Summer Certification Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

CY0-001 CompTIA SecAI+ Certification Exam Questions and Answers

Questions 4

Which of the following should an auditor reference when reviewing a company ' s human resources AI systems for legal non-compliance?

Options:

A.

Organization for Economic Cooperation and Development (OECD) standard

B.

National Institute of Standards and Technology (NIST) AI Risk Management Framework (RMF)

C.

European Union (EU) AI Act

D.

International Organization for Standardization (ISO)

Buy Now
Questions 5

Which of the following is the most impactful security risk associated with the use of a generative AI chatbot?

Options:

A.

Overly permissive access

B.

Data leakage

C.

Weak encryption

D.

Model validation

Buy Now
Questions 6

A recent release of an AI software update exposes confidential customer information due to storage misconfiguration.

Which of the following data security controls will help maintain confidentiality despite the data leak?

Options:

A.

Model encryption

B.

Encryption in transit

C.

Encryption in use

D.

Encryption at rest

Buy Now
Questions 7

Which of the following job roles in an organizational governance structure develops a model from business use cases?

Options:

A.

Platform architect

B.

AI risk analyst

C.

Machine learning operations (MLOps) engineer

D.

Data scientist

Buy Now
Questions 8

An AI security team must assess the probability of an attack on its new system and the impact associated with such an attack.

Which of the following threat-modeling resources best addresses the threat landscape for machine learning (ML)?

Options:

A.

Common Vulnerabilities and Exposures (CVE) AI working group

B.

MITRE Adversarial Threat Landscape for AI Systems (ATLAS)

C.

Massachusetts Institute of Technology (MIT) risk repository

D.

Open Worldwide Application Security Project (OWASP)

Buy Now
Questions 9

A security administrator needs to improve an AI model. During an initial investigation, the administrator notices that two successive login failures are recorded every day, and then a successful login occurs after a specific time interval. All the successful login attempts have been during office hours.

Which of the following techniques should the administrator use to improve the AI model ' s security?

Options:

A.

Access management

B.

Pattern recognition

C.

Signature matching

D.

Vulnerability analysis

Buy Now
Questions 10

A cybersecurity analyst wants to choose a machine learning (ML) model to classify log entries while providing the best explainability.

Which of the following models should the analyst use?

Options:

A.

Large language model (LLM)

B.

Neural networks

C.

Decision trees

D.

Generative adversarial network (GAN)

Buy Now
Questions 11

A recently deployed AI system becomes persistently unavailable. A restart temporarily fixes the issue, but the issue happens again. Upon examination of API logs, an analyst finds that external calls continued to use system resources after the action completed.

Which of the following is the best way to improve availability of the system?

Options:

A.

Creating token limits

B.

Enforcing session expiration

C.

Increasing system memory

D.

Implementing multifactor authentication (MFA)

Buy Now
Questions 12

Which of the following ensures the integrity of data usage in an AI system?

Options:

A.

Data masking

B.

Data cleansing

C.

Data verification

D.

Data lineage

Buy Now
Questions 13

An organization implements a domain-specific AI chatbot. After operating normally for weeks, the model returns contextually incorrect responses — treating ' worm ' as a biological pest rather than a computer worm when answering a cybersecurity question.

Which of the following should the organization do to address the issue?

Options:

A.

Configure guardrails.

B.

Encrypt the weights at rest.

C.

Apply model access controls.

D.

Deploy prompt templates.

Buy Now
Questions 14

A SOC analyst identifies that a user extracted the full system prompt from the company ' s chatbot by prompting it to repeat the last query and provide the entire conversation context. Which of the following mitigations reduces the risk to the AI system?

Options:

A.

Restricting the LLM ' s access to internal services

B.

Using data version control to detect content manipulation

C.

Enhancing model guardrails

D.

Segregating and identifying external content

Buy Now
Questions 15

A healthcare organization plans to deploy a chatbot for appointment scheduling and patient records.

