, but the evidence points to a suspicious labeled batch tied to a specific attacker-controlled domain.
- Option D: Manual review may be needed temporarily, but deleting all reports is excessive and destroys potentially useful evidence for root cause analysis.

Correct answer (B): Membership inference attempts to determine whether a specific record was included in a model's training data. This can expose sensitive participation or event information even if the model does not directly print the original ticket.

Why the other options are wrong:
- Option A: Prompt injection requires instructions that manipulate model behavior. The stem describes inferring whether a record was in the training set.
- Option C: Model drift is performance degradation due to changing data or environments. It does not describe inferring training participation.
- Option D: Data poisoning involves manipulating data used for training or updates. The scenario is about privacy inference from model queries.

Correct answer (C): Running inference means using an already trained model to produce outputs for new inputs. In this scenario, the approved model is only scoring new alerts and its parameters are not being updated, so this is inference rather than training or fine-tuning.

Why the other options are wrong:
- Option A: Fine-tuning would adapt an existing model using additional task-specific or organization-specific data. The stem states the parameters are not changed.
- Option B: Training would create or update model parameters from a dataset. The model already exists and is only being used for scoring.
- Option D: Data poisoning is a malicious integrity attack against training, fine-tuning, feedback, or retrieval data. The stem describes normal scoring, not tampering.

Correct answer (B): Embeddings are not plain text, but they can still expose sensitive semantic information or enable retrieval of sensitive source content. Vector databases should be protected with access controls, retention limits, and data minimization appropriate to the sensitivity of the indexed material.

Why the other options are wrong:
- Option A: This is a common misconception. Embeddings may not be human-readable, but they can still carry sensitive meaning and support sensitive retrieval.
- Option C: Only allowing model use is not a sufficient protection. Unauthorized access to vectors or retrieval results can still create confidentiality risk.
- Option D: Training a model does not inherently improve privacy and may create additional exposure if sensitive data is incorporated into model behavior.

Correct answer (B): AI-generated SOC analysis can hallucinate or overstate conclusions. Before taking a high-impact containment action, the analyst should validate the claim using logs, detections, artifacts, and other trusted evidence.

Why the other options are wrong:
- Option A: AI output is not definitive by itself. Acting without validation can create unnecessary business disruption.
- Option C: A lack of citations is a reason to investigate, not to dismiss the alert without reviewing evidence.
- Option D: Fine-tuning is not the immediate response to a potentially urgent alert and does not validate the current claim.

Correct answer (A): AI-generated security summaries are probabilistic and can hallucinate unsupported claims. Important incident details should be validated against primary evidence such as logs, telemetry, tickets, and threat intelligence before being treated as confirmed.

Why the other options are wrong:
- Option B: AI output does not override primary evidence. The absence of corroboration is a reason to investigate, not to assume hidden proof.
- Option C: Fine-tuning does not remove the need for review. Models can still produce incorrect or unsupported security conclusions.
- Option D: Generative AI outputs are not guaranteed to be deterministic or correct. Treating the summary as confirmed is unsafe.

Correct answer (B): AI agents create added risk because they can invoke tools and take actions. For high-impact steps such as host isolation or account disablement, the safer design is to use AI for evidence gathering and triage acceleration while requiring human approval before consequential containment.

Why the other options are wrong:
- Option A: High confidence is not proof of correctness. Fully autonomous isolation can turn an incorrect AI judgment into an operational incident.
- Option C: Removing all useful tool access may be safe but does not meet the goal of speeding triage with log queries and ticketing.
- Option D: A malware label alone may be inaccurate or incomplete. Account disablement is high impact and should not be triggered by a single unvalidated label.