CY0-001 CompTIA SecAI+ v1 Exam Questions and Answers

Basic Concept: System prompt injection — where an unauthorized party modifies the AI system ' s core instructions — represents a serious integrity attack. Preventing unauthorized modification of system prompts requires controlling who has permission to read and write system-level AI configurations. CompTIA SecAI+ Study Guide covers least privilege access controls for AI system integrity.

Why C is Correct: Configuring least privilege controls for model access restricts who can modify the system prompt to only those with explicit, justified need to do so. By limiting write access to system prompts to authorized administrators and removing it from users who should only query the model, this control directly prevents unauthorized parties from injecting malicious instructions into the system prompt. Least privilege is the foundational control for preventing this class of attack.

Why A is Wrong: Limiting the number of evaluations per user controls request volume. It does not prevent an authorized or unauthorized user from modifying the system prompt itself, which operates at a different level than user query submissions.

Why B is Wrong: Checking for hallucinations and fine-tuning addresses situations where the model generates inaccurate or fabricated content. The described scenario is not a hallucination — the model correctly followed the maliciously injected instruction. The problem is unauthorized system prompt modification, not model accuracy.

Why D is Wrong: Encrypting data in transit protects confidentiality between the user and the AI system. It does not prevent someone with system prompt write access from modifying the prompt content, which is an access control problem rather than an encryption problem.

Basic Concept: Cybersecurity threats evolve continuously, with new attack variants emerging regularly. The choice between traditional statistical models and ML models for attack classification depends on which better handles the complexity and dynamism of the threat landscape. CompTIA SecAI+ covers ML model advantages for cybersecurity under basic AI concepts.

Why A is Correct: ML models can learn arbitrarily complex, non-linear relationships from training data and adapt to new patterns when retrained with updated data. For attack classification, this means ML can recognize sophisticated, multi-feature attack patterns that exceed the capabilities of simple statistical models and can be updated to detect new attack variants as the threat landscape evolves. This adaptability to complex and changing problems is the primary reason analysts prefer ML over static statistical approaches.

Why B is Wrong: ML model development pipelines are generally more complex than statistical models, requiring data preparation, feature engineering, model selection, training, validation, and deployment steps. Simplicity of development is not a characteristic advantage of ML over statistical models.

Why C is Wrong: ML models typically require large amounts of training data to perform well. Statistical models often perform better than ML with small datasets. Performance with small datasets is actually an advantage of statistical models over ML, not ML over statistical.

Why D is Wrong: Community support and expert availability are ecosystem considerations rather than technical reasons to prefer ML for cybersecurity classification tasks. These factors might influence tool selection but do not explain the fundamental technical preference for ML ' s superior handling of complex attack patterns.

Basic Concept: When a storage misconfiguration leads to data exposure, the question is which encryption type would have protected the confidentiality of data stored in that misconfigured storage. The three states of data — at rest, in transit, and in use — each require different encryption mechanisms. CompTIA SecAI+ Study Guide covers encryption states and their applicability to AI data protection.

Why D is Correct: Encryption at rest protects data stored in databases, file systems, and storage media by encrypting it so that even if unauthorized parties gain access to the storage through a misconfiguration, the data remains unreadable without the decryption key. Since the exposure resulted from a storage misconfiguration that allowed access to stored data, encryption at rest would have maintained confidentiality of the customer information despite the misconfiguration granting storage access.

Why A is Wrong: Model encryption specifically protects AI model weights and parameters from unauthorized access. It does not protect customer data stored in databases or data stores associated with the AI system.

Why B is Wrong: Encryption in transit protects data moving between components over networks. It does not protect data stored at rest in misconfigured storage that is accessed directly rather than over a network connection.

Why C is Wrong: Encryption in use (homomorphic encryption or confidential computing) protects data while it is being actively processed in memory. It addresses runtime processing security, not the confidentiality of data stored in misconfigured storage that is not currently being processed.

Basic Concept: Pattern recognition is an AI technique that enables a system to identify recurring sequences or structures within data. In cybersecurity, detecting behavioral patterns such as consistent pre-login failure sequences followed by successful access is critical for threat detection. CompTIA SecAI+ Exam Objectives cover this under AI-assisted security.

Why B is Correct: The scenario describes a highly regular, repeating behavioral pattern — two failures followed by success at a specific time interval, consistently during office hours. Pattern recognition enables the AI model to learn this sequence and flag it as indicative of credential stuffing or an automated brute-force attack with timing controls. ML-driven pattern recognition is specifically designed for such behavioral anomaly detection.

Why A is Wrong: Access management controls who can log in and under what conditions. It enforces authorization policies but does not analyze or detect suspicious behavioral sequences in authentication logs.

Why C is Wrong: Signature matching compares known attack signatures against observed data. The described pattern is behavioral and time-based rather than a known malware or exploit signature, making this technique unsuitable.

Why D is Wrong: Vulnerability analysis identifies weaknesses in systems and code. It does not analyze authentication log sequences or detect behavioral patterns in user activity data.

Basic Concept: Creating realistic deepfake videos that convincingly replicate a real person ' s facial expressions, movements, and voice requires deep learning models capable of learning and synthesizing complex spatial and temporal features from existing video data. CompTIA SecAI+ covers deepfake technologies under basic AI concepts.

