Lesson 1.3 Quiz: AI-Driven Threats

AP Cyber Hub Unit 1 1.1 ▼ Lesson Ex 1 Ex 2 Lab Quiz 1.2 ▼ Lesson Ex 1 Ex 2 Lab Quiz 1.3 ▼ Lesson Ex 1 Ex 2 Lab Quiz 1.4 ▼ Lesson Ex 1 Ex 2 Lab Quiz 1.5 ▼ Lesson Ex 1 Ex 2 Lab Quiz

Unit 1 · Lesson 1.3 Progress Check

Lesson 1.3 Quiz: AI-Driven Threats

5 questions — Answer each question, then check your score below.

Score: 0 / 0 Answered questions update automatically

Q1 Deepfake Detection

A security team receives a video call from someone who appears to be the CEO, requesting an emergency wire transfer. The video and voice quality are normal. Which of the following BEST explains why traditional authentication fails in this scenario?

(A) The CEO's account password was likely compromised in a prior breach (B) Deepfakes replicate visual and audio cues that humans rely on for identity verification (C) Wire transfer systems do not support multi-factor authentication (D) The attackers exploited a zero-day vulnerability in the video conferencing platform

Traditional identity verification relies on recognizing a person's face, voice, and mannerisms. Deepfake technology replicates these cues synthetically, bypassing the human cognitive shortcuts we use to confirm identity. MFA and passwords are irrelevant here because the attacker is not attempting to log in — they are impersonating a person in real time. A zero-day vulnerability (D) is unrelated to the social deception at play.

(A) Incorrect — password compromise is about account access, not impersonation in a live call.

(C) Incorrect — MFA is about authentication to a system, not to a human in a call.

(D) Incorrect — no software vulnerability is exploited; the attack is purely social engineering.

AP Exam Tip: The AP exam distinguishes between technical exploits and social engineering. Deepfake attacks are social engineering — they bypass human judgment, not software controls.

Q2 AI-Driven Attack Characteristics

Which of the following statements about AI-powered cyberattacks are TRUE?

I. AI can generate spear-phishing emails that include accurate personal details scraped from public social media profiles.
II. AI-driven malware can dynamically alter its own code at runtime to evade signature-based detection.
III. AI-powered attacks always require manual confirmation from the attacker before each individual action is executed.

(A) I only (B) I and II only (C) II and III only (D) I, II, and III

Statement I is accurate: AI models can mine LinkedIn, Twitter, and other platforms to build detailed profiles used in highly personalized spear-phishing. Statement II is accurate: AI-driven polymorphic malware can rewrite portions of its own code or obfuscate behavior at runtime, defeating static signature databases. Statement III is false — the defining danger of AI-powered attacks is autonomous execution at scale. Requiring human approval per action would eliminate that speed advantage entirely.

(A) Incomplete — Statement II is also true.

(C) Incorrect — Statement III is false; AI attacks execute autonomously.

(D) Incorrect — Statement III is false.

AP Exam Tip: On I/II/III questions, identify any false statement first. One provably false statement eliminates every answer choice containing it.

Q3 Spot the Error

A student writes the following notes after studying AI-driven threats. Which statement contains an ERROR?

(A) AI can analyze writing style to craft phishing messages that match a target's expected communication tone (B) Adversarial inputs are crafted to cause AI classifiers to misidentify malicious content as benign (C) Deepfake detection tools are currently 100% reliable when analyzing real-time video streams (D) AI-powered vulnerability scanners can identify unpatched software weaknesses faster than manual review

Deepfake detection is an active and imperfect field of research. No tool achieves 100% reliability, especially on real-time video where compression artifacts, lighting changes, and processing latency all reduce accuracy. As deepfake quality improves, detection tools must continuously adapt. Options A, B, and D are all accurate statements about AI capabilities in cybersecurity.

(A) Correct — AI can model writing style and replicate it convincingly in spear-phishing.

(B) Correct — adversarial attacks exploit AI model blind spots by crafting specially designed inputs.

