Security in the Age
of AI & Automation
21 exam-grade
questions covering vulnerability scanning, CI/CD pipeline security, AI/ML
threat detection, and Infrastructure as Code — with clear explanations for
every answer.
Which step in the vulnerability scanning process establishes the baseline that is used for scanning?
A Attack surface analysis
B Detection and Classification
C Vulnerability matching
D Asset discovery✔
Why this answer
Asset discovery is the first and foundational step of any
vulnerability scanning workflow. Before a scanner can identify what is
vulnerable, it must know what exists on the network — servers, endpoints, IoT
devices, cloud resources, and applications. This inventory becomes the baseline
against which every subsequent scan is measured. Without a complete asset
inventory, scanners may miss entire segments of the attack surface, leaving
blind spots in your security posture.
Q 02
Which vulnerability
scanning feature includes automated scanning tools that enable continuous
identification of vulnerabilities?
A Proactive Threat Detection
B Prioritization of Security Risks
C Scalability and Efficiency
D Integration and Automation✔
Why this answer
Integration and
Automation is the feature
that enables scanning tools to operate continuously without manual
intervention. By integrating scanners into CI/CD pipelines and scheduling
recurring scans, teams achieve continuous identification of vulnerabilities as
code is written, built, and deployed. This feature is distinct from Proactive
Threat Detection (which involves threat hunting) and Scalability (which
is about handling large environments).
CI/CD Pipeline
Security
Q 3–9
Q 03
Which three
security controls or practices are protections for the Release stage in the
CI/CD pipeline?
Choose Three
A Dependency scanning
B Signed builds✔
C Role-based approvals✔
D Artifact integrity validation✔
E CI server access controls
F Secure storage of release artifacts
Why this answer
The Release
stage is when code transitions from built artifact to deployable
package. The three controls that specifically protect this stage are: Signed
builds (cryptographic signing confirms the artifact hasn't been
tampered with since build), Artifact integrity validation (checksum
and signature verification before release), and Role-based approvals (requiring
authorized human approvers before a release proceeds). Dependency scanning and
CI server controls belong to earlier Build/Integration stages, while secure
artifact storage is a post-release concern.
Q 04
Which IaC fast
rollback deployment strategy involves gradually releasing changes to a small
segment of users?
A Canary Deployments✔
B Blue-Green Deployments
C Feature Flags
D Regular Snapshots
Why this answer
Canary Deployments route a small percentage of production
traffic to a new version of the application, monitoring for errors before
rolling out to everyone. Named after the "canary in a coal mine"
analogy, this strategy limits blast radius. Blue-Green deployments
maintain two identical environments and switch all traffic at once. Feature
flags toggle features without deployment. Snapshots are
for backup/restore, not gradual rollouts.
Q 05
Which of the
following describes the Protected Branches access control of source code
security?
A Enforcing multifactor authentication (MFA)
B Requiring pull requests (PRs) and code reviews✔
C Implementing Role-Based Access Control (RBAC)
D Enabling logging and monitoring
Why this answer
Protected branches in Git platforms (GitHub, GitLab,
Bitbucket) are branch rules that require pull requests and code reviews before
any changes can be merged into critical branches
like main or release. This prevents direct pushes, enforces peer
review, and ensures no single developer can introduce unreviewed code into
production. MFA and RBAC are identity controls, not branch protection controls.
Q 06
Which API security
strategy involves enforcing HTTPS for all API traffic?
A Traffic Management
B Input Validation
C Data Protection✔
D Authentication and Authorization
Why this answer
Enforcing HTTPS encrypts
data in transit between the client and API server, which is a Data
Protection control. TLS/SSL prevents eavesdropping and
man-in-the-middle attacks on API calls. This is categorically different from
Authentication (verifying identity), Input Validation (sanitizing request
payloads), or Traffic Management (rate limiting and throttling).
Q 07
Which three of the
following are enabled by implementing vulnerability scanning in the CI/CD
integration phase of the API development lifecycle?
Choose Three
A Automatic triggering of scans✔
B Authentication controls verification
C Blocking of deployment if a critical
vulnerability is found✔
D Alerts and reports generation✔
E API issues detection
F Insecure coding detection
Why this answer
When vulnerability
scanning is embedded in the CI/CD integration phase, three specific
capabilities are unlocked: Automatic triggering (scans fire on
every commit or PR without manual action), Deployment blocking (pipeline
gates stop a release if a critical CVE is detected), and Alerts and
reports (teams receive notifications and audit trails of findings).