Why B is Correct: Convolutional Neural Networks are foundational to deepfake video generation. CNNs excel at learning spatial features from visual data and are used within deepfake architectures to analyze source and target faces, extract facial features, and synthesize realistic face swaps or face animations. Modern deepfake systems typically combine CNNs with autoencoders and GANs to generate convincing video content showing a person saying or doing things they never did.

Why A is Wrong: Statistical analysis involves mathematical methods for analyzing data distributions and relationships. It does not have the capability to generate synthetic video content or replicate a person ' s visual likeness in motion.

Why C is Wrong: An ML classifier assigns input data to predefined categories. Classification models detect and label content rather than generating new synthetic video content of a person ' s likeness. They are detection tools, not generation tools.

Why D is Wrong: Random forest is an ensemble ML method using multiple decision trees for classification and regression tasks. It works on structured, tabular data and cannot process or generate visual, spatial data needed for realistic deepfake video synthesis.

Basic Concept: LLM-based chatbots accepting user-uploaded files face two critical risk categories: malicious input injection and resource or cost abuse. CompTIA SecAI+ Study Guide highlights prompt security controls and resource management as key defensive layers for public-facing LLM applications.

Why A is Correct: Prompt guardrails intercept and filter user inputs and model outputs, blocking malicious prompts, prompt injection attempts, and harmful file content before affecting model behavior. Since users can upload files, guardrails are essential for sanitizing and validating that content before processing.

Why D is Correct: Model token quotas directly limit how much of the LLM ' s processing capacity a user can consume. This prevents abuse beyond the SLA, including denial-of-wallet attacks or resource exhaustion through excessively large inputs or repeated requests.

Why B is Wrong: Role-based access controls manage who can access what resources. While useful for internal systems, they do not address malicious input content or enforce LLM resource consumption limits for a public-facing chatbot.

Why C is Wrong: Firewall rules operate at the network layer and can block unauthorized IPs or ports but cannot inspect or filter the semantic content of prompts or control token-level LLM usage.

Basic Concept: Human-in-the-loop is a design pattern where AI systems generate recommendations or decisions but require human review and approval before those recommendations are acted upon. This approach maintains human oversight and accountability in AI-assisted workflows. CompTIA SecAI+ Study Guide covers human-in-the-loop as a key responsible AI principle and operational pattern.

Why C is Correct: The scenario precisely describes the human-in-the-loop pattern: the AI system identifies potential issues and provides recommendations, but an administrator must review those recommendations before any action is taken. This deliberate inclusion of human judgment in the AI ' s decision or recommendation workflow ensures human oversight is maintained, which is the defining characteristic of the human-in-the-loop process.

Why A is Wrong: Data validation verifies that data meets expected quality standards and formats before being used in AI processing. It is a data quality control activity, not a workflow pattern describing human review of AI recommendations.

Why B is Wrong: Data preparation involves transforming raw data into a format suitable for AI model training or inference. It encompasses cleaning, normalizing, and formatting data, not the process of human review of AI-generated recommendations during system updates.

Why D is Wrong: Model evaluation assesses a model ' s performance against metrics such as accuracy, precision, and recall on test datasets. It is a technical assessment of model quality, not a workflow process where humans review AI-generated recommendations before acting on them.

Basic Concept: API-based AI systems are susceptible to DoS attacks where excessive requests overwhelm the system ' s ability to respond to legitimate users. Rate limiting is the standard control for preventing both intentional and unintentional API abuse. CompTIA SecAI+ Study Guide covers rate limiting as a key availability control for AI APIs.

Why C is Correct: Rate limiting restricts the number of requests a client can make to an API within a defined time window. In this scenario, a brute-force DoS attack works by sending a massive volume of requests to exhaust the model ' s resources. Rate limiting would have automatically throttled or blocked the excessive request volume, preventing the attack from succeeding and preserving service availability for legitimate hospital users.

Why A is Wrong: Tokenization replaces sensitive data values with non-sensitive placeholders. It is a data security control for protecting sensitive information such as patient identifiers, not a control for managing API request volumes or preventing DoS attacks.

Why B is Wrong: Model guardrails filter and constrain model inputs and outputs for safety and policy compliance. They inspect content quality, not request volume, and cannot prevent a volume-based DoS attack.

Why D is Wrong: A prompt firewall inspects the content of prompts for malicious patterns or policy violations. Like guardrails, it analyzes content rather than controlling request frequency and cannot prevent resource exhaustion from a high-volume brute-force attack.

Basic Concept: ISO develops international standards for management systems across various domains. For organizations seeking third-party certification demonstrating commitment to responsible AI governance practices, the appropriate ISO standard must specifically address AI management systems. CompTIA SecAI+ Exam Objectives cover ISO standards relevant to AI governance under Domain 4.

Why D is Correct: ISO 42001 is the International Standard for Artificial Intelligence Management Systems (AIMS). It provides a framework for establishing, implementing, maintaining, and continually improving an AI management system within organizations. ISO 42001 certification provides third-party assurance specifically for responsible AI practices including risk management, transparency, human oversight, and ethical AI governance — directly answering the question.

