Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: clap70

CY0-001 CompTIA SecAI+ Certification Exam Questions and Answers

Questions 4

An AI security team must assess the probability of an attack on its new system and the impact associated with such an attack.

Which of the following threat-modeling resources best addresses the threat landscape for machine learning (ML)?

Options:

A.

Common Vulnerabilities and Exposures (CVE) AI working group

B.

MITRE Adversarial Threat Landscape for AI Systems (ATLAS)

C.

Massachusetts Institute of Technology (MIT) risk repository

D.

Open Worldwide Application Security Project (OWASP)

Buy Now
Questions 5

A management team is concerned about an unexpected cost increase for a public-facing AI chatbot.

Which of the following should a security administrator examine first to determine the root cause?

Options:

A.

Firewall logs

B.

Web application firewall (WAF) rules

C.

Vector database input/output operations per second performance

D.

Model token usage

Buy Now
Questions 6

Which of the following is the primary security risk when deploying AI models in production?

Options:

A.

Graphics processing unit (GPU) acceleration

B.

Model overfitting

C.

Model encryption

D.

Data exposure

Buy Now
Questions 7

A security alert triggers an agentic system. An analyst notices the following payload in the logs. The alert includes multiple shell commands that are not typically run as part of any hardening:

Which of the following is the most effective control to implement?

Options:

A.

Adding logic that includes approved strings before running the shell commands

B.

Deprecating model usage and retaining the model with safer parameters

C.

Modifying the application to ignore the SECURITY_UPDATE tag

D.

Using only approved libraries when interacting with agentic systems

Buy Now
Questions 8

A security analyst receives an alert about an AI system and is investigating the following output:

Which of the following is the most appropriate control the analyst should recommend?

Options:

A.

Integrating data sanitization

B.

Implementing user input validation

C.

Monitoring logs for attack words from the system

D.

Hardening the Model Context Protocol server

Buy Now
Questions 9

Which of the following types of prompts best describes a developer’s input that informs AI interactions?

Options:

A.

System

B.

User

C.

Zero-shot

D.

Multi-shot

Buy Now
Questions 10

A security team is using an AI-based tool to try to bypass organizational boundaries. The team uses AI to look at the current state and suggest different attack vectors based on the outcome of the previous ones.

Which of the following techniques is the team most likely using?

Options:

A.

Manual signature matching

B.

Code quality testing

C.

Fraud detection

D.

Automated penetration testing

Buy Now
Questions 11

Which of the following is the most concerning risk for a company that allows corporate end users to use public-facing large language models (LLMs)?

Options:

A.

Inaccuracies due to hallucinations

B.

Out-of-date acceptable use policies

C.

Data security regulatory violations

D.

Malicious code generation

Buy Now
Questions 12

Which of the following roles best supports the implementation of AI governance, risk, and compliance (GRC)? (Choose two.)

Options:

A.

Desktop specialist

B.

Data scientist

C.

Software developer

D.

Security architect

E.

Security operations center (SOC) analyst

F.

Network engineer

Buy Now
Questions 13

A disgruntled employee changed the company policies that a chatbot references in order to create confusion and disrupt the business.

Which of the following AI-generated vulnerabilities is the employee exploiting?

Options:

A.

Data reduction

B.

Data masking

C.

Data poisoning

D.

Data leaking

Buy Now
Questions 14

Which of the following describes the number of training cycles used in an AI model for threat detection?

Options:

A.

k-means clustering

B.

Tokens

C.

Temperature

D.

Epoch

Buy Now
Questions 15

A SOC team has an AI agent that performs web searches and calls to the SOAR solution. The team is concerned about enterprise uptime and case resolution time.

Which of the following is the most appropriate use of the AI agent?

Options:

A.

To analyze and contain offending users or hosts using SOAR playbooks

B.

To perform research using open-source intelligence to enrich the alerts

C.

To aggregate SOC metrics and generate reports for the leadership team

D.

To create tabletop exercises so the team can increase its incident response speed

Buy Now
Questions 16

Which of the following is a key principle of responsible AI systems?

Options:

A.

Using protected data for training

B.