Which of the following is the first step a security administrator should take?

Options:

A.

Implement prompt firewalls.

B.

Enable role-based access management

C.

Conduct a risk assessment.

D.

Use a secure data communication channel for chat.

Buy Now
Questions 16

A SOC team has an AI agent that performs web searches and calls to the SOAR solution. The team is concerned about enterprise uptime and case resolution time.

Which of the following is the most appropriate use of the AI agent?

Options:

A.

To analyze and contain offending users or hosts using SOAR playbooks

B.

To perform research using open-source intelligence to enrich the alerts

C.

To aggregate SOC metrics and generate reports for the leadership team

D.

To create tabletop exercises so the team can increase its incident response speed

Buy Now
Questions 17

Which of the following is used to train an AI model with unstructured data?

Options:

A.

Statistical learning

B.

Fine-tuning

C.

Supervised learning

D.

Reinforcement training

Buy Now
Questions 18

A data scientist investigates reports that a production machine learning (ML) model no longer performs with accuracy.

The data scientist finds the following pipeline log entries:

Which of the following should the security team do to mitigate future occurrences?

Options:

A.

Add static code scanning tooling to the runner job.

B.

Enable human review and approval workflows in the repository.

C.

Retrain the model on using increased data and epochs.

D.

Keep multiple copies of the model for restoration.

Buy Now
Questions 19

Which of the following is an example of how a security analyst uses generative AI in the triage process?

Options:

A.

To predict the next attack target with higher accuracy

B.

To use statistical analysis for malicious code assessment

C.

To summarize security findings by category

D.

To tag malware using machine learning (ML) algorithms

Buy Now
Questions 20

Which of the following is a risk addressed by responsible AI?

Options:

A.

Model drift

B.

Reputational loss

C.

Response bias

D.

Data poisoning

Buy Now
Questions 21

A penetration tester is assessing the controls of a deployed AI system that is designed to search and return the contents of files.

The tester runs the following:

Which of the following is the best control to prevent abuse of the system?

Options:

A.

Implementing custom detection rules for anomalous model behavior

B.

Segmenting the workload into a separate virtual private cloud (VPC)

C.

Adding a large language model (LLM) guardrails library to the application code

D.

Reducing the privilege scope of the service account

Buy Now
Questions 22

A cybersecurity administrator must examine the cost of AI and implement controls so the research environment operates within a specified budget.

Which of the following controls is best for this situation?

Options:

A.

Prompt firewalls

B.

Application programming interface (API) access

C.

Model guardrails

D.

Token limits

Buy Now
Questions 23

A data scientist is working with unlabeled data and wants to build a clustering model.

Which of the following techniques should a data scientist use?

Options:

A.

Supervised learning

B.

Reinforcement learning

C.

Unsupervised learning

D.

Semi-supervised learning

Buy Now
Questions 24

Which of the following helps in managing potential security issues related to model training?

Options:

A.

National Institute of Standards and Technology (NIST) AI Risk Management Framework (RMF)

B.

International Organization for Standardization (ISO) 27001

C.

Organization for Economic Co-operation and Development (OECD)

D.

General Data Protection Regulation (GDPR)

Buy Now
Questions 25

Which of the following improves the observability and auditing of an AI system?

Options:

A.

Redeploying the model

B.

Using manual detection

C.

Implementing machine learning operations (MLOps)

D.

Using anomaly detections

Buy Now
Questions 26

A security operations center (SOC) analyst needs to automate multiple security tasks by breaking them down into smaller parts.

Which of the following AI tools is the best for this task?

Options:

A.

Agentic AI

B.

Retrieval-augmented generation (RAG) AI

C.

Generative AI

D.

Chatbot

Buy Now
Questions 27

A company introduces a large language model (LLM) in an application in order to monitor for a potential denial-of-service attack.

Which of the following should the company use to measure the utilization of the LLM?

