Which of the following should an auditor reference when reviewing a company ' s human resources AI systems for legal non-compliance?
Which of the following is the most impactful security risk associated with the use of a generative AI chatbot?
A recent release of an AI software update exposes confidential customer information due to storage misconfiguration.
Which of the following data security controls will help maintain confidentiality despite the data leak?
Which of the following job roles in an organizational governance structure develops a model from business use cases?
An AI security team must assess the probability of an attack on its new system and the impact associated with such an attack.
Which of the following threat-modeling resources best addresses the threat landscape for machine learning (ML)?
A security administrator needs to improve an AI model. During an initial investigation, the administrator notices that two successive login failures are recorded every day, and then a successful login occurs after a specific time interval. All the successful login attempts have been during office hours.
Which of the following techniques should the administrator use to improve the AI model ' s security?
A cybersecurity analyst wants to choose a machine learning (ML) model to classify log entries while providing the best explainability.
Which of the following models should the analyst use?
A recently deployed AI system becomes persistently unavailable. A restart temporarily fixes the issue, but the issue happens again. Upon examination of API logs, an analyst finds that external calls continued to use system resources after the action completed.
Which of the following is the best way to improve availability of the system?
An organization implements a domain-specific AI chatbot. After operating normally for weeks, the model returns contextually incorrect responses — treating ' worm ' as a biological pest rather than a computer worm when answering a cybersecurity question.
Which of the following should the organization do to address the issue?
A SOC analyst identifies that a user extracted the full system prompt from the company ' s chatbot by prompting it to repeat the last query and provide the entire conversation context. Which of the following mitigations reduces the risk to the AI system?
A healthcare organization plans to deploy a chatbot for appointment scheduling and patient records.
Which of the following is the first step a security administrator should take?
A SOC team has an AI agent that performs web searches and calls to the SOAR solution. The team is concerned about enterprise uptime and case resolution time.
Which of the following is the most appropriate use of the AI agent?
A data scientist investigates reports that a production machine learning (ML) model no longer performs with accuracy.
The data scientist finds the following pipeline log entries:

Which of the following should the security team do to mitigate future occurrences?
Which of the following is an example of how a security analyst uses generative AI in the triage process?
A penetration tester is assessing the controls of a deployed AI system that is designed to search and return the contents of files.
The tester runs the following:

Which of the following is the best control to prevent abuse of the system?
A cybersecurity administrator must examine the cost of AI and implement controls so the research environment operates within a specified budget.
Which of the following controls is best for this situation?
A data scientist is working with unlabeled data and wants to build a clustering model.
Which of the following techniques should a data scientist use?
Which of the following helps in managing potential security issues related to model training?
Which of the following improves the observability and auditing of an AI system?
A security operations center (SOC) analyst needs to automate multiple security tasks by breaking them down into smaller parts.
Which of the following AI tools is the best for this task?
A company introduces a large language model (LLM) in an application in order to monitor for a potential denial-of-service attack.
Which of the following should the company use to measure the utilization of the LLM?
An IT company implements an adaptable chatbot that learns from user prompts. Based on the conversation shown — where User 2 injected false information about a company acquisition that caused the chatbot to give incorrect responses to User 3 — which of the following compensating controls should an administrator implement to mitigate the issue?
Users report that the output of a generative AI application seems unrelated to the prompts and contains offensive content. A security team investigates and determines that there was an on-path attack.
Which of the following is the most likely attack method?
A human resources officer is using AI to evaluate resumes and help select candidates that meet minimum criteria. To improve the results, the human resources officer adjusts the query parameters and includes an example resume that matches a successful candidate.
Which of the following best describes this query?
Instructions: Use the drop-down menus to define two appropriate security controls for each component of the AI system. Each control may be used only once.
An engineer is deploying a new AI system and wants to integrate it into the core system through an API.

A security consultant needs to detect attacks across a large language model (LLM) firewall.
Which of the following techniques should the consultant use?
A multinational company wants to implement an AI-assisted job screening solution.
Which of the following should the company reference to reduce the risk of incurring compliance-related fines?
A management team is concerned about an unexpected cost increase for a public-facing AI chatbot.
Which of the following should a security administrator examine first to determine the root cause?
Which of the following strengthens the performance of a large language model (LLM) for malicious reconnaissance?
An organization is developing and implementing AI features into a customer service application.
Which of the following practices should the organization put in place before releasing the application for customer trials?
A security analyst is preparing a presentation for the sales team that describes the most common vulnerabilities that are specific to AI applications.
Which of the following is the best source for the analyst to consult?