Ensuring transparency and explainability

C.

Operating with human-in-the-loop

D.

Maximizing model security

Buy Now
Questions 17

A group of security engineers is developing a SIEM system that will be able to ingest data from multiple structured and unstructured sources, have a chatbot integrated with an LLM that the security analyst can interact with, and provide insights from the SIEM alert data.

Which of the following techniques should the security engineers consider before collecting the data from the respective sources?

Options:

A.

Balancing

B.

Verification

C.

Cleansing

D.

Vector storage

Buy Now
Questions 18

An organization is concerned with the exposure of sensitive data.

Which of the following is the most relevant security concern?

Options:

A.

Overfitting

B.

Model inversion

C.

Data normalization

D.

Hyperparameter tuning

Buy Now
Questions 19

During the selection of a machine learning (ML)-based threat classification model, a cybersecurity administrator verifies that label distribution is highly unbalanced.

Which of the following processing techniques should the engineer use to balance the model?

Options:

A.

Data lineage

B.

Data augmentation

C.

Data provenance

D.

Data verification

Buy Now
Questions 20

A security analyst is preparing a presentation for the sales team that describes the most common vulnerabilities that are specific to AI applications.

Which of the following is the best source for the analyst to consult?

Options:

A.

International Organization for Standards (ISO) 27001

B.

Common Weakness Enumeration (CWE)

C.

Open Worldwide Application Security Project (OWASP)

D.

National Institute of Technologies Risk Management Framework (NIST-RMF)

Buy Now
Questions 21

Which of the following requires developers to harden infrastructure to protect AI systems?

Options:

A.

Intake processes

B.

Acceptable use policies

C.

Development guidelines

D.

Configuration standards

Buy Now
Questions 22

Customer feedback for an AI chatbot has a high-rate of non-answers, which is causing higher central processing unit (CPU) utilization.

Which of the following should be implemented?

Options:

A.

Guardrails

B.

Response confidence level

C.

Prompt logging

D.

Cost monitoring

Buy Now
Questions 23

An administrator, who works for a financial institution, is required to implement data security controls for data at rest within AI systems that involve data disclosure.

Which of the following is the most suitable control?

Options:

A.

Data lineage

B.

Rate limits

C.

Encryption

D.

Masking

Buy Now
Questions 24

Which of the following International Organization for Standardization (ISO) standards contains compliance requirements for building an AI management system?

Options:

A.

20000

B.

27001

C.

27018

D.

42001

Buy Now
Questions 25

A developer is proposing a new AI application for human resources systems. Which of the following are the most important considerations?

Options:

A.

Geniality and appeal

B.

Privacy and security

C.

Graphics and design

D.

Brevity and summarization

Buy Now
Questions 26

An AI security administrator notices that the information referenced by the model is incorrectly formatted and missing values.

Which of the following job roles would most likely be responsible for correcting this error?

Options:

A.

Platform engineer

B.

Machine learning operations (MLOps) engineer

C.

Data engineer

D.

AI architect

Buy Now
Questions 27

After the latest software update, a developer receives reports that the system no longer requires reauthentication to display account balances because this issue was present in a previous release. Which of the following should the developer do to best mitigate the risk of recurrence?

Options:

A.

Ensure that AI approvals are required to push changes into production.

B.

Implement AI regression testing into the continuous integration/continuous deployment (CI/CD) pipeline.

C.

Deploy an AI-assisted change management system to schedule and track feature releases.

D.

Use code commit automation to perform AI-assisted static application security testing (SAST) scans.

Buy Now
Questions 28

Which of the following helps end users within an organization the most in safeguarding against the risk of AI-related non-compliance?

Options:

A.

AI center of excellence

B.

Policies and procedures

C.

Implementing data loss prevention

D.

Enabling multifactor authentication (MFA) for access

Buy Now
Questions 29

Users report that the output of a generative AI application seems unrelated to the prompts and contains offensive content. A security team investigates and determines that there was an on-path attack.

Which of the following is the most likely attack method?

Options:

A.

Application server hijacking

B.

Session hijacking

C.

Domain hijacking

D.

