Quiz: AI and Machine Learning in Security
A 26-question self-check covering anomaly detection, the false-positive economics, adversarial ML, and AI-enabled attacks. Several questions are tagged with the certification domain they map to — [Sec+] for CompTIA Security+ and [CISSP] for the (ISC)² CISSP — so certification candidates can self-assess. Answers and one-line explanations are at the end; try the whole quiz before checking.
Section 1 — Multiple choice (1 pt each)
1. [Sec+] Detection that learns "normal" from unlabeled data and flags deviation is best called: A. supervised detection B. signature detection C. unsupervised / anomaly detection D. IoC matching
2. A z-score of an observation is best described as: A. the probability the observation is malicious B. how many standard deviations it sits from the baseline mean C. the false-positive rate D. the model's accuracy
3. [Sec+] A spam filter trained on millions of emails already labeled "spam" or "not spam" is an example of: A. unsupervised detection B. supervised detection C. anomaly detection D. a deterministic rule
4. A detector is 99% accurate on a stream where attacks are 1 in 10,000. The biggest practical problem with deploying it as-is is: A. it is too slow B. precision is very low — most alerts are false positives C. it cannot be explained D. it violates GDPR
5. [CISSP] Manipulating a model's training data so the deployed model learns the wrong thing is: A. model evasion B. data poisoning C. prompt injection D. a denial-of-service attack
6. Crafting an input at inference time to be misclassified (e.g., a malware variant that scores "clean") is: A. data poisoning B. a backdoor C. model evasion D. drift
7. [Sec+] Smuggling adversarial instructions into the text an LLM processes, so it treats attacker-supplied content as a trusted command, is called: A. SQL injection B. prompt injection C. cross-site scripting D. poisoning
8. The single most effective control against a deepfake-voice authorization of a wire transfer is: A. a better spam filter B. antivirus on the finance laptop C. out-of-band verification and dual authorization D. a longer password
9. [CISSP] "Anomalous is not the same as malicious" matters most because: A. anomaly detectors are always wrong B. a skilled attacker can stay statistically normal while benign events are often anomalous C. malicious events are never anomalous D. supervised models are better
10. Which is the best candidate for a deterministic rule rather than ML? A. surfacing the one user whose behavior drifted most from their own past B. classifying never-before- seen malware C. alerting when an HR user accesses payroll from a non-operating country D. clustering similar alerts
11. [Sec+] A UEBA platform's main advantage over a single-feature z-score is that it: A. needs no data B. fuses many weak per-entity signals into one risk score C. is always explainable D. eliminates false positives
12. The public MITRE knowledge base of attacks against AI/ML systems is: A. ATT&CK B. ATLAS C. CVE D. the OWASP Top 10
13. [CISSP] Why is keeping an ML classifier behind deterministic rules and in front of human review a defense against adversarial ML? A. it makes the model faster B. defense in depth — no single corruptible layer is decisive C. it removes the need for training data D. it guarantees zero false negatives
14. A gradual data-exfiltration ramp that the anomaly detector never flags is enabled by: A. the detector being supervised B. the baseline continuously re-learning "normal" from attacker- influenced data C. too high a threshold only D. a zero-variance baseline
Section 2 — True / False with justification (1 pt each)
For each, mark T or F and give a one-sentence reason.
15. "A model that is 99.9% accurate will produce a queue an analyst can trust on a rare-event detection problem."
16. [Sec+] "Because generative AI writes fluent phishing, 'look for typos and bad grammar' is still the best anti-phishing advice."
17. "An anomaly detector tells you not only that an event is unusual but whether it is malicious."
18. [CISSP] "Most catastrophic prompt-injection outcomes require that the LLM was given consequential tools or data it did not need."
19. "A perfectly steady baseline like $[4,4,4,4]$ is ideal for a z-score because it has no noise."
20. "Narrowing an anomaly detector's scope to high-value events before scoring raises precision."
Section 3 — Fill in the blank (1 pt each)
21. The inescapable tension between catching more attacks and raising fewer false alarms, governed by the threshold, is the __ tradeoff.
22. [Sec+] The probability that a given alert is a real attack is called _ (positive predictive value); the share of real attacks the detector catches is called _.
23. The two adversarial-ML attacks every defender must know are data _ (corrupting training) and model _ (fooling the decision at inference).
24. The community reference cataloging prompt injection, insecure output handling, and excessive agency in LLM applications is the __ for LLM Applications.
Section 4 — Short answer (2 pts each)
25. [CISSP] Meridian processes 1,000,000 logins/day, 100 of them malicious. A detector catches 99% of attacks with a 1% false-positive rate. Compute true positives, false positives, and precision, and state in one sentence what this means for the SOC.
26. [Sec+] In two or three sentences, explain why the defenses against AI-enabled attacks (deepfake fraud, LLM-aided phishing, prompt injection) are mostly not new AI technology but the security fundamentals from earlier chapters. Name at least two specific fundamentals and the chapters they came from.