基礎 Practice Exam
25-question practice exam covering LLM fundamentals, prompt injection basics, safety mechanisms, red team methodology, and AI threat landscape at an intermediate level.
Fundamentals Practice Exam
This exam covers foundational knowledge across five core domains essential for AI 紅隊演練. Set a 45-minute timer and answer all 25 questions without consulting reference materials.
Section A: LLM Architecture Fundamentals (Questions 1-5)
1. What is the fundamental reason that LLMs cannot reliably distinguish between instructions from the developer and instructions from 使用者?
2. What does the '注意力 mechanism' in transformer models mean for 安全?
3. Why do 嵌入向量 models pose a 供應鏈 risk when used in RAG systems?
4. What is the 安全 significance of the 'logit' values produced by an LLM before the softmax function is applied?
5. What makes 分詞 a 安全-relevant process?
Section B: 提示詞注入 and Jailbreaking (Questions 6-10)
6. What is the key difference between direct and indirect 提示詞注入?
7. Why does the 'few-shot' 越獄 technique work against 安全-trained models?
8. What makes persona-based jailbreaks effective, and what 防禦 do they typically bypass?
9. What is a 'universal 對抗性 suffix' and why is it significant for 紅隊演練?
10. In a multi-turn conversation, why is the 'crescendo' attack pattern effective?
Section C: 防禦 Mechanisms (Questions 11-15)
11. Why is 輸入 filtering alone insufficient as a 防禦 against 提示詞注入?
12. What is the purpose of a 'canary 符元' in an LLM 系統提示詞?
13. What is the 'sandwich 防禦' pattern and what is its primary limitation?
14. Why should 輸出 filtering be applied as a separate layer from 模型's own 安全 訓練?
15. What is the primary 安全 benefit of 實作 tool-level 權限 rather than relying on 模型's judgment about when to use tools?
Section D: Methodology and Reporting (Questions 16-20)
16. What is the most important element to include in a 提示詞注入 finding's reproduction steps?
17. Why should a 紅隊 engagement scope document explicitly address AI-specific 測試 activities?
18. When reporting a content filter bypass finding, what contextualizes the severity most effectively?
19. What is the purpose of documenting failed attack attempts in a 紅隊 report?
20. What is the recommended approach when a 紅隊 finds a 漏洞 that could affect user 安全 (not just 安全) during an engagement?
Section E: AI Threat Landscape (Questions 21-25)
21. What makes AI 供應鏈 attacks distinct from traditional software 供應鏈 attacks?
22. What is the 'confused deputy problem' in the context of AI 代理, and why is it critical?
23. Why is model extraction considered a threat even when model weights are not directly accessible?
24. What distinguishes 資料投毒 from 提示詞注入 as an attack vector?
25. What is the primary reason that AI 安全 requires specialized expertise beyond traditional application 安全?