CY0-001 Exam Dumps - CompTIA SecAI+ Questions and Answers

Basic Concept: Assessing attack probability and impact for ML systems requires a resource specifically built to catalog real-world adversarial attacks against AI and ML systems, including documented techniques with associated impact information. CompTIA SecAI+ Exam Objectives identify MITRE ATLAS as the authoritative ML threat landscape resource.

Why B is Correct: MITRE ATLAS is specifically designed as a comprehensive knowledge base of adversarial tactics, techniques, and case studies targeting AI and ML systems. It catalogs real-world attacks with associated probability factors derived from actual incidents and provides impact assessments for various attack types including data poisoning, model evasion, model extraction, and inference attacks. This directly enables the probability and impact assessment the team requires.

Why A is Wrong: The CVE AI working group focuses on identifying and cataloging specific vulnerability instances in AI software components. While useful for vulnerability management, it does not provide the comprehensive threat landscape coverage with probability and impact assessments for ML-specific attack tactics that ATLAS provides.

Why C is Wrong: The MIT risk repository is an academic resource cataloging general AI-related risks. It is research-oriented and does not provide the practitioner-focused, operational attack taxonomy and case study library that MITRE ATLAS offers for ML threat modeling.

Why D is Wrong: OWASP provides application security guidance including the OWASP LLM Top 10. While valuable for LLM-specific risks, OWASP does not provide the comprehensive ML threat landscape coverage or the probability and impact data that MITRE ATLAS offers for assessing the full spectrum of ML attack scenarios.

Basic Concept: Adding validation layers to software development processes improves security assurance by catching issues that human reviewers might miss. AI-assisted validation provides an automated, systematic review that complements human judgment. CompTIA SecAI+ Study Guide covers AI-assisted development security controls.

Why A is Correct: AI-assisted approval adds an intelligent automated review layer that works alongside existing human review. AI can systematically analyze code for security vulnerabilities, coding standard violations, dependency risks, and policy compliance with greater consistency and speed than manual review. This creates a defense-in-depth validation approach where both AI and human reviewers must approve changes, catching issues that either layer might miss independently.

Why B is Wrong: A low-code plug-in provides simplified visual development tools that reduce the amount of manual code writing required. It is a development productivity tool, not a security validation layer for reviewing already-written code.

Why C is Wrong: Automated rollback is a deployment safety mechanism that reverts a deployment to the previous version when errors are detected after deployment. It is a recovery control, not a validation layer applied during the development review process.

Why D is Wrong: Regression testing verifies that new code changes have not broken existing functionality. It tests functional correctness, not security vulnerabilities, and does not add an AI-powered security validation capability to the existing human review process.

Basic Concept: When authentication is enabled on an LLM system, users must prove their identity before the system processes any requests. The authentication process must occur at the point where users first attempt to access the system before any data can be transmitted. CompTIA SecAI+ Study Guide covers the order of authentication controls in AI system access architectures.

Why B is Correct: Endpoint access control is the first requirement when authentication is enabled, as it governs the initial connection from the user ' s device to the system. Before any prompt can be sent or response received, the endpoint must be authenticated and authorized to access the LLM service. Endpoint access control verifies user identity and device compliance at the earliest possible point in the request flow, gating all subsequent processing.

Why A is Wrong: A front-end web proxy gateway routes and manages web traffic between users and backend services. While it may participate in the authentication flow, it is a routing and mediation component that operates after the endpoint has been validated, not the first authentication requirement.

Why C is Wrong: An API gateway manages API traffic, authentication tokens, and rate limiting for API interactions. It processes requests after initial endpoint authentication has been established and the request is being routed to the LLM backend.

Why D is Wrong: A back-end access gateway controls access to backend services and resources. It operates downstream from both endpoint authentication and API gateway processing, representing a deeper layer of the access control architecture rather than the first authentication requirement.

Basic Concept: Before deploying an AI chatbot that has specific behavioral requirements — no harmful content, professional language, and accurate responses — organizations must verify that the controls designed to enforce these requirements actually work as intended. This pre-deployment verification is essential for customer-facing systems. CompTIA SecAI+ Study Guide covers guardrail testing as a required pre-deployment activity.

