Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Pass the CompTIA CompTIA SecAI+ CY0-001 Questions and answers with CertsForce

Viewing page 3 out of 4 pages
Viewing questions 21-30 out of questions
Questions # 21:

A security engineer needs to monitor an AI-based system for runtime operations. The engineer is mostly concerned about the visibility of internal activity.

Which of the following is the most appropriate monitoring solution?

Options:

A.

Deploying a security information and event management (SIEM) tool


B.

Implementing a web application firewall (WAF) with header logging


C.

Relying on vendor model controls and monitoring prompt inputs


D.

Enabling stack call and debugging level traces at the function level


Expert Solution
Questions # 22:

A disgruntled employee changed the company policies that a chatbot references in order to create confusion and disrupt the business.

Which of the following AI-generated vulnerabilities is the employee exploiting?

Options:

A.

Data reduction


B.

Data masking


C.

Data poisoning


D.

Data leaking


Expert Solution
Questions # 23:

An AI security team must assess the probability of an attack on its new system and the impact associated with such an attack.

Which of the following threat-modeling resources best addresses the threat landscape for machine learning (ML)?

Options:

A.

Common Vulnerabilities and Exposures (CVE) AI working group


B.

MITRE Adversarial Threat Landscape for AI Systems (ATLAS)


C.

Massachusetts Institute of Technology (MIT) risk repository


D.

Open Worldwide Application Security Project (OWASP)


Expert Solution
Questions # 24:

A security analyst is preparing a presentation for the sales team that describes the most common vulnerabilities that are specific to AI applications.

Which of the following is the best source for the analyst to consult?

Options:

A.

International Organization for Standards (ISO) 27001


B.

Common Weakness Enumeration (CWE)


C.

Open Worldwide Application Security Project (OWASP)


D.

National Institute of Technologies Risk Management Framework (NIST-RMF)


Expert Solution
Questions # 25:

Which of the following is a risk addressed by responsible AI?

Options:

A.

Model drift


B.

Reputational loss


C.

Response bias


D.

Data poisoning


Expert Solution
Questions # 26:

A security analyst needs to conduct a security assessment of the output from an AI-enabled development tool.

Which of the following should the analyst do first?

Options:

A.

Remove hard-coded secrets from the source code.


B.

Enforce strict access controls for code repositories.


C.

Enable sensitive data discovery on code repositories.


D.

Perform a source code review.


Expert Solution
Questions # 27:

A detection engineering team wants to use AI to automatically prevent vulnerable code from reaching production.

Which of the following is the most effective way to accomplish this task?

Options:

A.

Deploying an integrated development environment (IDE) plug-in that will warn developers of dangerous code before compiling


B.

Using a security orchestration, automation, and response (SOAR) with a machine learning (ML) model to classify code


C.

Implementing a large language model (LLM) in the continuous integration and continuous deployment (CI/CD) runner to examine code and pass or fail build jobs


D.

Developing an agentic penetration testing tool to validate potential vulnerable code


Expert Solution
Questions # 28:

A company is adopting AI and wants to create policies and procedures that include a structure for evaluating, publishing, and approving patterns for AI usage.

Which of the following should the company establish to meet this goal?

Options:

A.

AI center of excellence


B.

AI legal affairs office


C.

AI audit department


D.

AI data science division


Expert Solution
Questions # 29:

Which of the following is an example of how a security analyst uses generative AI in the triage process?

Options:

A.

To predict the next attack target with higher accuracy


B.

To use statistical analysis for malicious code assessment


C.

To summarize security findings by category


D.

To tag malware using machine learning (ML) algorithms


Expert Solution
Questions # 30:

An organization deploys an application programming interface (API) to allow external customers to perform tasks supported by internally developed AI models. Some customers require limited use of sensitive data. After the API is deployed, customers report that the API returns sensitive data to all customers. Which of the following is the best action to take with the API?

Options:

A.

Reconfigure the API to use different models.


B.

Retrain the models on the correct data.


C.

Relocate the model to a virtual private cloud (VPC).


D.

Implement role-based access control.


Expert Solution
Viewing page 3 out of 4 pages
Viewing questions 21-30 out of questions