Why A is Wrong: ISO 20000 is the standard for IT Service Management (ITSM). It provides requirements for establishing and maintaining a service management system for IT services. It does not address AI governance or responsible AI practices.

Why B is Wrong: ISO 27001 is the standard for Information Security Management Systems (ISMS). It addresses general information security risk management, not AI-specific governance or responsible AI practices such as fairness, transparency, and AI lifecycle management.

Why C is Wrong: ISO 27701 extends ISO 27001 to address Privacy Information Management (PIMS), covering personal data protection requirements aligned with GDPR. While relevant to data privacy in AI systems, it does not specifically certify responsible AI governance practices.

Basic Concept: Operating AI systems within a budget requires direct control over the primary cost driver of LLM usage. For research environments where users may run extensive queries, token consumption management is the most effective budget control mechanism. CompTIA SecAI+ Study Guide covers token limits as the key cost management control for AI environments.

Why D is Correct: Token limits set hard caps on the maximum tokens consumed per request and per session, directly controlling the per-interaction cost of LLM API usage. In a research environment where users may submit complex, multi-part queries generating long responses, token limits prevent any single interaction from consuming disproportionate budget and enable the administrator to enforce aggregate budget constraints across all users and research activities.

Why A is Wrong: Prompt firewalls inspect and filter prompt content for security and policy compliance. They are security controls designed to prevent malicious or policy-violating prompts, not financial controls for managing token consumption or enforcing budget limits.

Why B is Wrong: API access controls manage authentication and authorization for API interactions, governing who can connect to the AI API. While restricting API access could limit who uses the system, it does not control how much budget individual authorized users consume through their research queries.

Why C is Wrong: Model guardrails enforce content policy and behavioral constraints on model inputs and outputs. They ensure safe and appropriate responses but do not limit the computational resources or tokens consumed by interactions, making them unsuitable as budget enforcement controls.

Basic Concept: AI models trained on unrepresentative data can produce systematically inaccurate results for certain population groups. This is a form of algorithmic bias where the model ' s performance varies significantly across demographic segments, creating disparate outcomes. CompTIA SecAI+ Exam Objectives cover bias as a core AI governance and risk concept.

Why A is Correct: Bias in AI occurs when a model produces systematically skewed results for certain groups due to biased training data, flawed data collection, or model design choices. In this healthcare scenario, the inability to reliably predict illnesses for specific population segments indicates the training data likely underrepresented those segments, causing the model to learn inadequate patterns for them. This is a critical bias risk with serious health equity implications.

Why B is Wrong: Consistency refers to the model producing the same output given the same input across different runs or time periods. The problem described is not about inconsistent outputs for the same input but about systematically poor performance for specific population groups.

Why C is Wrong: Transparency refers to openness about how the AI model operates, what data it uses, and how it makes decisions. The compliance officer has already assessed the system, suggesting sufficient transparency exists to identify the performance gap.

Why D is Wrong: Inclusiveness is a design principle ensuring AI systems are designed to serve all users regardless of background. While related to the outcome, the specific risk type described — differential predictive accuracy across population segments — is most precisely categorized as bias.

Basic Concept: Before deploying an AI chatbot that has specific behavioral requirements — no harmful content, professional language, and accurate responses — organizations must verify that the controls designed to enforce these requirements actually work as intended. This pre-deployment verification is essential for customer-facing systems. CompTIA SecAI+ Study Guide covers guardrail testing as a required pre-deployment activity.

Why C is Correct: Guardrail testing and validation specifically verifies that the content filtering, safety controls, and behavioral constraints implemented in the chatbot function correctly before customer exposure. This involves systematically testing with edge cases, adversarial prompts, and boundary conditions to confirm that harmful content is blocked, language remains professional, and responses are accurate. This directly validates the three requirements stated in the question.

Why A is Wrong: Data labeling and classification is a data preparation activity performed during model training and development. By the time the chatbot is fully developed, this work should already be complete.

Why B is Wrong: Model auditing and evaluation assesses overall model performance, accuracy, and compliance at a broader level. While important, it does not specifically verify that the guardrails enforcing the three behavioral requirements work correctly for the specific failure modes customers might trigger.

Why D is Wrong: Regression modeling and minimization refers to statistical techniques for continuous outcome prediction. This is not a relevant pre-deployment activity for a conversational chatbot requiring behavioral safety validation.

Basic Concept: Infrastructure hardening for AI systems involves applying security baseline settings and eliminating unnecessary attack surfaces. CompTIA SecAI+ Exam Objectives identify configuration standards as the specific governance instrument that mandates infrastructure hardening requirements for AI deployments.

Why D is Correct: Configuration standards are formal, technical documents specifying exact security settings, baseline configurations, and hardening requirements that developers and administrators must implement to protect systems including AI infrastructure. They establish enforceable rules such as disabling unnecessary services, applying least-privilege access, and enforcing secure communication protocols specifically for AI systems.

Why A is Wrong: Intake processes govern how new projects, systems, or requests are evaluated and onboarded into an organization. They are procedural checkpoints for initial assessment, not technical hardening directives for developers.

Why B is Wrong: Acceptable use policies define appropriate ways employees and users may use organizational systems and AI tools. They are behavioral guidelines aimed at end users, not technical requirements instructing developers to secure infrastructure.

