{
  "module": "S02 — Bug Bounty Harness Engineering",
  "course": "2A — Building AI Harnesses for Cybersecurity",
  "version": "1.0.0",
  "duration_minutes": 45,
  "total_questions": 20,
  "bloom_distribution": {
    "target": "20% recall / 40% application / 40% analysis-design",
    "actual": { "recall": 4, "application": 8, "analysis": 8 }
  },
  "passing_score_percent": 70,
  "questions": [
    { "id": "Q01", "bloom": "recall", "type": "multiple_choice", "prompt": "Why is the context window insufficient for bug bounty engagement memory?", "options": ["It is too slow", "It fills and compacts, losing knowledge across sessions. Engagements span days/weeks; context is a session primitive, not persistence", "It costs too many tokens", "It cannot store structured data"], "answer_index": 1, "rationale": "The context window compacts, losing discovered infrastructure across sessions. A persistent store (ChromaDB) is required for engagement-scoped memory." },
    { "id": "Q02", "bloom": "recall", "type": "multiple_choice", "prompt": "Name the four tiers of the bug bounty tool suite.", "options": ["Scan, attack, report, archive", "Recon, web application, evidence, report", "Discovery, exploitation, documentation, billing", "OSINT, network, application, physical"], "answer_index": 1, "rationale": "Recon (nmap/amass/httpx/nuclei), web application (Burp/sqlmap/ffuf), evidence (Playwright/CVE/CVSS), report (structured finding generator)." },
    { "id": "Q03", "bloom": "recall", "type": "multiple_choice", "prompt": "What are the five stages of the triage pipeline?", "options": ["Scan, filter, report, archive, delete", "Raw finding → dedup → severity → enrichment → model-judged triage → surface/batch/discard", "Find, verify, score, report, close", "Detect, analyze, prioritize, remediate, verify"], "answer_index": 1, "rationale": "Dedup, severity scoring (CVSS draft), context enrichment (CVE/CWE), model-judged triage (secondary LLM), then route to surface/batch/discard." },
    { "id": "Q04", "bloom": "recall", "type": "multiple_choice", "prompt": "What precision and recall does a good triage pipeline target?", "options": ["50% precision, 50% recall", ">90% precision, >80% recall", "100% precision, 50% recall", "70% precision, 70% recall"], "answer_index": 1, "rationale": "Below 80% precision buries the operator in FPs. Below 70% recall misses real vulns. F1 is the harmonic mean." },
    { "id": "Q05", "bloom": "application", "type": "multiple_choice", "prompt": "You are building a bug bounty harness for a single-target engagement. Which vector store?", "options": ["Qdrant (production-grade, horizontal scale)", "ChromaDB (in-process, engagement-scoped volume)", "LanceDB (columnar for analytics)", "PostgreSQL with pgvector"], "answer_index": 1, "rationale": "ChromaDB is the default for engagement-scoped memory (<1M records). Runs in-process, no server. Qdrant for multi-target continuous monitoring." },
    { "id": "Q06", "bloom": "application", "type": "multiple_choice", "prompt": "An nmap scan finds port 443 open on a target you scanned yesterday. What does the memory do?", "options": ["Insert a new duplicate record", "Update the existing record (refresh last_seen, merge data)", "Delete the old record and insert new", "Ignore it — already known"], "answer_index": 1, "rationale": "Structured dedup at write time: duplicates update the existing record, not insert. The store grows with unique knowledge." },
    { "id": "Q07", "bloom": "application", "type": "multiple_choice", "prompt": "A nuclei scan produces 200 raw findings. After triage, 3 are surfaced. What happened to the other 197?", "options": ["They were deleted", "They were batched or discarded — confirmed FPs/out-of-scope logged but not surfaced; medium/low batched for the report", "They were lost due to a bug", "They were sent to the client as-is"], "answer_index": 1, "rationale": "The triage pipeline deduplicates, enriches, and model-judges each finding. Only critical/high exploitable in-scope findings surface immediately. Others batch or discard." },
    { "id": "Q08", "bloom": "application", "type": "multiple_choice", "prompt": "A target HTTP response contains an injection payload. The harness writes it to engagement memory. What went wrong?", "options": ["Nothing — target responses are trusted", "Raw response was written verbatim instead of a structured summary. Poisoned data persists across sessions. Only structured summaries (from Reader Model) should enter the store", "The scope file was wrong", "The rate limiter failed"], "answer_index": 1, "rationale": "Memory poisoning defense: only structured summaries from the Reader Model enter the store. Raw responses that may contain injection must never be written verbatim." },
    { "id": "Q09", "bloom": "application", "type": "multiple_choice", "prompt": "Your triage pipeline has 60% precision. What does this mean, and what is the consequence?", "options": ["60% of real vulns are found — missing 40%", "Of findings surfaced, only 60% are real — the operator is buried in 40% false positives", "60% of findings are critical", "The pipeline runs at 60% speed"], "answer_index": 1, "rationale": "Precision = of surfaced findings, how many are real. 60% precision means 40% of surfaced findings are false positives. Below 80% buries the operator in noise." },
    { "id": "Q10", "bloom": "application", "type": "multiple_choice", "prompt": "You need to prove to a client that your finding was obtained legally. Which evidence record field is the legal anchor?", "options": ["tool_version", "scope_ref (target::action::timestamp)", "cvss_draft", "trace_id"], "answer_index": 1, "rationale": "scope_ref ties the evidence to the specific scope entry that authorized the call. It is the load-bearing field for legal protection — without it, the chain cannot prove authorization." },
