CY0-001 CompTIA SecAI+ v1 Exam Free Practice Exam Questions (2026 Updated)

Basic Concept: Input manipulation attacks — including adversarial examples and prompt injection — alter inputs to cause AI systems to produce unintended, harmful, or inappropriate outputs. Defending against these attacks requires mechanisms that validate and constrain both inputs and outputs at runtime. CompTIA SecAI+ Study Guide identifies guardrails as the primary defense against input manipulation in AI systems.

Why D is Correct: Guardrails implement real-time validation and filtering of both incoming inputs and outgoing recommendations. They detect manipulated inputs that deviate from expected patterns, enforce content policies on outputs, and prevent the system from producing inappropriate recommendations regardless of how cleverly the input was crafted. Guardrails provide the most comprehensive and directly applicable defense against the described manipulation attack scenario.

Why A is Wrong: Cross-validation is a model evaluation technique that assesses how well a model generalizes to independent datasets during training. It measures predictive performance but does not provide runtime protection against input manipulation attacks on a deployed system.

Why B is Wrong: Feature regularization is a training technique that adds penalties to model weights to prevent overfitting. It improves generalization during training but does not inspect or validate inputs at inference time to detect manipulation.

Why C is Wrong: Feature scaling normalizes input feature values to a standard range for training efficiency. Like regularization, it is a preprocessing and training step that has no effect on defending against runtime input manipulation attacks on deployed systems.

Basic Concept: Suspicious or unexpected AI system outputs are often caused by malicious or malformed user inputs that exploit the AI ' s input processing. Validating and sanitizing user inputs before they reach the AI model prevents many classes of attacks including prompt injection, data exfiltration attempts, and input manipulation. CompTIA SecAI+ Study Guide emphasizes input validation as a foundational AI security control.

Why B is Correct: Implementing user input validation applies checks and constraints to all user-submitted content before it is processed by the AI system. Input validation can enforce length limits, detect injection patterns, filter disallowed characters or command structures, and ensure inputs conform to expected formats. By rejecting malicious or malformed inputs at the entry point, this control prevents them from reaching the model and causing the suspicious outputs observed.

Why A is Wrong: Data sanitization processes data to remove harmful elements and is closely related to validation. However, input validation is broader and more proactive, checking conformance to rules before processing, while sanitization typically operates during or after processing. Validation at the input boundary is the more appropriate first-line control.

Why C is Wrong: Monitoring logs for attack keywords is a detective control that identifies attacks after they have already affected the system. It does not prevent suspicious outputs from being generated in the first place.

Why D is Wrong: Hardening the Model Context Protocol server improves the security of the infrastructure hosting the AI components. While important for infrastructure security, it does not directly validate or inspect the content of user inputs that cause suspicious outputs.

Basic Concept: Securing AI systems requires a structured, end-to-end approach that addresses security at every phase of the AI model ' s lifecycle from data collection through training, testing, deployment, and ongoing monitoring. CompTIA SecAI+ Study Guide identifies the Model Development Life Cycle as the foundational framework for AI system security.

Why B is Correct: A secure Model Development Life Cycle (MDLC) integrates security practices at every stage of AI model development specifically tailored to ML workflows. It encompasses secure data handling, training data validation, model testing for adversarial robustness, secure deployment practices, and ongoing monitoring. Unlike generic software development lifecycles, the MDLC addresses ML-specific risks such as data poisoning, model drift, and adversarial attacks.

Why A is Wrong: Guardrail testing and security validation are important components of the MDLC but represent only the testing phase. They do not encompass the full lifecycle of security practices needed from data acquisition through production monitoring.

Why C is Wrong: Implementing comprehensive security architecture is a broad statement that describes an outcome rather than a specific actionable practice. It does not provide the structured, ML-specific guidance of an MDLC.

Why D is Wrong: A secure SDLC is designed for traditional software development and covers code security, testing, and deployment. While relevant to AI application development, it does not specifically address ML model-specific risks such as training data security, model integrity, and inference-time attacks.

Basic Concept: Threat modeling for AI systems requires a framework specifically designed to address AI-specific attack techniques, tactics, and procedures. General cybersecurity or governance frameworks do not capture the unique adversarial attack surface of AI and ML systems. CompTIA SecAI+ Exam Objectives identify MITRE ATLAS as the primary AI threat modeling resource.

