Unit 6 - Practice Quiz

INT347 60 Questions
0 Correct 0 Wrong 60 Left
0/60

1 What is the primary purpose of credential management in software bots?

Credential management Easy
A. To securely store and control access to passwords and usernames
B. To increase the processing speed of the bot
C. To design the user interface for the bot's dashboard
D. To write documentation for the bot's source code

2 Why are environment variables commonly used when deploying software bots?

Environment variables Easy
A. To track user mouse movements
B. To separate configuration values from the source code
C. To create graphical user interfaces
D. To directly compile the bot's code into machine language

3 Which of the following represents a best practice for secrets management?

Secrets management Easy
A. Saving API keys in plain text files on the desktop
B. Sharing secrets via unencrypted emails
C. Storing passwords in a secure, encrypted vault service
D. Hardcoding passwords directly into the bot's scripts

4 What does PII stand for in the context of data security and bot operations?

PII handling for filtering, transformation Easy
A. Personally Identifiable Information
B. Performance Indicator Implementation
C. Primary Index Identification
D. Program Interface Integration

5 Which technique is commonly used to protect sensitive PII during data transformation?

PII handling for filtering, transformation Easy
A. Increasing the font size of the data
B. Broadcasting the data to a public server
C. Data masking or anonymization
D. Data duplication

6 In OAuth2 implementation, what mechanism is typically used to grant a bot access to resources without sharing the user's actual password?

OAuth2 implementation Easy
A. Plain text passwords
B. Access tokens
C. IP addresses
D. Biometric scans

7 What is a recommended security practice for API key management?

API key management Easy
A. Never changing the key once it is generated
B. Using the same key for every application in the company
C. Publishing the keys on public code repositories
D. Rotating keys regularly and keeping them hidden

8 What is the main purpose of audit logging in bot operations?

Audit logging Easy
A. To generate marketing emails
B. To record a chronological trail of system activities and bot actions
C. To automatically fix syntax errors in the bot's code
D. To compress data files for storage

9 How does workflow versioning benefit software bot developers?

Workflow versioning Easy
A. It allows them to track changes and roll back to a previous stable state if errors occur
B. It deletes old data to save hard drive space
C. It automatically writes new code for the bot
D. It prevents the bot from needing any future updates

10 Under GDPR compliance patterns, what does the 'Right to erasure' allow users to do?

Compliance patterns as GDPR Easy
A. Request the deletion of their personal data from a system
B. Request that the bot runs faster
C. Request a change in the company's privacy policy
D. Request copies of the bot's source code

11 Which of the following is a core requirement of GDPR when bots process user data?

Compliance patterns as GDPR Easy
A. Storing all personal data indefinitely
B. Processing data in secret to prevent panic
C. Sharing user data with all third-party marketing agencies
D. Obtaining explicit user consent before processing personal data

12 Why is checking a bot's execution history important for system administrators?

Execution history Easy
A. To predict future stock market trends
B. To change the programming language of the bot
C. To review past runs, verify success, and investigate reasons for failures
D. To write the initial source code for the bot

13 What is the function of an error workflow in bot monitoring?

Error workflows for monitoring Easy
A. To delete the bot if it makes a mistake
B. To deliberately introduce bugs into the system for testing
C. To turn off the computer when an error occurs
D. To automatically alert administrators or execute recovery steps when a bot fails

14 Which performance metric measures the percentage of times a bot completes its intended task without failing?

Performance metrics as execution time, success rates Easy
A. Execution time
B. Bandwidth capacity
C. CPU temperature
D. Success rate

15 What does 'execution time' measure in the context of bot performance monitoring?

Performance metrics as execution time, success rates Easy
A. The amount of time the bot is turned off
B. The total duration it takes for the bot to complete a specific workflow
C. The time it takes to write the bot's code
D. The time it takes for a user to log into the dashboard

16 In bot optimization, what is a bottleneck?

Bottleneck identification Easy
A. A specific step or resource that slows down the entire workflow's performance
B. An upgrade to the server's hardware
C. A fast-executing line of code
D. A type of container used to store bot passwords

17 How does caching improve a software bot's performance?

Optimization techniques as API reduction, caching Easy
A. By writing data directly to a physical printer
B. By temporarily storing frequently accessed data to reduce redundant requests
C. By permanently deleting old files
D. By increasing the amount of power the CPU uses

