l. The chatbot was supposed “to learn” the queries pattern to address user queries and provide the right answers.
What type of technology enables this?
A. Artificial intelligence
B. Cloud computing
C) Machine learning.
2. Insufficient testing and lack of samples provided to Finite’s chatbot during the training phases are considered
as Refer to scenario I.
A. Threats
B. Vulnerabilities
C. Risks.
Scenario 1: Fintive is a distinguished security provider for online payments and protection solutions. Founded in
1999 by Thomas Fin in San Jose, California, Fintive offers services to companies that operate online and want to
improve their information security, prevent fraud, and protect user information such as PIl. Fintive centers its
decision-making and operating process based on previous cases. They gather customer data, classify them
depending on the case, and analyze them. The company needed a large number of employees to be able to
conduct such complex analyses. After some years, however, the technology that assists in conducting such
analyses advanced as well. Now, Fintive is planning on using a modern tool, a chatbot, to achieve pattern
analyses toward preventing fraud in real-time. This tool would also be used to assist in improving customer
service.
This initial idea was communicated to the software development team, who supported it and were assigned to
work on this project. They began integrating the chatbot on their existing system. In addition, the team set an
objective regarding the chatbot which was to answer 85% of ali chat queries.
After the successful integration of the chatbot, the company immediately released it to their customers for use.
The chatbot, however, appeared to have some issues.
Due to insufficient testing and lack of samples provided to the chatbot during the training phase, in which it was
supposed “to learn” the queries pattern, the chatbot failed to address user queries and provide the right answers.
Furthermore, the chatbot sent random files to users when it received invalid inputs such as odd patterns of dots
and special characters. Therefore, the chatbot was unable to properly answer customer queries and the
traditional customer support was overwhelmed with chat queries and thus was unable to help customers with
their requests.
Consequently, Fintive established a software development policy. This policy specified that whether the software
is developed in-house or outsourced, it will undergo a black box testing prior to its implementation on operational
systems.
3. Based on scenario 1, the chatbot was unable to properly answer customer queries. Which principle of
information security has been affected in this case?
A. Availability
B. Integrity
C. Confidentiality.
What type of security control does the use of black box testing represent? Refer to scenario I.
A. Corrective and technical
B. Detective and managerial
C Preventive and technical.
5. According to scenario 1,
received invalid inputs. What impact might that lead to?
A. Inability to provide service
B. Loss Of reputation
C. Leak of confidential information.
6. Which situation presented below represents a threat?
A. HackX uses and distributes pirated software
B. The information security training was provided to only the IT team members of the organization
C. Hackers compromised the administrator account by cracking the
Password.
7. An organization does not check the source code of the updated version Of an application when it is updated
automatically. Thus, the application may be open to unauthorized modifications. This represents a
that may impact information
A. (1) Threat, (2) confidentiality
B. (1) Risk, (2) availability
C. (1) Vulnerability, (2) integrity.
8. A telecommunications company uses the AES method for ensuring that
confidential information is protected. This means that they use a single key to encrypt and decrypt the
information. What kind of control does the company use?
A. Detective
B. Corrective
C. Preventive.
9. You received an email requiring you to send information such as name, email, and password in order to
continue using your email account. If you do not send such information, your email account will be disabled. What
does this scenario Present?
A. personnel type of vulnerability
B. An unauthorized action type of threat
C. A compromise of information type of threat.
10. Which statement below best describes the relationship between information security aspects?
A. Threats exploit vulnerabilities to damage or destroy assets B. Controls protect assets by reducing threats
C. Risk is a function of vulnerabilities that harm assets.
11. Which of the options below is a control related to the management of personnel at aims to avoid the
occurrence of incidents?
A. The organization regularly provides security awareness and training sessions for its employees
B. The organization always reviews the security policy after the integration of a new division to the organization
C. The organization conducts regular user access reviews to verify that only authorized employees have access
to confidential information.
12. A data processing tool crashed when a user added more data in the buffer than its storage capacity allows.
The incident was caused by the tool’s inability to bound check arrays. What kind of vulnerability is this?
A. Intrinsic vulnerability. because inability to bound check arrays is a characteristic of the data processing tool
B. Extrinsic vulnerability because inability to bound check arrays is related to external factors
C. None, the tool’s inability to bound check arrays is not a vulnerability, but a threat.
13. Pay Bell, a finance corporation, is using some services with the potential to bypass all the governance
processes that are in place in order to ensure proper security of the company. What type of services are these?
A. Machine learning services
B. Cloud services
c. Artificial intelligence services.
14. FTP uses clear text passwords for authentication. This is an FTP:
A. Vulnerability
B. Risk
C. Threat.
