Pass the CompTIA CompTIA SecAI+ CY0-001 Questions and answers with CertsForce

Basic Concept: This is a Performance-Based Question (PBQ) — a simulation item requiring interactive drag-and-drop assignment of threat categories to appropriate frameworks in the actual exam. It tests knowledge of how different AI threat frameworks categorize and address specific threat types for agentic systems.

Key Concept — Framework-to-Threat Mapping: MITRE ATLAS covers ML-specific adversarial tactics such as model evasion, data poisoning, model extraction, and prompt injection for agentic systems. OWASP LLM Top 10 addresses application-level LLM vulnerabilities such as insecure output handling, excessive agency, and supply chain risks. NIST AI RMF addresses governance-level risks across the AI lifecycle. STRIDE addresses architectural threats including spoofing, tampering, repudiation, information disclosure, DoS, and elevation of privilege.

Why This Matters: Agentic AI systems have a unique threat landscape combining traditional software vulnerabilities with AI-specific attacks. Correctly mapping threat categories to frameworks is essential for comprehensive threat modeling of systems that autonomously execute multi-step tasks with tool access and real-world consequences.

Basic Concept: AI manipulation attacks exploit vulnerabilities in systems, interfaces, and content. Some security approaches are inherently more resistant to AI-driven attacks because they reduce the available avenues through which manipulation can occur, rather than attempting to detect or block individual attacks. CompTIA SecAI+ Study Guide covers defensive strategies for AI system protection.

Why D is Correct: Attack surface reduction minimizes the number of entry points, interfaces, and components available for exploitation. By eliminating unnecessary services, APIs, integrations, and features, it reduces the total number of pathways through which AI-driven manipulation attacks can be attempted. Unlike signature-based or behavioral detection, attack surface reduction provides structural resistance regardless of how sophisticated or novel the AI manipulation technique is.

Why A is Wrong: Payloads are the malicious content used in attacks, not a defensive control. Attackers using AI can generate increasingly sophisticated payloads designed to evade detection, making them highly susceptible to AI-driven manipulation rather than resistant to it.

Why B is Wrong: AI-generated content is a product of AI systems and can itself be manipulated or weaponized by adversarial AI. It is not a defense mechanism and is inherently vulnerable to AI-driven manipulation and poisoning.

Why C is Wrong: An API gateway provides a managed access point for API traffic with authentication and filtering capabilities. However, APIs are primary attack targets for AI manipulation and require ongoing security updates. API gateways are less fundamentally resistant than structural attack surface reduction.

Why E is Wrong: Antivirus relies on signatures and behavioral heuristics to detect known malware. AI-powered attacks can generate novel, polymorphic payloads that evade signature detection, making antivirus less resistant to AI manipulation than attack surface reduction.

Basic Concept: Securing AI systems requires a structured, end-to-end approach that addresses security at every phase of the AI model ' s lifecycle from data collection through training, testing, deployment, and ongoing monitoring. CompTIA SecAI+ Study Guide identifies the Model Development Life Cycle as the foundational framework for AI system security.

Why B is Correct: A secure Model Development Life Cycle (MDLC) integrates security practices at every stage of AI model development specifically tailored to ML workflows. It encompasses secure data handling, training data validation, model testing for adversarial robustness, secure deployment practices, and ongoing monitoring. Unlike generic software development lifecycles, the MDLC addresses ML-specific risks such as data poisoning, model drift, and adversarial attacks.

Why A is Wrong: Guardrail testing and security validation are important components of the MDLC but represent only the testing phase. They do not encompass the full lifecycle of security practices needed from data acquisition through production monitoring.

Why C is Wrong: Implementing comprehensive security architecture is a broad statement that describes an outcome rather than a specific actionable practice. It does not provide the structured, ML-specific guidance of an MDLC.

Why D is Wrong: A secure SDLC is designed for traditional software development and covers code security, testing, and deployment. While relevant to AI application development, it does not specifically address ML model-specific risks such as training data security, model integrity, and inference-time attacks.

Basic Concept: Unstructured data such as free-form text, images, and audio does not have predefined labels or rigid schema. Training an AI model effectively on unstructured data requires techniques that can leverage patterns within the data itself or adapt a pre-trained model to new data types. CompTIA SecAI+ covers AI training methodologies under basic AI concepts.