Why C is Correct: Guardrail testing and validation specifically verifies that the content filtering, safety controls, and behavioral constraints implemented in the chatbot function correctly before customer exposure. This involves systematically testing with edge cases, adversarial prompts, and boundary conditions to confirm that harmful content is blocked, language remains professional, and responses are accurate. This directly validates the three requirements stated in the question.

Why A is Wrong: Data labeling and classification is a data preparation activity performed during model training and development. By the time the chatbot is fully developed, this work should already be complete.

Why B is Wrong: Model auditing and evaluation assesses overall model performance, accuracy, and compliance at a broader level. While important, it does not specifically verify that the guardrails enforcing the three behavioral requirements work correctly for the specific failure modes customers might trigger.

Why D is Wrong: Regression modeling and minimization refers to statistical techniques for continuous outcome prediction. This is not a relevant pre-deployment activity for a conversational chatbot requiring behavioral safety validation.

Basic Concept: Security posture management for AI systems involves assessing and improving the overall security state of AI deployments, including identifying risks, implementing controls, and maintaining ongoing compliance. Appropriate frameworks provide structure for this assessment. CompTIA SecAI+ Study Guide identifies NIST AI RMF as the primary framework for AI risk and posture management.

Why B is Correct: The NIST AI Risk Management Framework provides comprehensive, actionable guidance for managing and improving AI security and risk posture across the entire AI lifecycle. It includes the GOVERN, MAP, MEASURE, and MANAGE functions that directly address posture management activities including risk identification, assessment, and control implementation for ML use cases. Its technical depth and ML-specific guidance make it ideal for this summarization task.

Why A is Wrong: OECD standards provide high-level policy principles for AI governance at an international level. They lack the technical specificity and operational guidance needed to summarize posture management impact on a specific ML use case.

Why C is Wrong: The EU AI Act is a regulatory compliance framework establishing legal requirements for AI systems. While it addresses risk management, its focus is on legal compliance rather than technical posture management guidance for ML systems.

Why D is Wrong: A Generative Adversarial Network is an AI architecture for generating synthetic data, not a framework or standard. It has no relevance as a reference for AI security posture management.

Basic Concept: Data integrity in AI systems requires not only that data is accurate at a point in time, but that its entire history of transformation and usage can be traced and verified. Tracking how data has been used and transformed throughout the AI system lifecycle provides ongoing integrity assurance. CompTIA SecAI+ Study Guide covers data governance controls including lineage for AI integrity.

Why D is Correct: Data lineage tracks and documents the complete journey of data from its origin through every transformation, processing step, and use within an AI system. By recording what happened to the data, when, by whom, and through which processes, data lineage provides the audit trail needed to ensure data integrity throughout the AI system ' s data usage lifecycle. It enables verification that data has been used as intended and has not been improperly modified at any stage.

Why A is Wrong: Data masking replaces sensitive data values with anonymized equivalents to protect privacy. It is a confidentiality control that modifies data values rather than a mechanism for ensuring or tracking data integrity across the system.

Why B is Wrong: Data cleansing removes or corrects errors, inconsistencies, and noise in datasets to improve data quality. It is a data preparation activity that improves data accuracy at a point in time but does not track data usage or provide ongoing integrity assurance throughout the AI system lifecycle.

Why C is Wrong: Data verification confirms that data meets expected quality standards and validates its accuracy at a specific check point. While important for quality assurance, it provides a point-in-time check rather than continuous tracking of data usage and transformations as data lineage does.

Basic Concept: An on-path (formerly man-in-the-middle) attack intercepts communication between two parties, allowing the attacker to read, modify, or inject content. In the context of a generative AI application, an on-path attack on the session between user and AI service can manipulate prompts being sent to the model or responses being returned to users. CompTIA SecAI+ covers AI-specific attack vectors under securing AI systems.

Why B is Correct: Session hijacking involves an attacker taking control of an active user session by capturing or forging session tokens. In this attack, the attacker intercepts the communication channel between users and the AI application, allowing them to modify prompts sent to the model or replace legitimate model responses with offensive content. This explains why outputs seem unrelated to prompts and contain offensive material.

Why A is Wrong: Application server hijacking involves gaining unauthorized control of the server hosting the application. While severe, this would typically manifest as complete service disruption or data exfiltration rather than targeted modification of individual user session content.

Why C is Wrong: Domain hijacking involves unauthorized transfer of a domain name registration, redirecting all users to a different IP address. This would affect all users simultaneously and typically redirect to a completely different site rather than manipulating individual AI responses.