Options:

A.

Token

B.

Transformer

C.

Chain of thoughts

D.

Prompt

Buy Now
Questions 28

An IT company implements an adaptable chatbot that learns from user prompts. Based on the conversation shown — where User 2 injected false information about a company acquisition that caused the chatbot to give incorrect responses to User 3 — which of the following compensating controls should an administrator implement to mitigate the issue?

Options:

A.

Data encryption

B.

Rate-limiting application programming interfaces (APIs)

C.

Transfer learning

D.

Guardrails

Buy Now
Questions 29

Users report that the output of a generative AI application seems unrelated to the prompts and contains offensive content. A security team investigates and determines that there was an on-path attack.

Which of the following is the most likely attack method?

Options:

A.

Application server hijacking

B.

Session hijacking

C.

Domain hijacking

D.

Model hijacking

Buy Now
Questions 30

A human resources officer is using AI to evaluate resumes and help select candidates that meet minimum criteria. To improve the results, the human resources officer adjusts the query parameters and includes an example resume that matches a successful candidate.

Which of the following best describes this query?

Options:

A.

Distillation

B.

Prompt template

C.

One-shot prompting

D.

System role

Buy Now
Questions 31

Instructions: Use the drop-down menus to define two appropriate security controls for each component of the AI system. Each control may be used only once.

An engineer is deploying a new AI system and wants to integrate it into the core system through an API.

Options:

Buy Now
Questions 32

A security consultant needs to detect attacks across a large language model (LLM) firewall.

Which of the following techniques should the consultant use?

Options:

A.

Signature matching

B.

Distributed denial-of-service

C.

Translation analysis

D.

Vulnerability enumeration

Buy Now
Questions 33

A multinational company wants to implement an AI-assisted job screening solution.

Which of the following should the company reference to reduce the risk of incurring compliance-related fines?

Options:

A.

International Organization for Standardization (ISO) AI standards

B.

European Union (EU) AI Act

C.

Corporate policy

D.

National Institute of Standards and Technology (NIST) AI Risk Management Framework (RMF)

Buy Now
Questions 34

A management team is concerned about an unexpected cost increase for a public-facing AI chatbot.

Which of the following should a security administrator examine first to determine the root cause?

Options:

A.

Firewall logs

B.

Web application firewall (WAF) rules

C.

Vector database input/output operations per second performance

D.

Model token usage

Buy Now
Questions 35

Which of the following strengthens the performance of a large language model (LLM) for malicious reconnaissance?

Options:

A.

Enhancing a foundational model with the inclusion of retrieval-augmented generation (RAG)

B.

Creating a web scraper script using AI to capture the company website

C.

Instructing an AI assistant to query as an administrator

D.

Prompting a chatbot to describe server naming patterns and Internet Protocol (IP) ranges

Buy Now
Questions 36

An organization is developing and implementing AI features into a customer service application.

Which of the following practices should the organization put in place before releasing the application for customer trials?

Options:

A.

Data masking and sanitization

B.

External compliance audits

C.

Approved AI vendor lists

D.

Third-party risk management

Buy Now
Questions 37

A security analyst is preparing a presentation for the sales team that describes the most common vulnerabilities that are specific to AI applications.

Which of the following is the best source for the analyst to consult?

Options:

A.

International Organization for Standards (ISO) 27001

B.

Common Weakness Enumeration (CWE)

C.

Open Worldwide Application Security Project (OWASP)

D.

National Institute of Technologies Risk Management Framework (NIST-RMF)

Buy Now
Exam Code: CY0-001
Exam Name: CompTIA SecAI+ Certification Exam
Last Update: Jun 29, 2026
Questions: 0
CY0-001 pdf

CY0-001 PDF

$25.5  $84.99
CY0-001 Engine

CY0-001 Testing Engine

$30  $99.99
CY0-001 PDF + Engine

CY0-001 PDF + Testing Engine

$180  $600