Why B is Correct: Fine-tuning takes a pre-trained foundation model that has already learned rich representations from massive unstructured datasets and further trains it on a specific, potentially smaller unstructured dataset. This adapts the model to a new domain, task, or data type without requiring labeled data for every training example. Fine-tuning is the most practical and effective approach for working with unstructured data in modern AI development.

Why A is Wrong: Statistical learning typically refers to classical machine learning approaches that often assume structured, numerical data with defined features. These methods generally struggle with high-dimensional unstructured data without significant preprocessing.

Why C is Wrong: Supervised learning requires labeled training data where each example has an associated correct output label. Applying supervised learning to unstructured data requires extensive manual labeling, which is the opposite of working with raw unstructured data.

Why D is Wrong: Reinforcement learning trains models through reward signals based on actions taken in an environment. It is designed for sequential decision-making tasks and is not the standard approach for learning representations from unstructured data at scale.

Basic Concept: AI agents in SOC environments can automate repetitive, rules-based response actions that previously required human intervention. When the primary concerns are enterprise uptime and case resolution time, the AI agent ' s ability to autonomously execute containment actions through SOAR is the most impactful application. CompTIA SecAI+ Study Guide covers AI agent use cases in security operations.

Why A is Correct: Using the AI agent to analyze incidents and execute containment actions through SOAR playbooks directly addresses both uptime and resolution time concerns. The agent can immediately analyze alert details, determine the appropriate playbook, and execute containment actions such as isolating compromised hosts or disabling compromised accounts autonomously, without waiting for human intervention. This dramatically reduces mean time to contain threats, improving both uptime and resolution speed.

Why B is Wrong: Enriching alerts with open-source intelligence improves analyst context but is a preparatory step rather than a response action. While valuable, it does not directly reduce resolution time by taking containment actions to stop ongoing threats.

Why C is Wrong: Aggregating metrics and generating leadership reports is an administrative function that consumes agent capacity for non-operational purposes. It improves visibility but does not directly improve uptime or case resolution time for active incidents.

Why D is Wrong: Creating tabletop exercises improves team preparedness over time through training scenarios. While beneficial for long-term capability development, it does not directly address the immediate concerns of enterprise uptime and active case resolution time.

Basic Concept: AI systems interact with different resource layers including models, data stores, and infrastructure. Controlling what data an AI system can access requires implementing access controls at the data layer. CompTIA SecAI+ Study Guide differentiates between model access, data access, and network access controls for AI systems.

Why D is Correct: Data access controls govern what data resources an AI system can interact with, including which databases, tables, and records it can read or modify. To control an AI system ' s ability to list database tables, the administrator must implement data access controls that define precisely which tables the AI can enumerate and query, following the principle of least privilege for data interactions.

Why A is Wrong: Agentic AI access refers to permissions granted to autonomous AI agents to perform actions and use tools. It is a broader concept about what an AI agent can do operationally rather than a specific data-layer access control mechanism.

Why B is Wrong: A Network Access Control List controls network traffic at the IP and port level, determining which hosts can communicate with which network resources. It operates at the network layer and cannot enforce fine-grained control over which database tables an AI system is allowed to list.

Why C is Wrong: Model access controls govern who and what can interact with the AI model itself — who can query it, update it, or access its parameters. This is distinct from data access, which controls what the model can read from data stores during operation.

Basic Concept: Deepfakes are AI-generated synthetic media that convincingly replace or manipulate a person ' s likeness, voice, or actions in images and videos. Creating realistic deepfakes requires generative AI techniques capable of learning and reproducing complex data distributions. CompTIA SecAI+ Exam Objectives cover deepfake technology under basic AI concepts.

Why A is Correct: Generative Adversarial Networks (GANs) are the primary technology behind deepfakes. A GAN consists of two competing neural networks: a generator that creates synthetic content and a discriminator that evaluates whether content is real or fake. Through adversarial training, the generator continuously improves at creating convincing synthetic media such as realistic human faces, voice clones, and video manipulations indistinguishable from authentic recordings.

Why B is Wrong: Multi-shot prompting is a prompting technique where multiple examples are provided to an LLM to guide its responses. It is an inference technique for language models and has no role in generating synthetic video or image deepfake content.

Why C is Wrong: Prompt engineering is the practice of crafting effective prompts to guide LLM outputs. It is a communication strategy for working with text-based AI systems, not a technology for generating synthetic media.

Why D is Wrong: Transfer learning is a training technique that repurposes knowledge from one domain to another, improving model performance with limited data. While it can be used in model training pipelines, it is not the core technology that enables deepfake generation.

Basic Concept: Preventing prompt injection and ensuring output sanitization requires a control that can inspect both the semantic content of incoming prompts and the safety of outgoing responses. This requires an intelligent, context-aware filtering layer specifically designed for LLM traffic. CompTIA SecAI+ Study Guide identifies LLM firewalls as a primary control for prompt security and output safety.

Why C is Correct: An LLM firewall is specifically designed to inspect, filter, and sanitize both incoming prompts and outgoing AI responses. It can detect and block prompt injection attempts using pattern matching, semantic analysis, and behavioral heuristics, while also sanitizing output to remove sensitive data, harmful content, or policy violations before responses reach users. This dual capability makes it the primary control addressing both requirements simultaneously.

Why A is Wrong: Least privilege restricts what resources and actions users and systems can access. It reduces the potential impact of successful attacks but does not inspect prompt content for injection attempts or sanitize model outputs.

Why B is Wrong: Encryption protects data confidentiality in transit and at rest. It does not analyze prompt content for malicious patterns or filter AI-generated responses for unsafe content. Encrypted traffic can still carry prompt injection attacks.

Why D is Wrong: Rate limiting controls request frequency. While it can slow down automated injection attack campaigns, it does not inspect the content of individual prompts to detect injections, nor does it sanitize output responses. Malicious prompts can still succeed within rate limits.

Basic Concept: Reconnaissance is the information gathering phase of an attack. LLMs can be enhanced to perform more effective reconnaissance by giving them access to current, specific information beyond their training data cutoff. CompTIA SecAI+ covers AI augmentation techniques including RAG under AI-assisted security.

Why A is Correct: RAG enhances an LLM by connecting it to an external knowledge base or real-time data sources that it can query during inference. For reconnaissance purposes, a RAG-enabled LLM can access up-to-date organizational information, technical documentation, and intelligence feeds that go beyond its static training data. This makes the LLM significantly more capable for gathering current, targeted intelligence about specific organizations or infrastructure.

Why B is Wrong: Creating a web scraper is a basic data collection technique. While AI can help write scraper code, the scraper itself is a simple script that does not enhance the LLM ' s intelligence or reasoning capabilities for sophisticated reconnaissance.

Why C is Wrong: Instructing an AI assistant to query as an administrator is a prompt manipulation attempt. An LLM cannot actually gain elevated permissions through a prompt instruction; this describes social engineering or privilege escalation via prompting, not a performance enhancement technique.

Why D is Wrong: Prompting a chatbot to describe naming patterns is a basic use of an existing LLM ' s knowledge. It does not strengthen or enhance the model ' s capabilities; it merely queries what the model already knows from training data, which may be outdated or generic.

Basic Concept: Advances in AI generative technology have enabled the creation of highly realistic synthetic video and audio content that convincingly impersonates real individuals. These AI-generated impersonations are called deepfakes and represent a significant threat for corporate fraud, misinformation, and social engineering. CompTIA SecAI+ covers deepfakes under basic AI concepts and cybersecurity threats.

Why C is Correct: The scenario describes a video in which the CEO ' s likeness was convincingly replicated to deliver a false message about bankruptcy. This is a textbook deepfake attack — AI-generated synthetic media using the target ' s face and potentially voice to make it appear they said something they never said. Deepfake technology uses GANs and CNNs to create this type of convincing impersonation, and the attack specifically exploited AI generation for deception.

Why A is Wrong: An on-path attack intercepts network communications between two parties to eavesdrop or modify traffic. It requires positioning in the network path, not creating synthetic media of a person ' s likeness.

Why B is Wrong: Phishing is a social engineering attack that uses deceptive messages typically via email to trick recipients into taking harmful actions such as clicking malicious links or providing credentials. While this attack has social engineering elements, the use of AI-generated video to impersonate the CEO specifically categorizes it as a deepfake attack.

Why D is Wrong: Social engineering broadly describes psychological manipulation tactics to deceive individuals. While deepfakes can be used as part of social engineering campaigns, the specific technical technique used — AI-generated synthetic video — makes deepfake the most precise and accurate categorization.