18 Why is API reduction considered an effective optimization technique?

Optimization techniques as API reduction, caching Easy
A. It makes the bot's code longer and harder to read
B. It increases the amount of data the bot has to process
C. It forces the bot to use more memory
D. It minimizes network calls, reducing latency and avoiding rate limits

19 What is the primary goal of change management in a software bot's lifecycle?

Change management Easy
A. To constantly change the programming language of the bot
B. To randomly update passwords every hour
C. To ensure updates are tested, approved, and deployed without disrupting existing operations
D. To delete previous versions of the bot automatically

20 Why are good documentation practices essential for software bots?

Documentation practices Easy
A. To increase the execution speed of the bot's code
B. To automatically encrypt the bot's data
C. To satisfy the bot's hardware requirements
D. To help developers and operators understand the bot's logic, dependencies, and maintenance steps

21 Why is it a best practice to use environment variables rather than hardcoded configuration files for deploying a software bot across different environments (e.g., Dev, QA, Prod)?

Environment variables Medium
A. They enforce strict separation of code and configuration, allowing the same codebase to run in any environment.
B. They increase the execution speed of the bot by loading configurations directly into the CPU cache.
C. They prevent developers from reading the code by obfuscating the configuration keys.
D. They automatically encrypt all data passed to the bot's runtime memory.

22 A bot requires access to an external database. What is the most secure method for the bot to retrieve the database password at runtime?

Secrets management Medium
A. Pass the password as a command-line argument when executing the bot script.
B. Embed the password in a Base64-encoded configuration file.
C. Fetch the password from a centralized secrets manager (e.g., HashiCorp Vault) using a short-lived token.
D. Store the password in a compiled binary file alongside the bot executable.

23 A customer service bot reads incoming emails and logs the text for analytics. To comply with privacy standards, how should the bot handle Social Security Numbers (SSNs) found in the text?

PII handling for filtering Medium
A. Base64-encode the SSN to obscure it from plain sight.
B. Filter and mask the SSN locally within the bot's memory before writing the log to the database.
C. Encrypt the entire email using AES-256 before logging it.
D. Send the original text to the analytics database, but configure the database to hide the SSN column.

24 A bot needs continuous, long-term access to read files from a user's Google Drive. In an OAuth2 implementation, which token must the bot store securely to maintain this access without requiring the user to re-authenticate?

OAuth2 implementation Medium
A. Authorization code
B. ID token
C. Refresh token
D. Access token

25 To maintain high availability when rotating an API key for a production bot, what sequence of actions should a developer follow?

API key management Medium
A. Delete the old key, generate a new key, and update the bot.
B. Pause the bot, revoke the old key, generate the new key, and resume the bot.
C. Update the bot's code to accept any key, generate a new key, and delete the old key.
D. Generate a new key, update the bot's secrets to use the new key, verify successful execution, and then revoke the old key.

26 What is the primary purpose of maintaining an immutable audit log for a bot that processes financial transactions?

Audit logging Medium
A. To store temporary workflow state data between asynchronous API calls.
B. To provide a secure, chronological record of automated actions to prove compliance and trace anomalies.
C. To monitor the CPU and RAM usage of the bot during peak hours.
D. To cache financial data so the bot can restart quickly after a failure.

27 A team is updating a bot's workflow schema. Why is semantic versioning (e.g., moving from ) crucial when making breaking changes?

Workflow versioning Medium
A. It encrypts the workflow definition to prevent unauthorized modifications.
B. It guarantees that older versions of the bot will automatically upgrade themselves to the new version.
C. It ensures backward compatibility so currently running instances can finish using the schema while new triggers use .
D. It automatically merges the new workflow steps into the previous version's execution history.

28 Under GDPR, an individual invokes their 'Right to be Forgotten.' How does this requirement typically impact a bot's execution history and audit logs?

Compliance patterns as GDPR Medium
A. The execution history must be fully encrypted using a public key provided by the user.
B. The logs must be scrubbed or anonymized to remove specific user PII while preserving the integrity of the action history.
C. The bot must permanently delete all audit logs older than 30 days.
D. The bot must halt all future executions for all users until the specific user's data is verified.

