SISA Updated CSPAI Exam Questions and Answers by mae

Leveraging foundation models like GPT or BERT for fintech involves fine-tuning with sector-specific data, such as transaction logs or market trends, to tailor for tasks like risk prediction, ensuring high accuracy without the overhead of scratch-building. This approach maintains efficiency by reusing pretrained weights, reducing training time and resources in SDLC, while domain adaptation mitigates generalization issues. It outperforms unadapted general models or fragmented specifics by providing cohesive, scalable solutions. Security is enhanced through controlled fine-tuning datasets. Exact extract: "Adopting a Foundation Model and fine-tuning with domain-specific data is most effective for leveraging existing models in fintech, balancing efficiency and accuracy." (Reference: Cyber Security for AI by SISA Study Guide, Section on Model Adaptation in SDLC, Page 105-108).

A secondary chatbot, powered by an LLM, acts as a fallback or supplementary assistant, handling complex or overflow queries when the primary system is insufficient. This enhances CX by ensuring continuity and depth in responses, with security benefits like isolating sensitive tasks to a monitored secondary layer. Unlike replacing primary systems or handling unrelated tasks, this role leverages LLMs’ flexibility to complement, not supplant, core functionalities. Exact extract: "LLMs as secondary chatbots serve as fallback assistants for complex queries, improving system resilience and user experience." (Reference: Cyber Security for AI by SISA Study Guide, Section on AI in Support Systems, Page 80-82).

Supply chain attacks in ML exploit vulnerabilities in the ecosystem, with the core ML model and training data being prime targets due to their foundational role in system behavior. Attackers might inject backdoors into pretrained models via compromised libraries (e.g., PyTorch or TensorFlow packages) or poison datasets during sourcing, leading to manipulated outputs or data exfiltration. This is more critical than targeting UI or hardware, as model/data compromises persist across deployments, enabling stealthy, long-term exploits like trojan attacks. Mitigation includes verifying model provenance, using secure repositories, and conducting integrity checks with hashing or digital signatures. In SISA guidelines, emphasis is on end-to-end supply chain auditing to prevent such intrusions, which could result in biased decisions or security breaches in applications like recommendation systems. Protecting these components ensures model reliability and data confidentiality, integral to AI security posture. Exact extract: "In supply chain attacks on machine learning, attackers critically target the underlying ML model and its training data to introduce persistent vulnerabilities." (Reference: Cyber Security for AI by SISA Study Guide, Section on Supply Chain Risks in AI, Page 145-148).

OCTAVE adapts to GenAI by emphasizing organizational risk perspectives, identifying critical assets like models and data, evaluating threats, and prioritizing mitigations through stakeholder collaboration. It fosters a strategic, enterprise-wide approach to AI risks, integrating business impacts. Exact extract: "OCTAVE emphasizes operational critical threat, asset, and vulnerability evaluation in GenAI risk assessment." (Reference: Cyber Security for AI by SISA Study Guide, Section on OCTAVE for AI, Page 255-258).