An AI security team must assess the probability of an attack on its new system and the impact associated with such an attack.
Which of the following threat-modeling resources best addresses the threat landscape for machine learning (ML)?
A management team is concerned about an unexpected cost increase for a public-facing AI chatbot.
Which of the following should a security administrator examine first to determine the root cause?
Which of the following is the primary security risk when deploying AI models in production?
A security alert triggers an agentic system. An analyst notices the following payload in the logs. The alert includes multiple shell commands that are not typically run as part of any hardening:

Which of the following is the most effective control to implement?
A security analyst receives an alert about an AI system and is investigating the following output:

Which of the following is the most appropriate control the analyst should recommend?
Which of the following types of prompts best describes a developer’s input that informs AI interactions?
A security team is using an AI-based tool to try to bypass organizational boundaries. The team uses AI to look at the current state and suggest different attack vectors based on the outcome of the previous ones.
Which of the following techniques is the team most likely using?
Which of the following is the most concerning risk for a company that allows corporate end users to use public-facing large language models (LLMs)?
Which of the following roles best supports the implementation of AI governance, risk, and compliance (GRC)? (Choose two.)
A disgruntled employee changed the company policies that a chatbot references in order to create confusion and disrupt the business.
Which of the following AI-generated vulnerabilities is the employee exploiting?
Which of the following describes the number of training cycles used in an AI model for threat detection?
A SOC team has an AI agent that performs web searches and calls to the SOAR solution. The team is concerned about enterprise uptime and case resolution time.
Which of the following is the most appropriate use of the AI agent?
A group of security engineers is developing a SIEM system that will be able to ingest data from multiple structured and unstructured sources, have a chatbot integrated with an LLM that the security analyst can interact with, and provide insights from the SIEM alert data.
Which of the following techniques should the security engineers consider before collecting the data from the respective sources?
An organization is concerned with the exposure of sensitive data.
Which of the following is the most relevant security concern?
During the selection of a machine learning (ML)-based threat classification model, a cybersecurity administrator verifies that label distribution is highly unbalanced.
Which of the following processing techniques should the engineer use to balance the model?
A security analyst is preparing a presentation for the sales team that describes the most common vulnerabilities that are specific to AI applications.
Which of the following is the best source for the analyst to consult?
Which of the following requires developers to harden infrastructure to protect AI systems?
Customer feedback for an AI chatbot has a high-rate of non-answers, which is causing higher central processing unit (CPU) utilization.
Which of the following should be implemented?
An administrator, who works for a financial institution, is required to implement data security controls for data at rest within AI systems that involve data disclosure.
Which of the following is the most suitable control?
Which of the following International Organization for Standardization (ISO) standards contains compliance requirements for building an AI management system?
A developer is proposing a new AI application for human resources systems. Which of the following are the most important considerations?
An AI security administrator notices that the information referenced by the model is incorrectly formatted and missing values.
Which of the following job roles would most likely be responsible for correcting this error?
After the latest software update, a developer receives reports that the system no longer requires reauthentication to display account balances because this issue was present in a previous release. Which of the following should the developer do to best mitigate the risk of recurrence?
Which of the following helps end users within an organization the most in safeguarding against the risk of AI-related non-compliance?
Users report that the output of a generative AI application seems unrelated to the prompts and contains offensive content. A security team investigates and determines that there was an on-path attack.
Which of the following is the most likely attack method?
A recently deployed AI system becomes persistently unavailable. A restart temporarily fixes the issue, but the issue happens again. Upon examination of API logs, an analyst finds that external calls continued to use system resources after the action completed.
Which of the following is the best way to improve availability of the system?
An automobile manufacturer implements a chatbot to assist with configuration options for customer automobiles. Given a customer ' s prompt, the chatbot gives offensive responses.
Which of the following describes this behavior?
A security consultant must summarize the impact of posture management on a machine learning (ML) use case.
Which of the following is the most appropriate reference for this purpose?
An organization implements a domain-specific AI chatbot. After operating normally for weeks, the model returns contextually incorrect responses — treating ' worm ' as a biological pest rather than a computer worm when answering a cybersecurity question.
Which of the following should the organization do to address the issue?
Which of the following attacks would be the best to automate with AI during dynamic application software testing (DAST)?
An IT company implements an adaptable chatbot that learns from user prompts. Based on the conversation shown — where User 2 injected false information about a company acquisition that caused the chatbot to give incorrect responses to User 3 — which of the following compensating controls should an administrator implement to mitigate the issue?
Which of the following should an auditor reference when reviewing a company ' s human resources AI systems for legal non-compliance?
An organization develops a chatbot that does not provide harmful or explicit responses, must use clean and professional language, and ensures that responses are accurate.
Which of the following should the organization conduct after the chatbot is fully developed but before a customer-facing deployment?