Authentication verification and insecure coding detection are typically handled
by separate DAST/SAST tools in other phases.
Q 08
Which security
challenge with automated workflows is described as bypassing traditional manual
review cycles?
A Misconfiguration in automation
B Rapid propagation of errors
C Lack of human oversight✔
D Inconsistent compliance checks
Why this answer
When workflows are
fully automated, they can bypass the manual review cycles that
humans traditionally use to catch logic errors, misconfigurations, and policy
violations. This is the challenge of lack of human oversight —
automation moves fast, but without human checkpoints, subtle issues can slip
through undetected into production.
Q 09
Which of the
following describes using internal incident response data as a method to keep
AI models current?
A Use data from past security incidents — network
logs, endpoint telemetry, and forensic findings — to enrich training datasets.✔
B Engage in regular red team assessments to mimic
real-world attack scenarios.
C Integrate structured sources such as MITRE
ATT&CK, CVE databases, and NIST NVD.
D Participate in ISACs to access collective
knowledge about emerging threats.
Why this answer
Internal incident
response data — including
network logs, endpoint telemetry, and forensic artifacts from actual breaches —
is uniquely valuable because it reflects your organization's specific threat
landscape. Feeding this real-world data back into AI training datasets keeps
models tuned to the threats you actually face, rather than generic threat
patterns from public sources.
Q 10
When balancing
automation with human oversight, what can be done to establish clear escalation
and validation paths?
A Let AI handle the heavy lifting of sifting
through massive datasets.
B Security analysts should routinely review model
outputs and validate results.
C Define policies and workflows for escalating
ambiguous or high-risk incidents to human teams.✔
D Integrate structured sources such as MITRE
ATT&CK and CVE databases.
Why this answer
Defining escalation
policies and workflows is
the specific mechanism that establishes clear paths for human
intervention. Without documented escalation playbooks, teams don't know when AI
output requires human review, who reviews it, or what the SLA is. This
governance layer is what turns an AI tool from a black box into an accountable,
auditable system.
Q 11
What is a primary
advantage of continuous model training using updated threat intelligence in
AI/ML security workflows?
A It enhances the ability to detect emerging and
novel threats.✔
B It enables faster infrastructure deployment
without risk analysis.
C It increases the quantity of alerts regardless
of relevance.
D It eliminates the need for human oversight in
security monitoring.
Why this answer
AI models trained on
static datasets quickly become outdated as adversaries evolve tactics. Continuous
training with updated threat intelligence allows models to
recognize novel attack patterns — zero-days, new malware
families, emerging TTPs — that weren't in the original training data. This is
especially critical because static models suffer from model drift and generate
increasing false negatives over time.
Q 12
Which benefit of
embedding AI/ML into the CI/CD pipeline helps reduce the risk of overwhelming
teams with low-risk threat warnings?
A Early detection
B Risk-based prioritization✔
C Faster remediation
D Automation and scalability
Why this answer
Risk-based
prioritization uses AI to
score findings by exploitability, business impact, and context — surfacing only
the alerts that genuinely matter. Alert fatigue is a major security operations
problem; teams that receive hundreds of low-confidence alerts per day stop treating
them seriously. Prioritization filters noise so engineers focus on findings
with real blast radius potential.
Q 13
Which type of
machine learning best enables detection of insider threats based on deviations
from expected user behavior?
A Supervised learning
B Reinforcement learning
C Pattern-based learning
D Unsupervised learning✔
Why this answer
Unsupervised
learning builds
behavioral baselines without labeled training examples and then flags anomalies
that deviate from those baselines. Insider threats are notoriously difficult to
detect because they look like normal activity — only the subtle deviations
(unusual login times, atypical data access) reveal the threat. Supervised
learning requires labeled examples of malicious behavior, which are rare for
insider threats.
Q 14
Which security
telemetry source includes API calls, authentication logs, service usage
patterns, and configuration changes?
A SIEM
B Cloud services and APIs✔
C Threat Intelligence Feeds
D EDR tools
Why this answer
Cloud services and
APIs are the native
source of this telemetry. AWS CloudTrail, Azure Activity Log, and GCP Audit
Logs all record API calls, authentication events, service usage, and
configuration changes at the cloud platform level. SIEM aggregates logs from
many sources; EDR is endpoint-focused; threat intelligence feeds provide
external threat context — none of these natively generate cloud API call logs.
Q 15
Which incident
response scenario involves gathering contextual information about threats to
help analysts make faster decisions?
