Software – Training – MCQ – Global Welcome to your Software - Training - MCQ - Global Name Email 1. A software only device includes an application that may be health software, which of the following apply? EN/IEC 62304 EN/IEC 82304 EN ISO 14971 All of the above None 2. A device system consists of a sensor, an applicator pack, an application software and a reader with test strips all sold separately. To which device would rule 11 be applicable? The software application The applicator pack The reader for test strips None 3. A manufacturer applies for MDR certification for a device described with intended use for sports fitness activities where heart rate is monitored. Is this a medical device or an IVD under the MDR/IVDR? Yes No Maybe None 4. A software device provides image analysis for prediction of the most successful treatment during surgical intervention of acute stroke patients. What could the classification be? Class I Class IIa Class IIb Class III None 5. Which of these is a non-conformity? Class III device incorrectly classified as Class IIb Class IIb device incorrectly classified as Class IIa All of the above None 6. A Manufacturer provides a classification rationale for an IVD device. Should they consider any implementing rules? Yes No None 7. Is a cloud based software with web access for intended purpose of MRI image analysis for lung carcinoma a medical device? Yes No None 8. Is a hospital information system for patient administration a medical or IVD device? Yes No None 9. What threats are assumed using the STRIDE Method? Scamming, Thread-Ripping, Intrusion, Delusion, Escape Spoofing, Tampering, Reputation, Information Dismantling, Denial of Service, Escape Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege None 10. What is the CIA-triad in terms of cybersecurity? Protection goals: Confidentiality, Integrity, Availability NGO stakeholder within the stakeholder analysis Abbreviation for Confine, Interact, Attribute None 11. Please mark appropriate cybersecurity measures Training of users Using network switches Applying the principle of least privilege (PoLP) 12. Which of the following do NOT describe cyberattacks? Zebra-Spoofing (Using malicious Zebra-manipulated-mails) DDoS (Distributed denial of service attacks) MDSAP (Mail daemon server attack protocol) Zero-Day-Exploiting (Attackers exploiting vulnerabilities of device components.) 13. Which risks apply to mobile medical apps? Data-theft caused by unencrypted communication Data-manipulation caused by malware Loss of data caused by poorly implemented encryption 14. Which of the following assertions are true? The MDR does NOT use the term “cybersecurity”. The risk of cyber-attacks should always be attributed with a “remote” probability. The state of the art must be applied by the manufacturer. 15. Which of the statements are true regarding the main differences between Conventional programming and Machine learning? In conventional programming, programs are created manually by providing input data and based on the programming logic, and the computer generates the output. In machine learning programming, the input and output data are fed to the algorithm, creating the program. The difference is that machine learning works with input data and output data while Conventional programming deals only with input data and creates no output data. In machine learning using neural networks the trainer needs to code the rules and write lines of code manually or automatically. In the conventional programming approach, it is up to the programmer how he will design and develop the logic of the program. During the audit you can accept the statement of the auditee that the artificial intelligence is developed according to IEC 62304 and by this is developed by the current accepted state of the art. The manufacturer should control the data it has used for the training and verification (validation) of the AI model on the same level it controls source code. 16. Which of the statement describes a black-box AI? Black-box models have observable input-output relationships but lack clarity around inner workings Black -box models have observable/understandable behaviors, features, and relationships between influencing variables and the output predictions Black-Box models have non-observable input-output relationships and lack clarity around inner workings You can accept the manufacturers statement that the AI cannot undergo a clinical evaluation as it uses a black box AI, which is not explainable, so a clinical evaluation wouldn’t lead to any new knowledge. Manufacturer further explains, that once AI “regulations” and standards are in place, they would change to a white box AI and perform a clinical evaluation. None 17. For critical decisions such as the calculation of the necessary dosage of radiation for cancer therapy, black box AI models should be used, as the complicated and non-linear characteristics of the model are more sophisticated and more performant as white-box AI. In general, black-box AIs are more performant as white-box AI. This statement is correct This statement is incorrect None 18. The current regulatory framework does not distinguish between black-box AI and white-box AI when it comes to automated decisions This statement is correct This statement is incorrect None 19. Which of the statements are correct? Verification and validation are one method used by software analysts to ensure the: • AI system sufficiently accurate • AI system can cope with anomalies and inevitable data glitches • AI system is based on properly representative data • AI system free of software bugs • AI system performs as it was intended to perform Verification and validation is not necessary for black-box AI systems as we can’t understand the decision of the AI. Verification and validation of AI functional features are necessary to assure their adequate quality in accuracy, consistency, relevancy, timeliness and correctness 20. Bias in the training data is not an issue for the accuracy of the AI model, as the AI corrects its flaws automatically. This statement is correct This statement is incorrect None 21. Which of the statements are correct? AI System can not be hacked, as the AI learns with each new dataset and corrects its flaws and vulnerabilities automatically Continuously learning AI Models are resistant against data corruption and are inherently stable. As poisoning the training-data and by this changing the performance of the AI is a possible scenario, security consideration should be part of the life cycle process of an AI. Currently there are no legal frameworks published by any of the regulators worldwide, but there are many in planning to be released this year. None Time's up pascaleperspectives2025-02-20T14:19:22+01:00