29 A bot fails sporadically during a file parsing step. Which element of the execution history is most valuable for diagnosing the root cause of these sporadic failures?

Execution history Medium
A. The version number of the IDE used to develop the bot.
B. The total execution time of the successful runs.
C. The stack trace and specific input parameters recorded for the failed runs.
D. The memory utilization graph averaged over the last 30 days.

30 When a bot encounters a '503 Service Unavailable' HTTP error while calling a third-party API, what is the most robust error workflow implementation?

Error workflows for monitoring Medium
A. Implement an exponential backoff and retry mechanism before escalating to a human operator.
B. Send an email alert to the third-party API provider and wait indefinitely for a response.
C. Skip the API call and proceed with null data to ensure the bot finishes on time.
D. Immediately terminate the workflow and delete the processing queue.

31 Over the course of three months, a bot's execution time steadily increases from 5 seconds to 45 seconds, even though the daily transaction volume remains constant. What is the most likely cause of this degradation?

Performance metrics as execution time Medium
A. The CPU hardware is naturally degrading over time.
B. The bot is using an outdated version of OAuth2.
C. The bot is experiencing unbounded data growth in a target database, slowing down poorly indexed queries.
D. The execution history is automatically optimizing the bot's pathing.

32 A bot processes 1,000 requests. It completes 800 successfully. It encounters 150 'Business Exceptions' (e.g., account closed, missing required user input) and 50 'Technical Exceptions' (e.g., database timeout). How should the technical success rate be calculated to reflect the bot's system reliability?

Success rates Medium
A.
B.
C.
D.

33 A bot workflow takes 10 minutes to complete. Profiling shows that downloading files takes 1 minute, OCR processing takes 8 minutes, and database updates take 1 minute. What is the most effective architectural change to eliminate this bottleneck?

Bottleneck identification Medium
A. Parallelize the OCR processing step by distributing the workload across multiple bot workers.
B. Switch the database from SQL to NoSQL.
C. Compress the downloaded files before running them through OCR.
D. Increase the logging verbosity to better track the database updates.

34 A pricing bot queries an external REST API for the current USD-to-EUR exchange rate 10,000 times a day. The rate only changes once at midnight. What optimization technique should be applied?

Optimization techniques as API reduction Medium
A. Use a webhook to push the 10,000 queries to a separate microservice.
B. Convert the bot to use SOAP instead of REST for faster API queries.
C. Fetch the exchange rate once per day and cache it locally in memory or a fast data store.
D. Implement a retry loop for the API calls to ensure no timeouts occur.

35 When implementing caching for a software bot, what is the primary risk of setting the Time-To-Live (TTL) too high on cached objects?

Caching Medium
A. The external API provider will block the bot for under-utilization.
B. The bot may make decisions based on stale or outdated information.
C. The bot's CPU will overheat from managing the cache index.
D. The bot will exceed its allowed network bandwidth.

36 A critical financial bot requires an update to its calculation logic. To minimize risk, the operations team routes 5% of the workload to the updated bot and 95% to the old bot, monitoring for errors before a full rollout. What change management strategy is this?

Change management Medium
A. Canary release
B. A/B Testing
C. Blue-Green deployment
D. In-place upgrade

37 Which type of documentation is most critical for a Level 1 Support team tasked with resolving daily exceptions generated by a software bot?

Documentation practices Medium
A. The source code repository's commit history.
B. High-level architectural diagrams of the data center.
C. The initial business case and ROI calculations.
D. A Runbook detailing error codes, standard operating procedures, and escalation paths.

38 Why is it heavily recommended to use a dedicated 'Service Account' rather than a human user's credentials for running a software bot?

Credential management Medium
A. Service accounts are decoupled from employee lifecycles and can have strictly scoped permissions.
B. Service accounts automatically bypass multi-factor authentication natively without security risks.
C. Service accounts process background tasks faster at the operating system level.
D. Service accounts do not require passwords or secrets to authenticate.

39 A bot extracts dates from an old legacy system formatted as 'DD-MM-YY' and must input them into a modern CRM requiring ISO 8601 format ('YYYY-MM-DD'). What is the most reliable way to handle this transformation?

