Module 8 — Quiz¶
Type: Quiz · Duration: ~10 min · Status: Mandatory · Pass mark: 70% (9 of 12) Module: Module 8 — AI Governance, Risk & Compliance
Question 1 (multiple choice)¶
Distinguish a NIST AI RMF framework from a program.
a) They're synonyms. b) Framework is the map (functions, categories, subcategories); program is the operational machinery — risk register, control library, measurement suite, governance cadence. c) Framework is internal; program is external. d) Framework is voluntary; program is mandatory.
Answer: b
Question 2 (short)¶
Name the four artifacts of an operational NIST AI RMF program.
Answer: AI risk register, AI control library, AI measurement / evaluation suite, AI governance reporting cadence.
Question 3 (multiple choice)¶
What is the NIST AI 600-1 GenAI Profile?
a) A new framework replacing AI RMF 1.0. b) A tailored application of AI RMF 1.0 to generative AI, with 12 risk categories and specific Govern/Map/Measure/Manage guidance. c) A vendor product. d) A subset of EU AI Act.
Answer: b
Question 4 (short)¶
Name the five EU AI Act program components for a high-risk AI system.
Answer: Risk management system (Art. 9); data governance (Art. 10); technical documentation (Art. 11); record-keeping (Art. 12); human oversight (Art. 14).
Question 5 (multiple choice)¶
A SaaS uses a foundation-model vendor and ships to EU customers. Under the EU AI Act, what role is the SaaS for the AI feature?
a) Deployer b) Provider c) Importer d) Distributor
Answer: b (Provider — for their AI feature)
Question 6 (multiple choice)¶
What is the most common failure mode in EU AI Act Article 11 documentation packages?
a) Too long. b) Section 8 (post-market monitoring) described abstractly with no actual evidence of monitoring happening. c) Wrong language. d) Missing the cover page.
Answer: b
Question 7 (multiple choice)¶
Name a deal-breaker scenario in AI vendor security review.
a) Vendor uses a Python backend. b) Vendor refuses to disclose model provenance (won't tell you which foundation model powers their product). c) Vendor has an SLA of 99.5%. d) Vendor charges per-seat.
Answer: b
Question 8 (scenario — short)¶
Your LLM-powered SaaS, deployed to EU + US healthcare customers, exposes user PII via a training-data extraction attack. Identify three regulatory regimes that may require notification, with timelines.
Sample answer: - EU AI Act Article 73 (if your system is high-risk): notification to EU member-state market surveillance authority — within 15 days (or shorter for some categories). - GDPR Articles 33-34: notification to lead supervisory authority within 72 hours of breach awareness; data-subject notification if high risk. - HIPAA Breach Notification Rule: notify affected individuals within 60 days; HHS within 60 days (immediate for breaches affecting 500+ in a state).
Plus customer-contractual SLAs per MSA, typically 24-72 hours.
Question 9 (multiple choice)¶
Distinguish a model card from a system card.
a) They're synonyms. b) Model card describes a single trained model artifact; system card describes a complete AI system (model + application + deployment context). c) Model card is for internal use; system card is for external use. d) System cards are required by GDPR.
Answer: b
Question 10 (multiple choice)¶
What's the role of the AI-BOM in the governance documentation stack?
a) Replaces the model card. b) Provenance backbone — single source of truth that the other documentation references (model cards, system cards, data sheets). c) Replaces the EU AI Act Article 11 package. d) Only matters for open-source AI.
Answer: b
Question 11 (scenario — short)¶
Walk the EchoLeak attack chain across the OWASP LLM Top 10 categories it traverses, and identify one defensive architectural pattern that would have most likely prevented it.
Sample answer: - LLM01 (indirect prompt injection — crafted email with embedded instructions) - LLM08 (excessive agency — Copilot's broad Microsoft Graph tool access) - LLM02 (insecure output handling — markdown rendering of crafted exfil URL) - LLM06 (sensitive information disclosure — tenant data exposed) - LLM05 (supply chain — partial; depends on framing)
Defensive architecture: dual-LLM pattern — quarantine the LLM that processes untrusted email content; privileged LLM never sees raw email, only structured summaries from the quarantined LLM. The injection might land in the summary but cannot directly trigger tool calls.
Question 12 (scenario — short)¶
You're standing up an AI security program at a B2B SaaS shipping LLM features to enterprise customers, including EU. You have $300k Year-1 budget. Sketch the first-90-day priorities.
Sample answer: (Many right answers; rubric grades on prioritization logic and tie to course concepts.)
Days 1-30: foundation. - Hire / claim role as AI security engineer (Pattern A: within Product Security). - Build initial AI-BOM for current AI features. - Establish pre-launch red-team gate; run against the next AI feature launch. - Wire promptfoo + Garak into CI for one existing AI feature (L7.8 lab pattern).
Days 31-60: documentation + measurement. - Author system card + model card + risk assessment for the most-critical AI feature (L8.7). - Establish risk register; populate from L2.6-style threat models. - Begin Article 11 documentation package (L8.2.2) for any EU-customer-facing high-risk features. - Stand up basic prompt/response logging with PII redaction (L7.9 pattern).
Days 61-90: program formalization. - Establish quarterly governance reporting cadence. - Vendor security review template (L8.3.2) for all AI vendors in stack. - IR playbook for AI-specific scenarios (L7.6.1) with tabletop exercise. - Document program scope, escalation path; communicate to leadership.
Budget allocation rough cut: $150k headcount (1 dedicated FTE or 1.5 part-time), $50k tooling (commercial guardrail + observability), $50k external red-team engagement, $50k contingency (training, conferences, unexpected).
Scoring¶
- 12 questions, 1 point each. 70% to pass.
- Auto-grade Q1, Q3, Q5, Q6, Q7, Q9, Q10. Key-phrase grade Q2, Q4. Rubric Q8, Q11, Q12.