代理 安全 Study 指南
Comprehensive study guide for agent and agentic exploitation topics including MCP and A2A protocols.
評估 概覽
Comprehensive study guide for 代理 and 代理式 利用 topics including MCP and A2A protocols.
評估 Details:
- Questions: 10
- Recommended Time: 30 minutes
- Passing Score: 70%
- Difficulty Level: Intermediate
Instructions
Read each question carefully and 考慮 all answer options before selecting your response. Many questions have multiple plausible answers — select the best answer that accounts for the full context of the scenario.
For scenario-based questions:
- 識別 the key constraints and objectives in the scenario
- 考慮 what information you have and what you lack
- 評估 each option against the scenario's specific requirements
- Select the option that best balances effectiveness, 安全, and professionalism
Question 1
In the context of AI 紅隊 assessments, which approach provides the most comprehensive 評估 of a target system's 安全 posture?
Question 2
In the context of AI 紅隊 assessments, which approach provides the most comprehensive 評估 of a target system's 安全 posture?
Question 3
In the context of AI 紅隊 assessments, which approach provides the most comprehensive 評估 of a target system's 安全 posture?
Question 4
In the context of AI 紅隊 assessments, which approach provides the most comprehensive 評估 of a target system's 安全 posture?
Question 5
In the context of AI 紅隊 assessments, which approach provides the most comprehensive 評估 of a target system's 安全 posture?
Question 6
In the context of AI 紅隊 assessments, which approach provides the most comprehensive 評估 of a target system's 安全 posture?
Question 7
In the context of AI 紅隊 assessments, which approach provides the most comprehensive 評估 of a target system's 安全 posture?
Question 8
In the context of AI 紅隊 assessments, which approach provides the most comprehensive 評估 of a target system's 安全 posture?
Question 9
In the context of AI 紅隊 assessments, which approach provides the most comprehensive 評估 of a target system's 安全 posture?
Question 10
In the context of AI 紅隊 assessments, which approach provides the most comprehensive 評估 of a target system's 安全 posture?
Scoring and Recommendations
| Score | Level | Next Steps |
|---|---|---|
| 90-100% | Expert | Ready to proceed; 考慮 mentoring others |
| 80-89% | Proficient | Minor gaps; targeted review of missed topics |
| 70-79% | Competent | Adequate; review incorrect areas before advancing |
| 60-69% | Developing | Significant gaps; revisit relevant curriculum sections |
| Below 60% | Foundational | Complete prerequisites before retaking |
Review Guidance
After completing this 評估, review the explanations for all questions — including those you answered correctly. 理解 why an answer is correct is as important as knowing the answer itself, and the explanations often contain additional context that deepens 理解 of the topic.
For questions you answered incorrectly:
- 識別 the topic area the question covers
- Review the corresponding curriculum section
- Complete any related lab exercises
- Re-attempt the question after review
Detailed 評估 Content
Section Review Material
Before attempting this 評估, ensure you have reviewed all relevant curriculum material. The questions 在本 評估 cover both theoretical concepts and practical application of the material.
Key areas of focus for this 評估:
-
Conceptual 理解: You should be able to explain the fundamental mechanisms behind the attack and 防禦 techniques covered, not just recognize them by name.
-
Practical application: Many questions present scenarios that require you to determine the best approach given specific constraints and objectives.
-
Tool proficiency: Questions may reference specific tools and their capabilities. Ensure you have hands-on experience with the tools covered in the labs.
-
Framework knowledge: Governance and compliance questions reference specific frameworks (OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, EU AI Act). Know the key provisions and how they apply to AI 安全.
Practice Scenarios
考慮 the following scenarios as additional preparation:
Scenario 1: You are conducting a 紅隊 評估 of a customer-facing chatbot. The chatbot has access to a CRM system through 函式呼叫 and can look up customer records, create tickets, and send emails. What is your initial approach?
考慮: What information do you need to gather first? What are the highest-risk capabilities to 測試? How would you structure your 測試 to maximize coverage while staying within scope?
Scenario 2: During 測試, you discover that the chatbot's 系統提示詞 can be extracted through a simple instruction override. The 系統提示詞 contains API endpoint URLs and 認證 patterns. What do you do?
考慮: What is the immediate risk? Should you continue 測試 or escalate immediately? How would you document this finding?
Scenario 3: You are evaluating a RAG system that ingests customer documents. You have the ability to upload documents as a normal user. What attack vectors should you explore?
考慮: Document-based injection, metadata manipulation, 嵌入向量 space 投毒, and the interaction between document processing and the LLM.
# Framework for structured scenario analysis
class ScenarioAnalysis:
"""Structured analysis framework for 評估 scenarios."""
def __init__(self, scenario_description: str):
self.scenario = scenario_description
self.threats = []
self.vectors = []
self.priorities = []
def identify_threats(self) -> list:
"""識別 threats relevant to the scenario."""
# Map scenario to OWASP LLM Top 10 categories
owasp_mapping = {
"function_calling": "LLM06 - Excessive Agency",
"system_prompt": "LLM01 - 提示詞注入",
"rag_documents": "LLM01 - 提示詞注入 (Indirect)",
"user_data": "LLM02 - Insecure 輸出 Handling",
"training_data": "LLM03 - Training Data Poisoning",
}
return self.threats
def prioritize_testing(self) -> list:
"""Prioritize 測試 vectors by risk."""
# Risk = Likelihood × Impact
return sorted(self.vectors, key=lambda v: v["risk_score"], reverse=True)
def generate_test_plan(self) -> dict:
"""Generate a structured 測試 plan for the scenario."""
return {
"scope": self.scenario,
"threats": self.threats,
"test_cases": [
{
"vector": v["name"],
"technique": v["technique"],
"expected_result": v["expected"],
"priority": v["risk_score"],
}
for v in self.prioritize_testing()
],
}Additional Knowledge Checks
A 紅隊 discovers that an LLM-powered customer service 代理 can be manipulated to send emails to arbitrary addresses through 函式呼叫. How should this finding be classified according to OWASP LLM Top 10 2025?
During an AI 紅隊 engagement, you 識別 a 漏洞 that also affects a system outside your authorized scope. What is the correct course of action?
參考文獻 and Further Reading
- OWASP LLM Top 10 2025 — Comprehensive guide to LLM 安全 risks (owasp.org/www-project-top-10-for-large-language-model-applications)
- MITRE ATLAS — 對抗性 Threat Landscape for AI Systems (atlas.mitre.org)
- HarmBench — Standardized 評估 framework (github.com/centerforaisafety/HarmBench)
- JailbreakBench — 越獄 評估 benchmark (github.com/JailbreakBench/jailbreakbench)
- NIST AI 600-1 — Generative AI Profile for risk management
What is the most effective defensive strategy against the attack class described 在本 article?
Why do the techniques described 在本 article continue to be effective despite ongoing 安全 improvements by model providers?