Model hijacking

Buy Now
Questions 30

Which of the following attacks is most enabled by AI-generated content?

Options:

A.

Model poisoning

B.

Phishing

C.

Ransomware

D.

Remote code execution

Buy Now
Questions 31

A recently deployed AI system becomes persistently unavailable. A restart temporarily fixes the issue, but the issue happens again. Upon examination of API logs, an analyst finds that external calls continued to use system resources after the action completed.

Which of the following is the best way to improve availability of the system?

Options:

A.

Creating token limits

B.

Enforcing session expiration

C.

Increasing system memory

D.

Implementing multifactor authentication (MFA)

Buy Now
Questions 32

An automobile manufacturer implements a chatbot to assist with configuration options for customer automobiles. Given a customer ' s prompt, the chatbot gives offensive responses.

Which of the following describes this behavior?

Options:

A.

Model skewing

B.

Model theft

C.

Jailbreaking

D.

Insecure output handling

Buy Now
Questions 33

A security consultant must summarize the impact of posture management on a machine learning (ML) use case.

Which of the following is the most appropriate reference for this purpose?

Options:

A.

Organization for Economic Co-operation and Development (OECD) standards

B.

National Institute of Standards and Technology (NIST) AI Risk Management Framework (RMF)

C.

European Union AI Act

D.

Generative adversarial network (GAN)

Buy Now
Questions 34

An organization implements a domain-specific AI chatbot. After operating normally for weeks, the model returns contextually incorrect responses — treating ' worm ' as a biological pest rather than a computer worm when answering a cybersecurity question.

Which of the following should the organization do to address the issue?

Options:

A.

Configure guardrails.

B.

Encrypt the weights at rest.

C.

Apply model access controls.

D.

Deploy prompt templates.

Buy Now
Questions 35

Which of the following ensures the integrity of data usage in an AI system?

Options:

A.

Data masking

B.

Data cleansing

C.

Data verification

D.

Data lineage

Buy Now
Questions 36

Which of the following attacks would be the best to automate with AI during dynamic application software testing (DAST)?

Options:

A.

Distributed denial-of-service (DDoS)

B.

Data poisoning

C.

Payload creation

D.

Threat modeling

Buy Now
Questions 37

An IT company implements an adaptable chatbot that learns from user prompts. Based on the conversation shown — where User 2 injected false information about a company acquisition that caused the chatbot to give incorrect responses to User 3 — which of the following compensating controls should an administrator implement to mitigate the issue?

Options:

A.

Data encryption

B.

Rate-limiting application programming interfaces (APIs)

C.

Transfer learning

D.

Guardrails

Buy Now
Questions 38

Which of the following should an auditor reference when reviewing a company ' s human resources AI systems for legal non-compliance?

Options:

A.

Organization for Economic Cooperation and Development (OECD) standard

B.

National Institute of Standards and Technology (NIST) AI Risk Management Framework (RMF)

C.

European Union (EU) AI Act

D.

International Organization for Standardization (ISO)

Buy Now
Questions 39

Which of the following provides guidance on AI-specific compliance?

Options:

A.

Organisation for Economic Co-operation and Development (OECD)

B.

International Organization for Standardization (ISO) 27001

C.

Payment Card Industry Data Security Standard (PCI DSS)

D.

General Data Protection Regulation (GDPR)

Buy Now
Questions 40

An organization develops a chatbot that does not provide harmful or explicit responses, must use clean and professional language, and ensures that responses are accurate.

Which of the following should the organization conduct after the chatbot is fully developed but before a customer-facing deployment?

Options:

A.

Data labeling and classification

B.

Model auditing and evaluation

C.

Guardrail testing and validation

D.

Regression modeling and minimization

Buy Now
Exam Code: CY0-001
Exam Name: CompTIA SecAI+ Certification Exam
Last Update: Jul 12, 2026
Questions: 0
CY0-001 pdf

CY0-001 PDF

$25.5  $84.99
CY0-001 Engine

CY0-001 Testing Engine

$30  $99.99
CY0-001 PDF + Engine

CY0-001 PDF + Testing Engine

$180  $600