    { "id": "Q11", "bloom": "application", "type": "multiple_choice", "prompt": "Someone tampers with evidence record #5 in a hash-chained log of 100 records. What happens?", "options": ["Nothing — the log is append-only", "Record 5's hash changes, breaking the chain at record 6. The tamper is detectable", "The entire log is corrupted", "Only record 5 is affected"], "answer_index": 1, "rationale": "Hash chaining: each record includes the hash of the previous. Tampering with record 5 changes its hash, which breaks record 6's reference. The tamper is detectable at the next record." },
    { "id": "Q12", "bloom": "application", "type": "multiple_choice", "prompt": "Why does the same model that found a vulnerability NOT judge its own severity?", "options": ["It would be too slow", "Confirmation bias — the finder's enthusiasm biases the assessment. A separate triage model provides independent judgment", "The model cannot score CVSS", "It would cost too many tokens"], "answer_index": 1, "rationale": "Model-judged triage uses a SEPARATE LLM. The primary model found the finding; the triage model judges it. This separation prevents confirmation bias." },
    { "id": "Q13", "bloom": "analysis", "type": "multiple_choice", "prompt": "Why is rate limiting described as both a legal control AND a stealth control?", "options": ["It isn't — it's only legal", "Legal: § 1030(a)(5) DoS mitigation. Stealth: tripping a WAF gets your IP banned and ends the engagement. Rate limiting serves both purposes", "It's only for performance", "It prevents prompt injection"], "answer_index": 1, "rationale": "Rate limiting prevents DoS (legal, § 1030(a)(5)) AND avoids detection (operational, WAF evasion). Both purposes are served by scanning below the target's visible tolerance." },
    { "id": "Q14", "bloom": "analysis", "type": "multiple_choice", "prompt": "The scope middleware checks every outbound call. Why does the TOOL also implement its own scope check?", "options": ["Redundancy for performance", "Defense in depth — if middleware is bypassed (misconfiguration, bug, routing change), the tool's check is the last line of defense", "It's required by Pydantic", "To reduce token usage"], "answer_index": 1, "rationale": "Belt and suspenders. Two independent scope checks: middleware (architectural) and tool (per-tool). If one fails, the other catches it." },
    { "id": "Q15", "bloom": "analysis", "type": "multiple_choice", "prompt": "Why does the tool return structured output to the model but retain raw output separately?", "options": ["Structured output is faster to generate", "Structured output: model reasons about typed fields, reducing injection risk and context bloat. Raw retained for evidence but not in model context", "Raw output is too large for the database", "Structured output is required by Pydantic"], "answer_index": 1, "rationale": "The model sees structured fields (ports, services, findings) — clean and typed. Raw output (which may contain injection) is retained for the evidence chain but never enters the model's context." },
    { "id": "Q16", "bloom": "analysis", "type": "multiple_choice", "prompt": "Compare writing raw tool output to memory vs. writing structured summaries. Which is correct and why?", "options": ["Raw output — more complete", "Structured summaries only — raw output may contain injection that persists across sessions, corrupting future decisions", "Both — for redundancy", "Neither — memory should be manual"], "answer_index": 1, "rationale": "Raw target responses may contain injection payloads. Writing them verbatim means poisoned data persists across sessions. Only structured summaries (from the Reader Model) enter the store." },
    { "id": "Q17", "bloom": "analysis", "type": "multiple_choice", "prompt": "A team dumps 200 raw nuclei findings into the client report. What principle did they violate?", "options": ["Scope enforcement", "Triage — the harness's job is to triage, not dump raw scanner output. 200 raw findings is noise, not signal", "Evidence chaining", "Rate limiting"], "answer_index": 1, "rationale": "The raw-dump report anti-pattern. The triage pipeline exists to turn 200 raw findings into 1-3 actionable reports. Dumping raw output overwhelms the client with false positives." },
    { "id": "Q18", "bloom": "analysis", "type": "multiple_choice", "prompt": "Why is the evidence log append-only rather than allowing updates?", "options": ["For performance", "Integrity and chain validity. Append-only ensures no record is altered after capture. Destruction is batch-level per the retention policy, with destruction itself recorded", "To save disk space", "Append-only is required by ChromaDB"], "answer_index": 1, "rationale": "Append-only preserves the hash chain's integrity. If records could be modified, tampering would be undetectable. Destruction happens at batch level (per retention class) with the destruction recorded." },
    { "id": "Q19", "bloom": "analysis", "type": "multiple_choice", "prompt": "Your triage pipeline has 95% precision but 50% recall. What is the operational consequence?", "options": ["Great — almost all surfaced findings are real", "Of real vulnerabilities, half are being missed (discarded as FPs). The pipeline is too aggressive in filtering — recall must improve to >80%", "The pipeline is broken", "Precision needs to increase"], "answer_index": 1, "rationale": "50% recall means half of real vulnerabilities are missed. High precision is good (few FPs), but missing real vulns is dangerous. The pipeline needs tuning to improve recall without sacrificing too much precision." },
    { "id": "Q20", "bloom": "analysis", "type": "multiple_choice", "prompt": "How does structured deduplication at write time prevent the 'noise degrades decisions' problem?", "options": ["It deletes old records automatically", "Each write checks against existing records — duplicates UPDATE rather than INSERT. The store grows with unique knowledge, not raw output volume. After a week, 50K records become 5K unique records", "It compresses the database", "It uses faster hardware"], "answer_index": 1, "rationale": "Without dedup, the store accumulates raw output volume — 50K records, half duplicates. Structured dedup at write time means only unique knowledge grows. The harness queries a clean store, not a noise-filled one." }
  ]
}