(D) Correct — AI-powered scanners dramatically accelerate vulnerability discovery.

AP Exam Tip: Spot-the-error questions often include one statement with an absolute word like "always," "never," or "100% reliable." These absolutes are almost always the error.

Q4 AI Malware Evasion

A security analyst notices that a piece of malware consistently evades the company's antivirus software even after the signatures are updated. The malware appears to behave differently on each infected machine. Which type of malware MOST LIKELY explains this behavior?

(A) A worm that propagates through network shares (B) A rootkit embedded in the system firmware (C) AI-driven polymorphic malware that modifies its signature at each execution (D) Ransomware that encrypts files before antivirus scans complete

The two key clues are: (1) the malware evades updated signatures, and (2) it behaves differently on each machine. This is the defining behavior of polymorphic malware — it mutates its own code or obfuscation pattern, generating a new signature on each execution. AI-driven versions do this more effectively by predicting what detection patterns to avoid. Worms (A) propagate but don't necessarily evade detection. Rootkits (B) persist through low-level access but don't change signatures dynamically. Ransomware (D) encrypts files but doesn't inherently evade updated AV signatures.

(A) Incorrect — worm propagation is about spreading, not signature evasion.

(B) Incorrect — rootkits hide processes but don't dynamically alter their own code to defeat signature updates.

(D) Incorrect — ransomware behavior is about file encryption, not signature polymorphism.

AP Exam Tip: Know the distinction: polymorphic malware changes its signature; metamorphic malware rewrites its entire code. Both evade signature-based detection. The AP exam may ask you to distinguish these from worms, rootkits, and ransomware.

Q5 AI Defense Limitations

An organization installs an AI-powered intrusion detection system (IDS) that was trained on historical attack data. Six months later, a novel attack method that was not present in the training data successfully penetrates the network undetected. This failure BEST illustrates which limitation of AI-based security tools?

(A) AI-based tools require more computing power than traditional IDS solutions (B) AI models struggle to detect attack patterns they were not trained on (C) AI-based IDS cannot be integrated with existing network infrastructure (D) Human operators cannot interpret the alerts generated by AI security systems

This is a textbook example of an AI model's generalization limitation. ML-based IDS systems learn to recognize patterns from training data. When attackers use novel techniques not represented in that data, the model has no reference pattern to match, leading to false negatives (missed detections). This is why AI security tools must be continuously retrained as the threat landscape evolves, and why human oversight remains essential.

(A) Incorrect — compute requirements are a deployment concern, not the cause of the failure described.

(C) Incorrect — integration challenges are real but not the issue in this scenario.

(D) Incorrect — alert interpretability is a usability issue, not the cause of the detection failure.

AP Exam Tip: The AP exam frequently tests the concept that AI is limited by its training data. For cybersecurity specifically, this means AI defenses can be defeated by attack methods they have never seen — a key argument for combining AI detection with human analysis.

Quiz Complete

out of 5

Back to Course Hub Take Unit 1 Exam →

← Back to Lab Course Hub Lesson 1.4 →

Get in Touch

Whether you're a student, parent, or teacher — I'd love to hear from you.

Just want free AP CS resources?

Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.

Typically responds within 24 hours

✓

Message Sent!

Thanks for reaching out. I'll get back to you within 24 hours.

Name *

Email *

I am a... (optional)

Which course? (optional)

Phone (optional)

How did you find us? (optional)

🏫 Welcome, fellow educator!

I offer curriculum resources, practice materials, and study guides designed for AP CS teachers. Let me know what you're looking for — whether it's classroom materials, a guest speaker, or Teachers Pay Teachers resources.

Message (optional — leave blank if just subscribing)

Send me free AP CS exam tips — daily practice questions, study resources, and exam strategies. + 20% OFF TUTORING
Unsubscribe anytime.

✉

tanner@apcsexamprep.com

📚

Courses

AP CSA, CSP, & Cybersecurity

⏱

Response Time

Within 24 hours

Prefer email? Reach me directly at tanner@apcsexamprep.com