Why C is Wrong: Development guidelines provide best practices and recommendations for software development and may include security considerations. However, they are advisory in nature and broader in scope than the specific mandatory infrastructure-hardening requirements found in configuration standards.

Basic Concept: When unauthorized changes to an ML training pipeline cause model degradation, the root cause is insufficient access control and change management around the pipeline. Preventing future occurrences requires implementing governance controls that ensure all pipeline changes are reviewed and approved before execution. CompTIA SecAI+ Study Guide covers MDLC change management controls.

Why B is Correct: Enabling human review and approval workflows in the repository creates a mandatory gate requiring authorized reviewers to examine and approve any changes to training pipeline code before they can be merged and executed. This prevents unauthorized modifications from reaching the pipeline by enforcing a review process where any suspicious or unauthorized changes will be caught and rejected before they affect model training and performance.

Why A is Wrong: Static code scanning analyzes code for vulnerabilities and coding standard violations. While it improves code quality and security, it does not prevent unauthorized individuals from submitting and merging malicious changes to the pipeline without proper review.

Why C is Wrong: Retraining with more data and epochs addresses model performance restoration after the fact but does not prevent future unauthorized pipeline modifications. If the pipeline remains unprotected, the same attack could occur again on the new model.

Why D is Wrong: Keeping multiple model copies enables rapid restoration of a previous version when a deployed model is found to be compromised. While useful for recovery, it is a reactive measure that does not prevent unauthorized pipeline changes from occurring and affecting future model training.

Basic Concept: Jailbreaking through prompt injection exploits the LLM ' s tendency to follow instructions embedded in user input, overriding its intended behavior. The model was manipulated to offer unauthorized discounts, demonstrating that its operational boundaries were not properly enforced. CompTIA SecAI+ Study Guide identifies guardrails as the primary defense against jailbreaking attacks.

Why D is Correct: Guardrails are robust, layered controls that enforce behavioral boundaries on LLM inputs and outputs. They can detect and block jailbreaking attempts, enforce business logic constraints such as preventing unauthorized discounts, validate outputs against policy rules before delivery, and prevent the model from operating outside its defined scope. Guardrails are specifically designed to make models more robust against prompt injection and jailbreaking.

Why A is Wrong: Bias filtering is designed to detect and remove biased, discriminatory, or offensive content from model outputs. It addresses content fairness issues but does not prevent jailbreaking attacks that manipulate the model into performing unauthorized actions.

Why B is Wrong: A system prompt sets the model ' s base instructions and persona, but the jailbreak attack already demonstrates that the current prompt can be overridden. Guardrails provide enforcement at a layer that is more resistant to prompt manipulation than the system prompt alone.

Why C is Wrong: Log monitoring detects jailbreaking attempts after they have already succeeded. It is a detective control that enables incident response but does not prevent the model from offering unauthorized discounts in the first place.

Basic Concept: When implementing guardrails for compliance purposes, organizations need a recognized framework or standard that provides authoritative guidance on what guardrails should address and how to implement them. Compliance guardrails require industry-recognized standards as their basis. CompTIA SecAI+ Study Guide identifies OWASP as the primary reference for LLM application security controls including guardrails.

Why B is Correct: OWASP provides the OWASP Top 10 for Large Language Model Applications, which is a recognized industry resource defining the most critical vulnerabilities in LLM applications and the guardrails needed to mitigate them. Using OWASP as the reference for compliance-required guardrails provides a defensible, industry-standard basis for the security controls implemented, satisfying compliance requirements with authoritative guidance on what guardrails should prevent and how they should function.

Why A is Wrong: RAG is an AI architecture that enhances LLM responses with retrieved external context. It is a capability enhancement technique, not a framework for defining or implementing security guardrails for compliance purposes.

Why C is Wrong: LLM libraries are software development toolkits that provide functions for working with language models. While they may include built-in guardrail features, they are implementation tools, not the governance resource or standard that compliance guardrail requirements should be based upon.

Why D is Wrong: A SIEM is a security monitoring and alerting platform that aggregates and analyzes log data. It is a detection and monitoring tool, not a framework that defines what guardrails are required for LLM application compliance.

Basic Concept: Different ML model architectures offer varying degrees of explainability. In cybersecurity, understanding why a model classified a log entry as malicious or benign is critical for analyst trust, investigation, and regulatory compliance. CompTIA SecAI+ covers model explainability under responsible AI and basic AI concepts.

Why C is Correct: Decision trees are inherently interpretable models that classify data through a series of transparent if-then rules. Every classification decision can be traced through the exact path of conditions that led to it, showing precisely which log entry features triggered the classification. Analysts can read and understand the decision path, making decision trees the gold standard for explainable ML classification in security applications where understanding the reason for a classification is as important as the classification itself.

Why A is Wrong: Large language models are complex transformer architectures with hundreds of billions of parameters. They function as black boxes — their internal decision-making processes are not human-interpretable, making them poor choices when explainability is the primary requirement.

Why B is Wrong: Neural networks are non-linear black box models. While they can achieve high classification accuracy, their multi-layer architecture makes it extremely difficult to explain why specific decisions were made in human-understandable terms.

