(2 points) What is the purpose of Dijkstra’s algorithm? (5 p…
(2 points) What is the purpose of Dijkstra’s algorithm? (5 points) Write Dijkstra’s algorithm for a graph G(V,E). (3 points) Trace the algorithm for the following graph: Fill in the table: Source Vertex A Shortest distance from A Previous vertex – – – – –
Read DetailsAre the following statements True/False? Explain your reason…
Are the following statements True/False? Explain your reasoning in no more than two sentences8.1. Increasing the entropy of a cryptographic key reduces its predictability and improves its resistance to brute-force attacks. (1 point) 8.2. Because modeling is an abstraction of the system that will surely miss a lot of details, when we do modeling, we should model the system to as much detail as possible in all perspectives, such that the model is more realistic and a better approximation to the real system. (1 point) 8.3. Clustering is a supervised learning method. (1 point) 8.4. The difference between supervised learning and unsupervised learning is that supervised learning aims to identify patterns within data, while unsupervised learning focuses on predicting outcomes based on labeled examples. (1 point) 8.5. A basic backdoor attack requires modifying all training data samples with the same unique trigger to embed malicious behavior into the model. (1 point) 8.6. A Backdoor Attack requires the attacker to have full access to the model parameters during training. (1 point) 8.7. Access Control Lists are more suitable than Capabilities Lists for distributed systems because permissions are managed centrally. (1 point) 8.8. In a system using Access Control Lists, permissions are attached to users as tokens, making it suitable for distributed environments. (1 point)
Read DetailsAI Failure in Self-Driving Car Scenario: An AI system contr…
AI Failure in Self-Driving Car Scenario: An AI system controls a self-driving car. During heavy rain, the car struggles to correctly detect lane markings, causing it to behave erratically.The AI vision module was trained mainly on clear, dry-weather datasets. No real-world rainy conditions were simulated or included in training.10.1. Short Answer: Identify two major machine learning issues that caused the car’s lane detection failure. (Be specific: e.g., generalization error, dataset bias, etc.) (2 points) 10.2. True/False: Give reasoning for your answer. (1 point) Overfitting to dry-weather images is a likely cause of the car’s poor generalization during rain. 10.3. Short Answer: (2 points) Suggest one immediate operational mitigation that could be deployed while improving the AI model long-term.10.4. Multiple Choice: (1 point)In a functional safety analysis (ISO 26262 or similar), what would be the risk level of the erratic driving during rain?A) Low Risk — because it’s rareB) Medium Risk — because it happens only during rainC) High Risk — because it could cause injury or deathD) No Risk — since the system is autonomous and learns 10.5. True/False: Give reasoning for your answer.(1 point) If the AI fails during rain and causes an accident, liability could potentially fall on the developers who trained the system. 10.6. Essay (8–10 sentences): (3 points) Explainable AI (XAI) refers to a set of methods and techniques that make AI models more transparent and understandable to humans. Describe how Explainable AI (XAI) techniques could be applied to better understand why the lane detection model fails during rain and how this insight could guide safer model updates.
Read Details15.1. Short Answer – Security Properties (2 points) Identify…
15.1. Short Answer – Security Properties (2 points) Identify two security mechanisms in this scenario that maintain confidentiality or integrity, and explain what threat each mitigates. 15.2. Multiple Choice (1 point) Why is DNS amplification effective for DDoS? a) Uses DNSSEC keys to overload CPU b) Small queries → large responses → bandwidth exhaustion c) Requires insider access to DNS servers d) Hijacks routing tables to redirect traffic. 15.3. True/False: Give reasoning for your answer. (1 point) “In IPsec tunnel mode, the entire original IP packet is encrypted, including the original header. 15.4. Scenario – Threat Analysis (2 points) If the employee clicks the phishing link, what two attacks become possible even though TLS is still used securely? 15.5. True/False: Give reasoning for your answer. (1 point) “Stealing an SSH private key alone guarantees unauthorized access. 15.6 Scenario for Questions 15.7- 15.9 (DFD + Trust Boundaries + Threat Modeling) A Data Flow Diagram (DFD) shows: Mobile App → Web Server → Internal DB. Authentication happens at Web Server. Sensitive data crosses the Internet. 15.7. Scenario-Based (2 points) Identify one trust boundary in the system and explain why this boundary increases attack surface exposure. 15.8. Multiple Choice (1 point) Crossing a trust boundary typically implies: a) Same security assumptions on both sides b) Privilege, authentication, or trust level changes c) Traffic is automatically encrypted d) No need for logging or monitoring 15.9. True/False: Give reasoning for your answer. (1 point) “If TLS is implemented correctly, a Man-in-the-Middle on the network cannot read or modify data in transit.
Read DetailsRead the following scenario and identify which type of threa…
Read the following scenario and identify which type of threat it represents according to the STRIDE model. Provide a brief justification (two to four sentences) for your choice. 4.1. A malicious insider with limited privileges gains access to the organization’s CI/CD pipeline and alters the source code of a production application before deployment. The modified code introduces backdoor instructions that allow remote command execution after release. (3 points) 4.2. A threat actor crafts a fake government COVID-19 relief website identical to the real one, tricking citizens into logging in and submitting their SSN and bank account details. The attacker then uses the stolen credentials to access victims’ financial accounts. (3 points) 4.3. A cloud storage provider experiences an outage, making an enterprise unable to access critical operational documents required for emergency response coordination. No data is stolen or modified, but operations halt for several hours. (3 points)
Read Details