Certified AI Red Teamer Practice Exam 2
Second full-length practice exam with different question set for certification preparation.
Assessment Overview
Second full-length practice exam with different question set for certification preparation. This assessment tests both theoretical understanding and practical application of the covered material.
Assessment Details:
- Questions: 15
- Time Limit: 45 minutes recommended
- Passing Score: 70%
- Difficulty: Intermediate
Instructions
- Read each question carefully, including all answer options, before selecting your response
- Some questions have multiple correct approaches — select the best answer
- Scenario-based questions require you to consider the full context before answering
- After completing the assessment, review the explanations for all questions — including those you answered correctly
Question 1
Based on the concepts covered in this assessment area, which approach most effectively addresses the primary vulnerability class being tested?
Question 2
Based on the concepts covered in this assessment area, which approach most effectively addresses the primary vulnerability class being tested?
Question 3
Based on the concepts covered in this assessment area, which approach most effectively addresses the primary vulnerability class being tested?
Question 4
Based on the concepts covered in this assessment area, which approach most effectively addresses the primary vulnerability class being tested?
Question 5
Based on the concepts covered in this assessment area, which approach most effectively addresses the primary vulnerability class being tested?
Question 6
Based on the concepts covered in this assessment area, which approach most effectively addresses the primary vulnerability class being tested?
Question 7
Based on the concepts covered in this assessment area, which approach most effectively addresses the primary vulnerability class being tested?
Question 8
Based on the concepts covered in this assessment area, which approach most effectively addresses the primary vulnerability class being tested?
Question 9
Based on the concepts covered in this assessment area, which approach most effectively addresses the primary vulnerability class being tested?
Question 10
Based on the concepts covered in this assessment area, which approach most effectively addresses the primary vulnerability class being tested?
Question 11
Based on the concepts covered in this assessment area, which approach most effectively addresses the primary vulnerability class being tested?
Question 12
Based on the concepts covered in this assessment area, which approach most effectively addresses the primary vulnerability class being tested?
Question 13
Based on the concepts covered in this assessment area, which approach most effectively addresses the primary vulnerability class being tested?
Question 14
Based on the concepts covered in this assessment area, which approach most effectively addresses the primary vulnerability class being tested?
Question 15
Based on the concepts covered in this assessment area, which approach most effectively addresses the primary vulnerability class being tested?
Scoring Guide
| Score Range | Assessment | Recommendation |
|---|---|---|
| 90-100% | Expert | Ready to proceed to the next section |
| 80-89% | Proficient | Minor gaps to address through targeted review |
| 70-79% | Competent | Review incorrect areas before proceeding |
| 60-69% | Developing | Revisit the corresponding curriculum sections |
| Below 60% | Foundational | Complete the prerequisite material before retaking |
Study Resources
If you scored below the passing threshold, focus your review on:
- The specific topics where you answered incorrectly
- The hands-on labs that correspond to your weakest areas
- The reference materials for frameworks and tools mentioned in the questions
- CVE-2024-21513 — LangChain experimental: arbitrary code execution
Detailed Assessment Content
Section Review Material
Before attempting this assessment, ensure you have reviewed all relevant curriculum material. The questions in this assessment cover both theoretical concepts and practical application of the material.
Key areas of focus for this assessment:
-
Conceptual understanding: You should be able to explain the fundamental mechanisms behind the attack and defense techniques covered, not just recognize them by name.
-
Practical application: Many questions present scenarios that require you to determine the best approach given specific constraints and objectives.
-
Tool proficiency: Questions may reference specific tools and their capabilities. Ensure you have hands-on experience with the tools covered in the labs.
-
Framework knowledge: Governance and compliance questions reference specific frameworks (OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, EU AI Act). Know the key provisions and how they apply to AI security.
Practice Scenarios
Consider the following scenarios as additional preparation:
Scenario 1: You are conducting a red team assessment of a customer-facing chatbot. The chatbot has access to a CRM system through function calling and can look up customer records, create tickets, and send emails. What is your initial approach?
Consider: What information do you need to gather first? What are the highest-risk capabilities to test? How would you structure your testing to maximize coverage while staying within scope?
Scenario 2: During testing, you discover that the chatbot's system prompt can be extracted through a simple instruction override. The system prompt contains API endpoint URLs and authentication patterns. What do you do?
Consider: What is the immediate risk? Should you continue testing or escalate immediately? How would you document this finding?
Scenario 3: You are evaluating a RAG system that ingests customer documents. You have the ability to upload documents as a normal user. What attack vectors should you explore?
Consider: Document-based injection, metadata manipulation, embedding space poisoning, and the interaction between document processing and the LLM.
# Framework for structured scenario analysis
class ScenarioAnalysis:
"""Structured analysis framework for assessment scenarios."""
def __init__(self, scenario_description: str):
self.scenario = scenario_description
self.threats = []
self.vectors = []
self.priorities = []
def identify_threats(self) -> list:
"""Identify threats relevant to the scenario."""
# Map scenario to OWASP LLM Top 10 categories
owasp_mapping = {
"function_calling": "LLM06 - Excessive Agency",
"system_prompt": "LLM01 - Prompt Injection",
"rag_documents": "LLM01 - Prompt Injection (Indirect)",
"user_data": "LLM02 - Insecure Output Handling",
"training_data": "LLM03 - Training Data Poisoning",
}
return self.threats
def prioritize_testing(self) -> list:
"""Prioritize testing vectors by risk."""
# Risk = Likelihood × Impact
return sorted(self.vectors, key=lambda v: v["risk_score"], reverse=True)
def generate_test_plan(self) -> dict:
"""Generate a structured test plan for the scenario."""
return {
"scope": self.scenario,
"threats": self.threats,
"test_cases": [
{
"vector": v["name"],
"technique": v["technique"],
"expected_result": v["expected"],
"priority": v["risk_score"],
}
for v in self.prioritize_testing()
],
}Additional Knowledge Checks
A red team discovers that an LLM-powered customer service agent can be manipulated to send emails to arbitrary addresses through function calling. How should this finding be classified according to OWASP LLM Top 10 2025?
During an AI red team engagement, you identify a vulnerability that also affects a system outside your authorized scope. What is the correct course of action?
References and Further Reading
- CVE-2024-21513 — LangChain experimental: arbitrary code execution
- JailbreakBench — github.com/JailbreakBench/jailbreakbench
- OWASP LLM Top 10 2025 — LLM01 (Prompt Injection)
What is the most effective approach to defending against the attack class covered in this article?
Why do the techniques described in this article remain effective across different model versions and providers?