TechFoundations.ai Security and AI Awareness

Knowledge Check · Kirkpatrick Level 2

Sensitive Data & AI-Safe Behaviors

A short check on the core module. It measures whether you can tell sensitive data from ordinary data and choose a safe way to use an AI tool.

What to expect

12 questions, worth 1 point each (12 total). Matching gives partial credit per correct pair.
Unlimited attempts: retake it as many times as you like.
Passing score: 80% (about 10 of 12).
Mobile friendly: it works on a phone.
Question types: multiple choice, true/false, matching (use the dropdowns), one fill-in, and one build-it item where you write a safe prompt.
You see feedback on every question and your results as soon as you submit.
A short reflection at the end (not scored) asks you to explain your reasoning on one scenario.

Question 1 · Multiple choice

What makes a piece of information "sensitive"?

It is long or detailed If exposed, it could harm someone or break a rule or law It is stored on a phone It is written in plain language

Correct. Sensitivity is about the harm caused if it gets out, not the format or length.

Not quite. Data is sensitive when exposure could cause harm or break a rule. Review the What's Worth Protecting lesson.

Question 2 · True or false

Once you paste text into a public AI chat tool, you can always delete it and be sure it is gone.

True False

Correct. Treat anything you send as data that has left your control. You cannot be sure it is gone.

It is false. Once sent, you cannot guarantee it is deleted. Review What AI Does With What You Type.

Question 3 · Multiple choice

Which of these is sensitive data you should keep out of a public AI tool?

A list of common cooking tips A client's full name with their account number and address Tomorrow's weather forecast A public news headline

Correct. A name tied to an account number and address is sensitive personal data.

Not quite. The client's name with an account number and address is sensitive. Review the lesson on sensitive data.

Question 4 · Matching

Match each item to the safe way to handle it. (Partial credit: a quarter point for each correct match.)

A public blog post

Your draft resume with your home address

A client's medical record

Your company's internal pricing file

Correct on all four. Each kind of data has a matching safe move.

Some pairs are off. Public post → any tool; resume with address → remove personal details; medical record → never in a public tool; internal pricing → approved private tool only.

Question 5 · Scenario

You want an AI tool to help reword an email that contains a customer's name and order number. What is the safe move?

Send it exactly as written to save time Replace the name and order number with placeholders, then ask for help Remove the order number but keep the customer's name Send the full email and ask the tool to keep it private

Correct. Swap the sensitive details for placeholders, get the wording help, then put the real details back yourself.

Not quite. Replace the name and order number with placeholders before sending. Review the prompt-rewrite lesson.

Question 6 · Multiple choice

What is the best "safe by default" check before sending anything to an AI tool?

Assume it is private and send everything Ask yourself: would I be comfortable if this became public? Confirm the tool has a privacy policy, then send everything Delete the chat right after you send it

Correct. The public test is a fast, reliable filter for what to remove.

Not quite. Ask whether you would be fine if it became public. Review the AI-safe behaviors lesson.

Question 7 · True or false

An approved private or enterprise AI tool with a data-protection agreement can be appropriate for some sensitive work data.

True False

Correct. The right tool depends on the data. An approved private tool can handle data a public one should not.

It is true. An approved private tool with the right agreement can be appropriate for some sensitive data.

Question 8 · Fill in the blank

Before sending a prompt that names a real person or account, replace those details with a ______. (One word.)

Correct. Swap the real name or number for a placeholder like [NAME], get your help, then put the real details back yourself.

The answer is placeholder. Replace the real name or number with a placeholder like [NAME] before sending.

Question 9 · Scenario

A free AI app asks for permission to read your photos and contacts so it can "work better." What is the safe response?

Allow everything so it works Give only the access the task truly needs, or skip it Allow it for now and review the permissions later Allow photos but not contacts, without checking what the task needs

Correct. Least access is the safe default. Grant only what the task needs.

Not quite. Give only the access the task needs, or decline. Review the AI-safe behaviors lesson.

Question 10 · Multiple choice

Which detail is safe to include in a prompt to a public AI tool?

Your full date of birth and home address A coworker's private health note A general question about how to write a cover letter A customer's credit card number

Correct. A general how-to question carries no sensitive data.

Not quite. The general cover-letter question is the only one with no sensitive data.

Question 11 · True or false

If you are unsure whether something is sensitive, the safe choice is to leave it out of the AI tool.

True False

Correct. When in doubt, leave it out. You can always use a placeholder instead.

It is true. When unsure, leave it out and use a placeholder.

Question 12 · Build it

Rewrite this unsafe prompt so it gets the same help without exposing sensitive data:
"Help me reword this email to my client Maria Lopez, account 4471-2093, about her late payment."

Nice. You produced a safe prompt and self-checked it against all three criteria.

Reveal the model, then make sure your version hits all three: placeholders for the name and account, the same request, and no new real details.

Reflection · not scored

Pick one scenario you answered, the email rewrite (Question 5) or the app permissions (Question 9). In a sentence or two, why was your choice the safe move?

0 / 12

Scroll up to read the feedback on each question, then start over to try again.

A learning assessment for Security and AI Awareness, the entry course of the TechFoundations learning arc. Built by Glen Buchanan for LDTC 615. This is a knowledge check; it does not store your answers.

How items map to objectives: classify sensitive data (LO1: Q1, Q3, Q10), analyze what a prompt exposes (LO2: Q2, Q6), rewrite an unsafe prompt safely (LO3: Q5, Q8, and Q12 by production), and decide if a tool or handling fits the data (LO4: Q4, Q7, Q9, Q11). The one-page data and AI-use map (LO5) is the course capstone, not part of this knowledge check.