Why D is Wrong: Generative adversarial networks are designed for generating synthetic data, not for classification tasks. They consist of competing generator and discriminator networks and are fundamentally unsuitable for log entry classification with explainability requirements.

Basic Concept: AI can augment SOC operations in various ways, but the most appropriate uses maintain human oversight and leverage AI ' s natural language understanding to reduce cognitive load on analysts. CompTIA SecAI+ Study Guide identifies alert summarization as a high-value, low-risk AI application for SOC enhancement.

Why D is Correct: AI-powered alert summarization consolidates complex, high-volume security alerts into concise, actionable insights, helping analysts rapidly understand threats without reading extensive raw log data. This is a safe, bounded AI application that enhances analyst efficiency while preserving human decision-making authority, directly addressing the volume and complexity challenges SOCs face.

Why A is Wrong: Generating and executing code directly in production without human review introduces serious risk. AI-generated code may contain errors, security vulnerabilities, or unintended side effects that could disrupt or compromise production systems.

Why B is Wrong: Enabling an AI assistant to act autonomously with no human intervention violates the human-in-the-loop principle. Autonomous AI in a SOC without oversight could incorrectly contain legitimate systems, miss actual threats, or make consequential decisions without accountability.

Why C is Wrong: Deploying open-source models directly in production without proper vetting, security hardening, and compliance review introduces supply chain risk, model reliability concerns, and potential intellectual property issues into sensitive security operations.

Basic Concept: In a layered AI system security architecture, access control must be established at each layer, beginning from the outermost point of entry. Authentication must be established at the endpoint level first, as this is the first point of interaction between users and the AI system. CompTIA SecAI+ Study Guide establishes endpoint authentication as the initial access control layer for AI systems.

Why D is Correct: Endpoint access control is the first authentication control to implement because it governs the initial connection from user devices or client applications to the AI system. All subsequent access layers including server access, model access, and data access depend on the endpoint being authenticated first. Establishing endpoint authentication ensures that only authorized endpoints can initiate sessions and proceed through subsequent authentication layers.

Why A is Wrong: Model access controls govern who can query, update, or access the AI model ' s parameters and functions. This control layer is implemented after endpoint authentication has been established, as it applies to requests that have already been authenticated at the endpoint level.

Why B is Wrong: Server access controls manage access to the computing infrastructure hosting the AI system. While critical for infrastructure security, server-level controls are configured by administrators and are not the first authentication control for end-user access flows.

Why C is Wrong: Data access controls define what data the AI system and its users can read, write, or query. These are implemented at a deeper layer after endpoint and potentially model authentication have verified that the requester is authorized to interact with the system at all.

Basic Concept: Unstructured data such as free-form text, images, and audio does not have predefined labels or rigid schema. Training an AI model effectively on unstructured data requires techniques that can leverage patterns within the data itself or adapt a pre-trained model to new data types. CompTIA SecAI+ covers AI training methodologies under basic AI concepts.

Why B is Correct: Fine-tuning takes a pre-trained foundation model that has already learned rich representations from massive unstructured datasets and further trains it on a specific, potentially smaller unstructured dataset. This adapts the model to a new domain, task, or data type without requiring labeled data for every training example. Fine-tuning is the most practical and effective approach for working with unstructured data in modern AI development.

Why A is Wrong: Statistical learning typically refers to classical machine learning approaches that often assume structured, numerical data with defined features. These methods generally struggle with high-dimensional unstructured data without significant preprocessing.

Why C is Wrong: Supervised learning requires labeled training data where each example has an associated correct output label. Applying supervised learning to unstructured data requires extensive manual labeling, which is the opposite of working with raw unstructured data.

Why D is Wrong: Reinforcement learning trains models through reward signals based on actions taken in an environment. It is designed for sequential decision-making tasks and is not the standard approach for learning representations from unstructured data at scale.

Basic Concept: An on-path (formerly man-in-the-middle) attack intercepts communication between two parties, allowing the attacker to read, modify, or inject content. In the context of a generative AI application, an on-path attack on the session between user and AI service can manipulate prompts being sent to the model or responses being returned to users. CompTIA SecAI+ covers AI-specific attack vectors under securing AI systems.

Why B is Correct: Session hijacking involves an attacker taking control of an active user session by capturing or forging session tokens. In this attack, the attacker intercepts the communication channel between users and the AI application, allowing them to modify prompts sent to the model or replace legitimate model responses with offensive content. This explains why outputs seem unrelated to prompts and contain offensive material.

Why A is Wrong: Application server hijacking involves gaining unauthorized control of the server hosting the application. While severe, this would typically manifest as complete service disruption or data exfiltration rather than targeted modification of individual user session content.

Why C is Wrong: Domain hijacking involves unauthorized transfer of a domain name registration, redirecting all users to a different IP address. This would affect all users simultaneously and typically redirect to a completely different site rather than manipulating individual AI responses.

Why D is Wrong: Model hijacking refers to attacks that steal or replicate an AI model, not to intercepting and modifying the communication between users and an existing model during active sessions.

