(2 points) What is the purpose of Dijkstra’s algorithm? (5 points) Write Dijkstra’s algorithm for a graph G(V,E). (3 points) Trace the algorithm for the following graph:  Fill in the table: Source Vertex A Shortest distance from A Previous vertex                                –                                –                                –                                –                                –  

Are the following statements True/False? Explain your reasoning in no more than two sentences8.1. Increasing the entropy of a cryptographic key reduces its predictability and improves its resistance to brute-force attacks. (1 point)  8.2. Because modeling is an abstraction of the system that will surely miss a lot of details, when we do modeling, we should model the system to as much detail as possible in all perspectives, such that the model is more realistic and a better approximation to the real system. (1 point) 8.3. Clustering is a supervised learning method. (1 point)  8.4. The difference between supervised learning and unsupervised learning is that supervised learning aims to identify patterns within data, while unsupervised learning focuses on predicting outcomes based on labeled examples.  (1 point)  8.5. A basic backdoor attack requires modifying all training data samples with the same unique trigger to embed malicious behavior into the model. (1 point) 8.6. A Backdoor Attack requires the attacker to have full access to the model parameters during training. (1 point)  8.7. Access Control Lists are more suitable than Capabilities Lists for distributed systems because permissions are managed centrally. (1 point)  8.8. In a system using Access Control Lists, permissions are attached to users as tokens, making it suitable for distributed environments. (1 point) 

AI Failure in Self-Driving Car  Scenario: An AI system controls a self-driving car. During heavy rain, the car struggles to correctly detect lane markings, causing it to behave erratically.The AI vision module was trained mainly on clear, dry-weather datasets. No real-world rainy conditions were simulated or included in training.10.1. Short Answer: Identify two major machine learning issues that caused the car’s lane detection failure. (Be specific: e.g., generalization error, dataset bias, etc.) (2 points) 10.2. True/False: Give reasoning for your answer. (1 point) Overfitting to dry-weather images is a likely cause of the car’s poor generalization during rain.  10.3. Short Answer: (2 points) Suggest one immediate operational mitigation that could be deployed while improving the AI model long-term.10.4. Multiple Choice: (1 point)In a functional safety analysis (ISO 26262 or similar), what would be the risk level of the erratic driving during rain?A) Low Risk — because it’s rareB) Medium Risk — because it happens only during rainC) High Risk — because it could cause injury or deathD) No Risk — since the system is autonomous and learns 10.5. True/False: Give reasoning for your answer.(1 point) If the AI fails during rain and causes an accident, liability could potentially fall on the developers who trained the system.  10.6. Essay (8–10 sentences): (3 points) Explainable AI (XAI) refers to a set of methods and techniques that make AI models more transparent and understandable to humans. Describe how Explainable AI (XAI) techniques could be applied to better understand why the lane detection model fails during rain and how this insight could guide safer model updates.

15.1. Short Answer – Security Properties (2 points) Identify two security mechanisms in this scenario that maintain confidentiality or integrity, and explain what threat each mitigates.   15.2. Multiple Choice (1 point) Why is DNS amplification effective for DDoS? a) Uses DNSSEC keys to overload CPU b) Small queries → large responses → bandwidth exhaustion c) Requires insider access to DNS servers d) Hijacks routing tables to redirect traffic.   15.3. True/False: Give reasoning for your answer.  (1 point) “In IPsec tunnel mode, the entire original IP packet is encrypted, including the original header.   15.4. Scenario – Threat Analysis (2 points) If the employee clicks the phishing link, what two attacks become possible even though TLS is still used securely?   15.5. True/False: Give reasoning for your answer. (1 point) “Stealing an SSH private key alone guarantees unauthorized access.   15.6 Scenario for Questions 15.7- 15.9 (DFD + Trust Boundaries + Threat Modeling)  A Data Flow Diagram (DFD) shows: Mobile App → Web Server → Internal DB. Authentication happens at Web Server. Sensitive data crosses the Internet.   15.7. Scenario-Based (2 points) Identify one trust boundary in the system and explain why this boundary increases attack surface exposure.   15.8. Multiple Choice (1 point) Crossing a trust boundary typically implies: a) Same security assumptions on both sides b) Privilege, authentication, or trust level changes c) Traffic is automatically encrypted d) No need for logging or monitoring   15.9. True/False: Give reasoning for your answer. (1 point) “If TLS is implemented correctly, a Man-in-the-Middle on the network cannot read or modify data in transit.

Read the following scenario and identify which type of threat it represents according to the STRIDE model. Provide a brief justification (two to four sentences) for your choice.  4.1. A malicious insider with limited privileges gains access to the organization’s CI/CD pipeline and alters the source code of a production application before deployment. The modified code introduces backdoor instructions that allow remote command execution after release. (3 points) 4.2. A threat actor crafts a fake government COVID-19 relief website identical to the real one, tricking citizens into logging in and submitting their SSN and bank account details. The attacker then uses the stolen credentials to access victims’ financial accounts. (3 points)   4.3. A cloud storage provider experiences an outage, making an enterprise unable to access critical operational documents required for emergency response coordination. No data is stolen or modified, but operations halt for several hours. (3 points)

Which of the following is the correct sequence of the cloud migration phases?

Which of the following statements is NOT TRUE about the cloud computing approach to provisioning IT capacity vs. the traditional on-premises approach to provisioning IT capacity?

Mia??s company is doing a one-time migration of their videos database??about 34 TB??to AWS. The company is located in a fairly small town in Missouri, at least an hour??s drive from the nearest large city, and doesn??t do a great deal of data transfer online for normal business operations other than regular contact with customers through email or video conferences. Which of the following data transfer options is the best fit for Mia??s company?

Cloud economics is just about cost-benefit analysis of the cloud in monetary terms.

Henry runs a small business utilizing software that tracks his inventory. The software was last supported in the 90s. He needs to change the software he is using and run it in the cloud as it is no longer supported by his newer hardware. What migration strategy should he utilize?