Transformation Medium
A. Input the string as-is and rely on the CRM to auto-correct the format.
B. Change the system timezone of the bot's server to match the CRM.
C. Remove the dashes from the string so the CRM treats it as an integer.
D. Use a dedicated date-parsing library to ingest the legacy string and output an explicitly formatted ISO string before the CRM upload.

40 A bot processes customer refunds. If the bot attempts to refund an account that is already closed, it throws a 'ClosedAccountException'. How should the error workflow categorize and handle this exception?

Error workflows for monitoring Medium
A. As a compliance breach; the bot must delete all logs associated with this customer.
B. As a business exception; the bot should log the business rule violation, notify the user, and proceed to the next transaction.
C. As a fatal crash; the bot should terminate immediately to protect data integrity.
D. As a system error; the bot should retry indefinitely until the account reopens.

41 A distributed software bot fleet processes 10,000 tasks per minute. The third-party API mandates automated secret rotation every 12 hours. Which architectural pattern best ensures zero-downtime secret rotation while minimizing central secret manager API rate limit exhaustion?

Secrets management Hard
A. Restarting the entire bot fleet exactly when the secret rotates to fetch the new secret via environment variables.
B. Utilizing an in-memory secret cache with a Time-To-Live (TTL) slightly less than the rotation period, utilizing an asynchronous background worker to pre-fetch the upcoming secret.
C. Making a synchronous call to the secrets manager for every API request to guarantee the most current secret is used.
D. Hardcoding two active secrets and failing over to the secondary secret only when an HTTP 401 Unauthorized response is received.

42 A bot parses unstructured customer support emails to extract intent before forwarding payloads to a third-party analytics API. To prevent PII leakage, static regex filtering is currently used but fails on edge cases like misspellings and non-standard ID formats. What is the most robust mitigation strategy?

PII handling for filtering Hard
A. Implement a Named Entity Recognition (NER) machine learning model in the pipeline to dynamically identify and redact PII before transmission.
B. Expand the regex dictionary to include all known variations and misspellings of names, addresses, and ID numbers.
C. Encrypt the entire payload using AES-256 before sending it to the analytics API.
D. Hash all string values using SHA-256 to ensure no plaintext PII is transmitted.

43 A highly concurrent multi-threaded bot uses OAuth2. When the access token expires, multiple threads simultaneously attempt to use the refresh token. The authorization server invalidates the refresh token upon the first use (Refresh Token Rotation), causing subsequent threads to fail and the bot to log out. How should this race condition be resolved?

OAuth2 implementation Hard
A. Disable Refresh Token Rotation on the authorization server to allow the same refresh token to be used indefinitely.
B. Increase the lifespan of the access token to 30 days to statistically reduce the probability of simultaneous refresh attempts.
C. Implement a distributed lock (e.g., via Redis) around the token refresh function, ensuring only one thread refreshes the token while others wait and use the newly fetched token.
D. Store the access token in thread-local storage so each thread maintains its own independent OAuth2 session.

44 In a distributed bot architecture handling sensitive financial transactions, an attacker compromises a worker node and attempts to alter local audit logs to hide unauthorized transfers. Which implementation provides the strongest guarantee of non-repudiation and tamper evidence for the audit trail?

Audit logging Hard
A. Periodically batching logs and uploading them to an S3 bucket with versioning enabled.
B. Hashing the log files locally using MD5 every hour and storing the hashes in memory.
C. Writing logs to a localized SQLite database configured with strict read-only file permissions.
D. Streaming log events synchronously to a centralized, append-only cryptographic ledger (WORM storage).

45 A stateful orchestration bot manages a long-running workflow (e.g., employee onboarding) that can take 30 days. You need to deploy a new version (v2) of the workflow that drastically changes the state machine schema. How should you manage existing in-flight v1 workflows?

Workflow versioning Hard
A. Utilize a side-by-side deployment (version pinning) where active v1 workflows continue routing to v1 logic, while new initiations are routed to v2.
B. Apply an immediate database migration to map all active v1 states to the nearest equivalent v2 state.
C. Halt the bot fleet until all v1 workflows naturally complete, then deploy v2.
D. Force-terminate all v1 workflows and restart them under the v2 schema to ensure consistency.

46 A bot uses an Event Sourcing architecture where all state changes are stored as an immutable sequence of events. A user invokes their GDPR 'Right to be Forgotten'. How can the system comply without violating the immutability constraint of the event log?

