A security engineer needs to monitor an AI-based system for runtime operations. The engineer is mostly concerned about the visibility of internal activity.
Which of the following is the most appropriate monitoring solution?
A.
Deploying a security information and event management (SIEM) tool
B.
Implementing a web application firewall (WAF) with header logging
C.
Relying on vendor model controls and monitoring prompt inputs
D.
Enabling stack call and debugging level traces at the function level
Basic Concept: Monitoring an AI system ' s internal runtime behavior requires deep observability into what the system is doing at the code and function execution level, not just at the perimeter. CompTIA SecAI+ Study Guide addresses AI system observability and runtime monitoring under securing AI infrastructure.
Why D is Correct: Enabling stack call and debugging level traces at the function level provides the highest granularity of visibility into internal operations. This approach exposes what functions are called, in what order, with what inputs, and what is returned, offering genuine insight into the AI system ' s internal activity at runtime precisely as the engineer requires.
Why A is Wrong: A SIEM aggregates and correlates log and event data from multiple sources. While useful for security alerting, it does not inherently provide visibility into internal function-level operations of an AI model at runtime.
Why B is Wrong: A WAF with header logging monitors and filters HTTP traffic at the application boundary. It captures external request and response data, not the AI system ' s internal runtime mechanics.
Why C is Wrong: Relying on vendor controls and monitoring prompt inputs is a passive, externally-focused approach. It provides no visibility into intermediate computations or internal operations within the AI model itself.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit