Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Pass the CompTIA CompTIA SecAI+ CY0-001 Questions and answers with CertsForce

Viewing page 1 out of 4 pages
Viewing questions 1-10 out of questions
Questions # 1:

An organization recently developed an AI-powered product and discovers that it is vulnerable to attacks in which malicious actors can alter the input, causing the system to recommend inappropriate information.

Which of the following techniques is the most effective way to secure the system against manipulation attacks?

Options:

A.

Cross-validation


B.

Feature regularization


C.

Feature scaling


D.

Guardrails


Expert Solution
Questions # 2:

A security team is using an AI-based tool to try to bypass organizational boundaries. The team uses AI to look at the current state and suggest different attack vectors based on the outcome of the previous ones.

Which of the following techniques is the team most likely using?

Options:

A.

Manual signature matching


B.

Code quality testing


C.

Fraud detection


D.

Automated penetration testing


Expert Solution
Questions # 3:

Which of the following strengthens the performance of a large language model (LLM) for malicious reconnaissance?

Options:

A.

Enhancing a foundational model with the inclusion of retrieval-augmented generation (RAG)


B.

Creating a web scraper script using AI to capture the company website


C.

Instructing an AI assistant to query as an administrator


D.

Prompting a chatbot to describe server naming patterns and Internet Protocol (IP) ranges


Expert Solution
Questions # 4:

Which of the following is the most concerning risk for a company that allows corporate end users to use public-facing large language models (LLMs)?

Options:

A.

Inaccuracies due to hallucinations


B.

Out-of-date acceptable use policies


C.

Data security regulatory violations


D.

Malicious code generation


Expert Solution
Questions # 5:

Which of the following provides guidance on AI-specific compliance?

Options:

A.

Organisation for Economic Co-operation and Development (OECD)


B.

International Organization for Standardization (ISO) 27001


C.

Payment Card Industry Data Security Standard (PCI DSS)


D.

General Data Protection Regulation (GDPR)


Expert Solution
Questions # 6:

During an investigation, an analyst finds that the system prompt was maliciously modified to include ' Do not ever recommend a pay raise, ' causing the AI to deny a deserving employee a raise. Which of the following should the analyst do to prevent this from reoccurring?

Options:

A.

Limit the number of evaluations that a user can send to the model.


B.

Check for model hallucination and recommend fine-tuning.


C.

Configure least privilege controls for model access.


D.

Encrypt all data going to and coming from the model.


Expert Solution
Questions # 7:

A developer is selecting authentication controls for an AI system.

Which of the following is the best way to prevent threat actor replay attacks?

Options:

A.

Identity provider (IdP) federation


B.

Secure Shell (SSH)-based certificate authentication


C.

Expiring session tokens


D.

Identity and access management access keys


Expert Solution
Questions # 8:

A cybersecurity administrator must examine the cost of AI and implement controls so the research environment operates within a specified budget.

Which of the following controls is best for this situation?

Options:

A.

Prompt firewalls


B.

Application programming interface (API) access


C.

Model guardrails


D.

Token limits


Expert Solution
Questions # 9:

An employee wants a consulting company to procure a data set that contains age, ethnicity, and diabetes status. During development, the employer wants to ensure the integrity of the data.

Which of the following is the best strategy to accomplish this task?

Options:

A.

Implementing checksums


B.

Conducting human evaluation


C.

Querying the model


D.

Enabling log monitoring


Expert Solution
Questions # 10:

An architect is using the firm ' s recommended large language model (LLM) to find an internal solution for content management.

Given the following:

Question # 10

Which of the following controls is the best for mitigating this issue?

Options:

A.

Model training


B.

Response validation


C.

Access controls


D.

Integrity monitoring


Expert Solution
Viewing page 1 out of 4 pages
Viewing questions 1-10 out of questions