Automating a Bug Hunt and Leveraging the Power of AI

Test Your Skills

Multiple-Choice Questions

1. Which of the following is NOT a primary goal in the framework for external attack surface discovery and exploitation?

1. Discover

2. Monitor

3. Actionable insights

4. Patch management

2. What is the purpose of the Common Vulnerability Scoring System (CVSS)?

1. To predict the likelihood of a vulnerability being exploited

2. To communicate the characteristics and severity of software vulnerabilities

3. To list vulnerabilities that have been exploited in the wild

4. To generate exploit code for known vulnerabilities

3. What does EPSS stand for in the context of vulnerability assessment?

1. Exploit Prediction Scoring System

2. External Penetration Security System

3. Enhanced Protection Scanning Service

4. Exploit Prevention Scoring Standard

4. Which organization maintains the Known Exploited Vulnerabilities (KEV) Catalog?

1. NIST

2. OWASP

3. CISA

4. ISO

5. What is the primary purpose of the ProjectDiscovery Nuclei Scanner?

1. To generate AI models for vulnerability detection

2. To create vulnerability reports

3. To identify and mitigate security vulnerabilities across various platforms

4. To manage bug bounty programs

6. What type of file format does Nuclei use for its templates?

1. STIX

2. XML

3. YAML

4. TXT

7. What is LoRA in the context of AI model fine-tuning?

1. Low-range analysis

2. Low-rank adaptation

3. Linear optimization for rapid advancement

4. Logarithmic rational approximation

8. What does RAG stand for in the context of AI and bug bounty hunting?

1. Rapid attack generation

2. Retrieval-augmented generation

3. Risk assessment guide

4. Responsive AI governance

9. What is a potential challenge of using AI models with strong guardrails in bug bounty hunting?

1. Increased accuracy in vulnerability detection

2. Faster processing of large datasets

3. Limited ability to generate potentially malicious payloads for testing

4. Improved compliance with bug bounty program guidelines

10. What is a confabulation in the context of AI-assisted bug bounty hunting?

1. A visual glitch in the AI interface

2. A sudden increase in processing speed

3. Generation of factually incorrect or made-up information

4. A temporary loss of connection to the AI service

11. Which of the following is NOT a metric group in the Common Vulnerability Scoring System (CVSS) version 4.x?

1. Base

2. Threat

3. Environmental

4. Exploitation

12. What is the primary advantage of using QLoRA over traditional LoRA?

1. It allows for fine-tuning of larger models on limited hardware.

2. It increases the number of trainable parameters.

3. It eliminates the need for GPU acceleration.

4. It provides more accurate results in all scenarios.

13. What is the primary purpose of tool calling in AI agents for bug bounty hunting?

1. To generate more accurate vulnerability reports

2. To enable the AI to perform tasks using external tools

3. To improve the AI’s natural language processing capabilities

4. To create new exploits automatically using an IDE

14. What is the purpose of gradient accumulation in the context of AI model fine-tuning?

1. To increase the learning rate

2. To reduce memory constraints

3. To improve model accuracy

4. To speed up the training process