Basic Concept: When employees interact with public-facing LLMs, any data they input may be processed, logged, or used for model training by the third-party provider. This creates serious regulatory and compliance risks, particularly when sensitive corporate or customer data is involved. CompTIA SecAI+ flags data governance and regulatory compliance as primary concerns in enterprise AI adoption.

Why C is Correct: Submitting sensitive business data, PII, financial records, or proprietary information to public LLMs may violate data protection regulations such as GDPR, HIPAA, or CCPA. These violations can result in substantial fines, legal liability, and significant reputational damage. This represents the most severe and impactful organizational risk from corporate use of public LLMs.

Why A is Wrong: Hallucinations where LLMs generate plausible but incorrect information are a reliability concern. However, they do not expose the company to the level of legal and financial penalties that data regulatory violations create.

Why B is Wrong: Out-of-date acceptable use policies represent an internal governance gap. This is a policy management issue rather than a direct risk with immediate legal or financial consequences.

Why D is Wrong: While LLMs can potentially generate malicious code if deliberately prompted, this requires adversarial intent. For typical corporate users, accidental data disclosure to a public LLM represents a far more common and immediate organizational risk.

Basic Concept: User experience with AI systems is directly correlated to how accurately and relevantly the model responds to user queries. Poor model accuracy manifests as irrelevant, incorrect, or unhelpful responses, which is the primary driver of poor user experience. CompTIA SecAI+ Study Guide covers AI performance monitoring and user experience optimization.

Why B is Correct: Model accuracy metrics in logs reveal how often the model provides correct, relevant, and useful responses. Reviewing accuracy-related log data such as confidence scores, response quality ratings, error rates, and user feedback correlations enables the architect to identify performance gaps causing poor experiences and guides optimization efforts like fine-tuning or retrieval improvements.

Why A is Wrong: Rate monitoring tracks API call frequency and throughput. While important for capacity planning and detecting abuse, it does not directly reflect the quality of model responses that determine user experience.

Why C is Wrong: Access controls manage who can use the system and what permissions they have. They are a security concern rather than a user experience metric. Reviewing access control logs does not reveal information about response quality.

Why D is Wrong: Data storage metrics relate to storage capacity, utilization, and performance of data persistence layers. While these can affect response speed, they do not provide insights into model response quality or accuracy that drive user experience.

See Explanation

Basic Concept: This is a Performance-Based Question (PBQ) — a simulation requiring interactive protocol and cipher selection in the actual exam. It tests the candidate ' s ability to select appropriate encryption protocols for different AI system components and apply proper data security techniques for sensitive AI data.

Key Concept — Encryption by Component: For data in transit between AI components, TLS 1.3 is the current standard protocol. For API communications, HTTPS with TLS 1.3 and certificate pinning is appropriate. For database connections used by AI systems, TLS with strong cipher suites such as AES-256-GCM should be applied. For data at rest in model stores and training data repositories, AES-256 encryption is standard. For authentication tokens and keys, RSA-2048 or ECC P-256 are appropriate asymmetric options.

Key Concept — Data Techniques: For sensitive AI training data that has been modified, tokenization replaces sensitive values with non-sensitive tokens. Masking obscures sensitive fields in outputs. Hashing provides one-way verification for data integrity.

Basic Concept: ISO develops management system standards for various organizational domains. For organizations building and managing AI systems in a structured, compliant manner, the appropriate ISO standard must specifically address the unique requirements of AI management systems including risk governance, lifecycle management, and accountability. CompTIA SecAI+ Exam Objectives cover ISO standards applicable to AI governance.

Why D is Correct: ISO 42001 (Artificial Intelligence Management System — AIMS) is the international standard specifically designed for building and managing AI management systems. It provides compliance requirements and guidance for establishing, implementing, maintaining, and continually improving an organization ' s AI management system, addressing AI-specific concerns including risk management, AI system governance, accountability, transparency, and continuous improvement for AI applications.

Why A is Wrong: ISO 20000 is the Information Technology Service Management (ITSM) standard covering IT service delivery processes, SLAs, incident management, and change management. It is not an AI management standard and does not address AI-specific governance requirements.

Why B is Wrong: ISO 27001 is the Information Security Management System (ISMS) standard addressing organizational information security risk management through controls and policies. While relevant to data security in AI systems, it does not contain requirements specifically for building an AI management system.

Why C is Wrong: ISO 27018 is a code of practice for protection of personally identifiable information (PII) in public cloud computing environments, extending ISO 27001 for cloud privacy. It addresses cloud PII protection rather than AI system management compliance requirements.

Basic Concept: The relationship between AI system capabilities and security risk is a fundamental concept in AI governance. As AI models gain more functionality and capabilities, their potential for misuse, unintended consequences, and attack surface expansion grows proportionally. CompTIA SecAI+ Study Guide addresses capability-risk proportionality under AI governance.

Why D is Correct: The risks of a generative AI product are proportional to its capabilities. Each new feature expands what the model can do, which simultaneously expands what adversaries can manipulate it to do, what sensitive operations it can be directed to perform, and what unintended harm it can cause. A model that can generate text, images, execute code, and call external APIs has dramatically greater risk potential than one that can only generate text. Risk grows with capability scope.

Why A is Wrong: Risks do not remain constant when new features are added. New features introduce new attack vectors, expand the model ' s action space, and create new opportunities for misuse. Each addition fundamentally changes the system ' s risk profile.