Compliance patterns as GDPR Hard
A. Delete the entire event log and rebuild the application state from a sanitized daily snapshot.
B. Issue an 'UPDATE' command to overwrite the user's data in the event store with NULL values.
C. Utilize crypto-shredding by encrypting the user's PII with a unique key, and deleting that key when erasure is requested.
D. Append a 'UserDeleted' event to the log which tells the UI to hide the user's data, while keeping the plaintext PII in the historical log.

47 A bot relies on a downstream API that is currently experiencing a cascading failure. Continuous retries from your bot fleet are exacerbating the downstream outage. Which combination of error handling patterns is best suited to allow the downstream service to recover while maintaining system stability?

Error workflows for monitoring Hard
A. Dead Letter Queues (DLQ) with immediate synchronous reprocessing.
B. A Circuit Breaker pattern coupled with Exponential Backoff and Jitter.
C. Linear retries with a fixed 1-second delay.
D. Catch-all exception handling that silently drops failed requests.

48 A bot engineer parallelizes a data-fetching workflow. The workflow takes seconds sequentially. Only of the workflow can be parallelized. According to Amdahl's Law, what is the theoretical maximum speedup factor as the number of parallel threads approaches infinity?

Performance metrics as execution time Hard
A. $1.25$
B. $4$
C. $5$
D. $100$

49 Monitoring dashboards for an asynchronous Node.js bot show low CPU utilization (), high memory usage that plateaus, and an execution time that degrades linearly as concurrent tasks increase. The network bandwidth is significantly underutilized. What is the most likely bottleneck?

Bottleneck identification Hard
A. Exhaustion of the HTTP connection pool (Socket starvation) leading to queued asynchronous I/O requests.
B. A memory leak in the Node.js event loop causing Garbage Collection pauses.
C. A synchronous, CPU-intensive cryptographic function blocking the main thread.
D. CPU throttling by the cloud provider.

50 A bot needs to sync user profiles and their associated recent orders from a REST API. Currently, it fetches users (1 call), then iterates through the 1,000 users to fetch orders for each ($1,000$ calls), resulting in rate limiting (the N+1 problem). Which technique best minimizes API calls while ensuring data integrity?

Optimization techniques as API reduction Hard
A. Increasing the HTTP timeout limit to allow the 1,000 calls to complete slowly.
B. Implementing aggressive localized caching of user profiles.
C. Using webhooks to trigger order fetches instead of polling.
D. Utilizing request coalescing/batching by modifying the endpoint call to accept an array of User IDs, retrieving all data in a single call.

51 A team must deploy a breaking schema change to a bot's backend database, alongside updated bot logic. They require zero downtime and the ability to roll back instantly if the new bot logic fails. Which deployment strategy fulfills these requirements?

Change management Hard
A. A Blue-Green Deployment using the 'Expand and Contract' (Parallel Schema) pattern.
B. A Canary Deployment rolling out the new bot logic to 5% of traffic using the old database schema.
C. A standard Rolling Update of the bot fleet followed immediately by the database migration script.
D. An immutable infrastructure rebuild destroying the old database and restoring data to the new schema.

52 When developing enterprise software bots that interact with multiple evolving internal APIs, what is the most effective documentation practice to prevent 'doc drift' regarding bot capabilities and required payloads?

Documentation practices Hard
A. Creating separate Confluence pages for each API the bot touches, updated manually after every sprint.
B. Maintaining comprehensive PDF manuals updated bi-annually by technical writers.
C. Relying solely on inline code comments, as developers will always read the source code.
D. Using an automated pipeline that generates OpenAPI/Swagger definitions directly from the bot's codebase annotations and API schemas.

53 A bot running on an AWS EC2 instance needs to securely access an S3 bucket. To adhere strictly to the Principle of Least Privilege and avoid hardcoded credentials, which approach should be implemented?

Credential management Hard
A. Use a root AWS account to generate a pre-signed URL with no expiration date for the S3 bucket.
B. Assign an IAM Role with a policy restricted to the specific S3 bucket directly to the EC2 instance profile to provision temporary, auto-rotating credentials.
C. Hardcode the credentials in the application source code but ensure the code repository is private and encrypted.
D. Create an IAM User, generate long-lived Access Keys, and store them securely in the EC2 instance's environment variables.

