Basic Concept: Securing AI systems requires a structured, end-to-end approach that addresses security at every phase of the AI model ' s lifecycle from data collection through training, testing, deployment, and ongoing monitoring. CompTIA SecAI+ Study Guide identifies the Model Development Life Cycle as the foundational framework for AI system security.
Why B is Correct: A secure Model Development Life Cycle (MDLC) integrates security practices at every stage of AI model development specifically tailored to ML workflows. It encompasses secure data handling, training data validation, model testing for adversarial robustness, secure deployment practices, and ongoing monitoring. Unlike generic software development lifecycles, the MDLC addresses ML-specific risks such as data poisoning, model drift, and adversarial attacks.
Why A is Wrong: Guardrail testing and security validation are important components of the MDLC but represent only the testing phase. They do not encompass the full lifecycle of security practices needed from data acquisition through production monitoring.
Why C is Wrong: Implementing comprehensive security architecture is a broad statement that describes an outcome rather than a specific actionable practice. It does not provide the structured, ML-specific guidance of an MDLC.
Why D is Wrong: A secure SDLC is designed for traditional software development and covers code security, testing, and deployment. While relevant to AI application development, it does not specifically address ML model-specific risks such as training data security, model integrity, and inference-time attacks.
Submit