Why B is Wrong: While risks do increase with new features, saying they simply increase does not capture the precise relationship. The increase is proportional to the nature and scope of the capabilities added, not a uniform increment for any feature addition.

Why C is Wrong: While risks can be measured qualitatively, stating that risks are measured qualitatively is a statement about measurement methodology rather than an explanation of how risks change when functionality is enabled. It does not accurately describe the relationship between capability and risk.

Basic Concept: AI chatbot operational costs are primarily driven by token consumption — the number of tokens processed in requests and generated in responses. Unexpected cost increases in LLM-based chatbots almost always trace back to abnormal token usage patterns. CompTIA SecAI+ Study Guide covers AI cost monitoring and token-based billing under securing AI systems.

Why D is Correct: Model token usage logs directly show how many tokens are being consumed per request, by which users or endpoints, and whether usage has increased abnormally. Examining token usage data is the most direct path to identifying the root cause of unexpected cost increases — whether from a denial-of-wallet attack, user abuse, a new feature generating verbose responses, or legitimate organic growth in usage. This is the first and most relevant examination point for LLM cost analysis.

Why A is Wrong: Firewall logs capture network-level traffic information. While they can reveal unusual access patterns or volumes, they do not contain token consumption data that directly explains LLM billing increases.

Why B is Wrong: WAF rules define filtering policies for web traffic. Reviewing rule configurations does not reveal whether token usage has increased or why costs have risen; it shows security policy settings rather than consumption metrics.

Why C is Wrong: Vector database IOPS performance measures how quickly the database processes read and write operations. While relevant to RAG system performance, IOPS metrics do not directly explain LLM API cost increases driven by token consumption.

Basic Concept: AI systems used in employment contexts such as job screening carry significant regulatory risk. For a multinational company operating in or serving markets covered by the EU AI Act, compliance with this binding regulation is mandatory to avoid substantial fines. CompTIA SecAI+ Exam Objectives cover AI regulatory compliance under Domain 4.

Why B is Correct: The EU AI Act explicitly classifies AI systems used for employment screening, candidate evaluation, and worker management as high-risk AI applications. These systems are subject to strict compliance requirements including mandatory conformity assessments, human oversight, transparency obligations, and registration. Non-compliance can result in fines up to 30 million euros or 6% of global annual turnover. A multinational company implementing AI job screening must reference the EU AI Act as the primary compliance obligation.

Why A is Wrong: ISO AI standards such as ISO 42001 are voluntary management system standards. While useful for best practices, they do not carry legal enforcement power and adherence does not prevent regulatory fines from binding legislation like the EU AI Act.

Why C is Wrong: Corporate policy is an internal governance document that sets organizational standards. It cannot supersede external legal obligations and following only corporate policy does not protect against fines from regulatory bodies enforcing the EU AI Act.

Why D is Wrong: NIST AI RMF is a voluntary American risk management framework. While excellent for AI risk governance, it is not a binding regulation and does not address the legal compliance requirements that generate fines from regulatory authorities in jurisdictions covered by the EU AI Act.

Basic Concept: Dynamic Application Security Testing (DAST) tests running applications by sending various inputs to discover vulnerabilities. AI can significantly enhance DAST by intelligently generating diverse, targeted test payloads that traditional tools might miss. CompTIA SecAI+ covers AI augmentation of security testing methodologies.

Why C is Correct: Payload creation is highly suitable for AI automation during DAST. AI can generate diverse, contextually appropriate attack payloads such as SQL injection strings, XSS vectors, command injection attempts, and format string exploits tailored to the specific application ' s behavior observed during testing. AI can learn from the application ' s responses to previous payloads and generate increasingly targeted inputs, discovering vulnerabilities more efficiently than static payload databases.

Why A is Wrong: DDoS attacks are volume-based attacks designed to overwhelm network or application infrastructure. Automating DDoS during DAST is inappropriate as it would disrupt service availability rather than discover application security vulnerabilities, and it is harmful to legitimate operations.

Why B is Wrong: Data poisoning is an attack targeting AI/ML model training data integrity. It is relevant to securing AI systems but is not a DAST technique for testing web or software application security vulnerabilities during dynamic testing.

Why D is Wrong: Threat modeling is a structured analysis process performed before development or testing to identify potential threats and design appropriate countermeasures. It is a planning activity, not an attack technique that can be automated during dynamic application security testing.

Basic Concept: Adding validation layers to software development processes improves security assurance by catching issues that human reviewers might miss. AI-assisted validation provides an automated, systematic review that complements human judgment. CompTIA SecAI+ Study Guide covers AI-assisted development security controls.

Why A is Correct: AI-assisted approval adds an intelligent automated review layer that works alongside existing human review. AI can systematically analyze code for security vulnerabilities, coding standard violations, dependency risks, and policy compliance with greater consistency and speed than manual review. This creates a defense-in-depth validation approach where both AI and human reviewers must approve changes, catching issues that either layer might miss independently.

Why B is Wrong: A low-code plug-in provides simplified visual development tools that reduce the amount of manual code writing required. It is a development productivity tool, not a security validation layer for reviewing already-written code.