Why D is Wrong: Model hijacking refers to attacks that steal or replicate an AI model, not to intercepting and modifying the communication between users and an existing model during active sessions.

Basic Concept: Reconnaissance is the information gathering phase of an attack. LLMs can be enhanced to perform more effective reconnaissance by giving them access to current, specific information beyond their training data cutoff. CompTIA SecAI+ covers AI augmentation techniques including RAG under AI-assisted security.

Why A is Correct: RAG enhances an LLM by connecting it to an external knowledge base or real-time data sources that it can query during inference. For reconnaissance purposes, a RAG-enabled LLM can access up-to-date organizational information, technical documentation, and intelligence feeds that go beyond its static training data. This makes the LLM significantly more capable for gathering current, targeted intelligence about specific organizations or infrastructure.

Why B is Wrong: Creating a web scraper is a basic data collection technique. While AI can help write scraper code, the scraper itself is a simple script that does not enhance the LLM ' s intelligence or reasoning capabilities for sophisticated reconnaissance.

Why C is Wrong: Instructing an AI assistant to query as an administrator is a prompt manipulation attempt. An LLM cannot actually gain elevated permissions through a prompt instruction; this describes social engineering or privilege escalation via prompting, not a performance enhancement technique.

Why D is Wrong: Prompting a chatbot to describe naming patterns is a basic use of an existing LLM ' s knowledge. It does not strengthen or enhance the model ' s capabilities; it merely queries what the model already knows from training data, which may be outdated or generic.

Basic Concept: When an AI chatbot powered by RAG retrieves and outputs sensitive patient information such as names, medical histories, or identifiers, the risk of Protected Health Information (PHI) disclosure must be mitigated. CompTIA SecAI+ Study Guide covers data protection techniques for AI systems handling sensitive health data.

Why A is Correct: Masking replaces sensitive data values such as patient names, dates of birth, medical record numbers, and diagnoses with redacted or anonymized equivalents in the chatbot ' s output. Even if the RAG system retrieves records containing patient information, masking ensures that the sensitive fields are obscured before the response is presented to the user. This directly prevents PHI disclosure while allowing the chatbot to provide useful responses based on the underlying data patterns.

Why B is Wrong: Classification involves categorizing data by its sensitivity level such as public, internal, confidential, or restricted. While it identifies which data requires protection, classification alone does not transform or obscure the sensitive values in chatbot outputs.

Why C is Wrong: Data minimization is a privacy principle that limits data collection to only what is necessary for the specified purpose. While valuable as a design principle when building the RAG knowledge base, it is a data governance strategy rather than a technical output control that can be applied to mitigate existing PHI disclosure in chatbot responses.

Why D is Wrong: Normalization is a data processing technique that scales numerical values to a standard range or standardizes data formats. It is a preprocessing step for improving model training efficiency, not a data protection technique for preventing patient information disclosure in AI outputs.

Basic Concept: DoS attacks overwhelm AI systems by sending excessive requests that exhaust computational resources, memory, or bandwidth, preventing legitimate users from being served. The primary defense against volume-based attacks is throttling the rate at which requests can be processed. CompTIA SecAI+ Exam Objectives identify rate limiting as the key DoS mitigation control for AI systems.

Why B is Correct: Rate limiting directly addresses the root mechanism of DoS attacks by restricting the number of requests any single client or IP address can submit within a defined time window. By enforcing request quotas, rate limiting prevents attackers from generating the request volume necessary to overwhelm the system while preserving capacity for legitimate users. It is the most direct and effective preventive control against DoS attacks on AI APIs and services.

Why A is Wrong: Model guardrails inspect and filter the content of prompts and responses for policy compliance and safety. They operate at the semantic content level, not at the request volume level, and cannot prevent resource exhaustion from high-volume request flooding.

Why C is Wrong: End-to-end encryption protects the confidentiality and integrity of data in transit. Encrypted DoS traffic is just as damaging as unencrypted traffic; encryption does not limit request rates or prevent resource exhaustion.

Why D is Wrong: Access controls restrict who can interact with the system, which can reduce the potential attacker pool. However, authenticated users and compromised accounts can still launch DoS attacks, and access controls alone cannot prevent high-volume attacks from authorized sources.