54 While environment variables are commonly used for configuration, they pose a security risk in containerized bot deployments if an application crashes. What is the specific vulnerability, and how is it best mitigated?

Environment variables Hard
A. Environment variables bypass network firewalls; mitigate by restricting inbound port access.
B. Environment variables can be dumped to logs during stack traces or crash dumps; mitigate by using secret managers to inject credentials at runtime directly into memory.
C. Environment variables are visible in URL parameters; mitigate by using HTTP POST methods.
D. Environment variables cannot be encrypted at rest; mitigate by storing configurations in plaintext JSON files.

55 A bot aggregates user behavior data to train an AI model. To preserve privacy, names are pseudonymized. However, an attacker uses external datasets to cross-reference timestamp, zip code, and gender to re-identify users. Which transformation technique should be applied to the dataset to mathematically guarantee against this linkage attack?

PII handling for transformation Hard
A. Symmetric encryption of the zip code and gender columns.
B. Using MD5 hashing on the timestamp column.
C. Applying k-anonymity so that every record is indistinguishable from at least other records with respect to quasi-identifiers.
D. Base64 Encoding the entire dataset.

56 An API key utilized by a heavily distributed external partner bot has been compromised. Immediate revocation will cause a catastrophic outage for the partner's critical systems. What is the safest immediate mitigation strategy that secures the system while maintaining partner uptime?

API key management Hard
A. Throttle the API key to 1 request per minute to discourage the attacker.
B. Implement IP-address allowlisting on the existing API key restricted to the partner's known egress IPs, while initiating a dual-key rotation phase.
C. Immediately delete the key and wait for the partner to request a new one via email.
D. Change the API endpoint URLs so the compromised key no longer routes to sensitive data.

57 A serverless bot executes millions of micro-tasks daily. Storing the full execution history in a relational database for debugging is causing massive storage costs and database locks. Which architectural adjustment optimizes both performance and cost for execution history?

Execution history Hard
A. Switch the relational database to an in-memory database like Redis for all historical data.
B. Write the execution history directly to the local filesystem of the serverless function.
C. Implement asynchronous write-behind logging, capturing events to a fast message queue (e.g., Kafka) which batch-writes to inexpensive cold storage (e.g., S3/Glacier).
D. Disable execution history logging entirely to prioritize runtime performance.

58 A bot retrieves dynamic configuration data that updates unpredictably. The cache is set to expire every 60 seconds. When the cache expires under high load, thousands of bot threads simultaneously query the underlying database, causing a crash. What is the optimal caching strategy to prevent this 'Cache Stampede'?

Optimization techniques as caching Hard
A. Use a Write-Through cache so all read requests are immediately passed to the database.
B. Implement a Cache-Aside pattern with Probabilistic Early Expiration (Cache Jitter) or a Mutex lock for cache recalculation.
C. Increase the Cache TTL to 24 hours to reduce the frequency of expirations.
D. Bypass the cache entirely and scale up the underlying database vertically to handle the load.

59 When implementing the OAuth2 Authorization Code flow for a bot running on a headless server without a guaranteed secure client secret storage, why must PKCE (Proof Key for Code Exchange) be utilized?

OAuth2 implementation Hard
A. It encrypts the payload data natively without needing TLS/HTTPS.
B. It allows the bot to bypass the user consent screen during the authentication flow.
C. It replaces the need for an Access Token by continuously rotating the client ID.
D. It maps the authorization code to a dynamically generated cryptographically random string (code verifier), preventing authorization code interception attacks.

60 A webhook-driven bot heavily relies on external payload schemas. The external provider announces a move from API v1 to v2, adding new fields but not removing any old ones. According to semantic versioning and robust workflow design, how should the bot's payload validation logic be structured to handle this?

Workflow versioning Hard
A. Immediately upgrade the bot to expect only v2 schemas, causing it to drop any lingering v1 webhooks.
B. Design the bot using the Tolerant Reader pattern, accepting the payload as long as the necessary v1 fields are present, ignoring the new additions.
C. Create a complex regular expression to parse the raw JSON string instead of deserializing it into an object.
D. Implement strict schema validation that throws an error if unmapped/unknown fields are detected in the payload.