Why C is Wrong: Automated rollback is a deployment safety mechanism that reverts a deployment to the previous version when errors are detected after deployment. It is a recovery control, not a validation layer applied during the development review process.

Why D is Wrong: Regression testing verifies that new code changes have not broken existing functionality. It tests functional correctness, not security vulnerabilities, and does not add an AI-powered security validation capability to the existing human review process.

Basic Concept: Monitoring an AI system ' s internal runtime behavior requires deep observability into what the system is doing at the code and function execution level, not just at the perimeter. CompTIA SecAI+ Study Guide addresses AI system observability and runtime monitoring under securing AI infrastructure.

Why D is Correct: Enabling stack call and debugging level traces at the function level provides the highest granularity of visibility into internal operations. This approach exposes what functions are called, in what order, with what inputs, and what is returned, offering genuine insight into the AI system ' s internal activity at runtime precisely as the engineer requires.

Why A is Wrong: A SIEM aggregates and correlates log and event data from multiple sources. While useful for security alerting, it does not inherently provide visibility into internal function-level operations of an AI model at runtime.

Why B is Wrong: A WAF with header logging monitors and filters HTTP traffic at the application boundary. It captures external request and response data, not the AI system ' s internal runtime mechanics.

Why C is Wrong: Relying on vendor controls and monitoring prompt inputs is a passive, externally-focused approach. It provides no visibility into intermediate computations or internal operations within the AI model itself.

Basic Concept: Preventing vulnerable code from reaching production requires an automated, mandatory gate in the software delivery pipeline. The CI/CD pipeline is the enforcement point where all code must pass before deployment. CompTIA SecAI+ Study Guide covers AI integration in secure development pipelines under AI-assisted security.

Why C is Correct: Implementing an LLM in the CI/CD runner creates a mandatory automated security gate that every code change must pass. The LLM can analyze code for vulnerabilities, insecure patterns, and policy violations, then automatically fail the build if issues are found. This prevents vulnerable code from progressing toward production without human bypass capability, making it the most effective enforcement mechanism.

Why A is Wrong: IDE plug-ins provide warnings to developers during coding, but developers can choose to ignore them and proceed with compilation and commits. Warnings are advisory, not preventive, and cannot guarantee vulnerable code is blocked from the pipeline.

Why B is Wrong: SOAR platforms with ML models are excellent for incident response and security operations automation. However, they are not positioned in the code delivery pipeline and do not gate code from progressing to production.

Why D is Wrong: An agentic penetration testing tool validates vulnerabilities reactively after code is written or deployed. This approach does not intercept code before production deployment and is typically used for post-deployment assessment rather than prevention.

Basic Concept: When an AI chatbot powered by RAG retrieves and outputs sensitive patient information such as names, medical histories, or identifiers, the risk of Protected Health Information (PHI) disclosure must be mitigated. CompTIA SecAI+ Study Guide covers data protection techniques for AI systems handling sensitive health data.

Why A is Correct: Masking replaces sensitive data values such as patient names, dates of birth, medical record numbers, and diagnoses with redacted or anonymized equivalents in the chatbot ' s output. Even if the RAG system retrieves records containing patient information, masking ensures that the sensitive fields are obscured before the response is presented to the user. This directly prevents PHI disclosure while allowing the chatbot to provide useful responses based on the underlying data patterns.

Why B is Wrong: Classification involves categorizing data by its sensitivity level such as public, internal, confidential, or restricted. While it identifies which data requires protection, classification alone does not transform or obscure the sensitive values in chatbot outputs.

Why C is Wrong: Data minimization is a privacy principle that limits data collection to only what is necessary for the specified purpose. While valuable as a design principle when building the RAG knowledge base, it is a data governance strategy rather than a technical output control that can be applied to mitigate existing PHI disclosure in chatbot responses.

Why D is Wrong: Normalization is a data processing technique that scales numerical values to a standard range or standardizes data formats. It is a preprocessing step for improving model training efficiency, not a data protection technique for preventing patient information disclosure in AI outputs.

Basic Concept: Data integrity ensures that data has not been tampered with, corrupted, or modified during storage or transmission. For AI training data that is procured from external sources, cryptographic integrity verification is essential to confirm the data arrived unmodified. CompTIA SecAI+ Study Guide covers data integrity controls for AI data pipelines.

Why A is Correct: Implementing checksums provides cryptographic verification of data integrity. A checksum or hash value such as SHA-256 is computed from the dataset at the source. The receiver computes the same hash and compares it to the provided value. Any modification to the data during transit or storage will produce a different hash, immediately detecting tampering or corruption. This is the most reliable, automated, and scalable strategy for ensuring the integrity of procured training data.

Why B is Wrong: Human evaluation can verify data quality and relevance but is impractical for verifying integrity across large datasets of medical records. Human reviewers cannot detect subtle bit-level corruption or intentional small modifications, and the process is not scalable.

Why C is Wrong: Querying the model tests model performance rather than verifying the integrity of the underlying training data. The model cannot tell you whether its training data was modified after collection or during procurement.

Why D is Wrong: Log monitoring tracks system activities and events over time. While useful for auditing access to data, it cannot retroactively confirm that data content has not been modified and does not provide cryptographic integrity guarantees.