A Playbook execution
B Alert correlation
C Threat enrichment✔
D Notification and escalation
Why this answer
Threat enrichment augments raw alerts with contextual
intelligence — IP reputation, domain age, geolocation, WHOIS data, malware
sandbox results, and threat actor attribution. This context dramatically
reduces the time analysts spend researching an alert before deciding how to
respond. Alert correlation links related events; playbook execution automates
response steps; notification escalates to the right people.
Q 16
Which risk of
solely depending on AI can be described as AI being fed poisoned data?
A Adversarial attacks✔
B Bias and Fairness
C Overreliance on Automation
D Explainability
Why this answer
Adversarial attacks include data poisoning — where an
attacker deliberately injects malicious, misleading, or corrupted training data
to manipulate the model's behavior. A poisoned model might learn to classify
malware as benign, enabling attackers to evade detection. This is distinct
from bias (systematic errors from skewed but unintentional
data) and explainability (the inability to interpret model
decisions).
Advertisement · Google
AdSense In-Article
Q 17
Which toolchain is
used for analyzing source code to detect security vulnerabilities?
A Dynamic Application Security Testing (DAST)
B Software Composition Analysis (SCA)
C Infrastructure-as-Code (IaC) Scanners
D Static Application Security Testing (SAST)✔
Why this answer
SAST (Static
Application Security Testing) analyzes
source code, bytecode, or binaries without executing the application,
scanning for vulnerabilities like SQL injection, buffer overflows, and
hardcoded secrets early in the SDLC. DAST tests running applications. SCA scans
third-party dependencies. IaC scanners check Terraform/CloudFormation templates
— not application source code.
Q 18
Which three of the
following are benefits of implementing automated security testing for
continuous compliance?
Choose Three
AEarly remediation✔
B Detailed audit trail✔
C Configuration rollback capability
D Manual verification
E Continuous visibility✔
F Operational Efficiency
Why this answer
Automated security testing for continuous compliance delivers three key benefits: Early remediation — catching issues in development when they're cheapest to fix; Detailed audit trail — every scan result is logged, timestamped, and traceable for compliance reporting (PCI-DSS, SOC 2, HIPAA); and Continuous visibility — real-time dashboards show the security posture at every point in the pipeline, not just at scheduled audit windows.
Q 19
Which of the
following is a benefit of applying shift-left security with IaC?
A Rapid replication for disaster recovery and
response
B Embed security controls and policies
C Version control and traceability
D Faster detection of insecure configuration✔
Why this answer
Shift-left security
with IaC means running
security checks on infrastructure code (Terraform, Ansible,
CloudFormation) before it is deployed. This provides faster
detection of insecure configurations — open S3 buckets,
over-permissive IAM roles, unencrypted volumes — at the coding stage rather
than after provisioning, drastically reducing remediation cost and time.
Q 20
Which IaC
capability allows infrastructure to scale dynamically in response to
application needs and traffic patterns?
A Automation✔
B Version Control
C Repeatability
D Testability
Why this answer
Automation is the IaC capability that enables
dynamic scaling. IaC tools like Terraform combined with cloud auto-scaling
policies can automatically provision or deprovision resources in response to
load — with no human intervention. Version control tracks changes;
repeatability ensures consistency across environments; testability validates
configurations — but none of these inherently enable real-time scaling.
Q 21
Which of the
following uses data to ensure that AI models are both accurate and
generalizable across environments?
A Data collection and preparation✔
B AI/ML integration
C Model training and preparation
D AI/ML deployment
Why this answer
Data collection and
preparation is the ML
lifecycle phase responsible for accuracy and generalizability. A model is only
as good as its training data — collecting diverse, representative, and unbiased
datasets and applying preprocessing (normalization, deduplication,
augmentation) ensures the model performs well not just on training data but
across varied real-world environments. Poor data preparation is the leading
cause of model overfitting and poor generalization.
More from
NetworkLearner
Related Posts
Top
Cybersecurity MCQs with Answers
22
Network Security Interview Q&A
TLS
1.3, Cloud Security, Kubernetes, AI threat detection, and Post-Quantum
Cryptography explained.
30
Cybersecurity & Network Security MCQs (2026)
Endpoint
security, IAM, VPN, SD-WAN, and network hardening — 30 questions with full
explanations.
Cisco
Data Center Foundation — Practice Exam 1
Why
Service Graphs Matter in Cisco ACI
Cisco
ACI: Decommission vs Remove vs Secure Remove
No comments:
Post a Comment