Why B is Correct: MITRE ATLAS (Adversarial Threat Landscape for AI Systems) is specifically designed as an AI and ML threat modeling framework. It catalogs real-world adversarial tactics, techniques, and procedures targeting AI systems, enabling security architects to identify and assess threats unique to ML models such as data poisoning, model extraction, and evasion attacks. It is the industry standard for AI-specific threat modeling.

Why A is Wrong: Responsible AI is a set of ethical principles and governance guidelines for developing and deploying AI systems fairly and safely. It addresses ethics and fairness, not technical adversarial threat modeling.

Why C is Wrong: The OECD provides non-binding policy recommendations and principles for AI governance at an international level. It does not provide technical threat modeling taxonomies or AI-specific attack catalogs.

Why D is Wrong: ISO standards such as ISO 42001 establish management system requirements for AI governance. They are compliance and management frameworks, not threat modeling tools for identifying adversarial AI attack vectors.

Basic Concept: Creating realistic deepfake videos that convincingly replicate a real person ' s facial expressions, movements, and voice requires deep learning models capable of learning and synthesizing complex spatial and temporal features from existing video data. CompTIA SecAI+ covers deepfake technologies under basic AI concepts.

Why B is Correct: Convolutional Neural Networks are foundational to deepfake video generation. CNNs excel at learning spatial features from visual data and are used within deepfake architectures to analyze source and target faces, extract facial features, and synthesize realistic face swaps or face animations. Modern deepfake systems typically combine CNNs with autoencoders and GANs to generate convincing video content showing a person saying or doing things they never did.

Why A is Wrong: Statistical analysis involves mathematical methods for analyzing data distributions and relationships. It does not have the capability to generate synthetic video content or replicate a person ' s visual likeness in motion.

Why C is Wrong: An ML classifier assigns input data to predefined categories. Classification models detect and label content rather than generating new synthetic video content of a person ' s likeness. They are detection tools, not generation tools.

Why D is Wrong: Random forest is an ensemble ML method using multiple decision trees for classification and regression tasks. It works on structured, tabular data and cannot process or generate visual, spatial data needed for realistic deepfake video synthesis.

Basic Concept: Successful AI adoption at an organizational level requires a centralized governance body that standardizes AI practices, promotes best practices, and ensures consistent, safe, and effective AI deployment across the organization. CompTIA SecAI+ Study Guide covers AI organizational governance structures under Domain 4.

Why A is Correct: An AI Center of Excellence (CoE) is an organizational unit specifically designed to govern, standardize, and advance AI adoption. It develops and publishes policies, creates approved patterns for AI usage, evaluates new AI use cases, provides expert guidance, and maintains governance oversight. The CoE exactly matches the described need for a structure to evaluate, publish, and approve AI usage patterns across the organization.

Why B is Wrong: An AI legal affairs office focuses on legal compliance, intellectual property, and regulatory matters related to AI. While important for legal risk management, it does not fulfill the broader governance mandate of establishing and approving AI usage patterns and best practices across the organization.

Why C is Wrong: An AI audit department conducts post-implementation reviews and compliance assessments of existing AI systems. It is a retrospective and oversight function rather than a proactive body for developing and approving AI usage patterns and policies.

Why D is Wrong: An AI data science division is a technical team focused on building AI models and solutions. It is a development function rather than a governance structure designed to create policies, evaluate AI patterns, and provide cross-organizational oversight of AI adoption.

Basic Concept: AI chatbots that generate non-answers — responses that do not actually address user questions — consume CPU resources for processing without delivering value. This can indicate the model is attempting to generate responses for queries outside its knowledge domain or confidence threshold. CompTIA SecAI+ Study Guide covers AI performance optimization and response quality management.

Why B is Correct: Implementing a response confidence level threshold allows the chatbot to recognize when it lacks sufficient confidence to provide a meaningful answer and respond accordingly, either with a helpful redirect or a clear indication that it cannot answer the query. This reduces the costly processing cycles spent generating poor-quality non-answers, lowers CPU utilization from failed response generation, and improves customer experience by setting appropriate expectations rather than returning unhelpful responses.

Why A is Wrong: Guardrails filter content for safety and policy compliance. They prevent harmful or out-of-policy responses but do not address the underlying issue of the model generating low-confidence non-answers to legitimate customer queries.

Why C is Wrong: Prompt logging records user inputs for analysis and auditing. While useful for identifying what types of questions cause non-answers, logging alone does not solve the problem or reduce CPU utilization from failed response generation.

Why D is Wrong: Cost monitoring tracks AI system expenditure. It can identify that costs are high due to excessive CPU usage but does not implement a solution to reduce the non-answer rate or improve response generation efficiency.

Basic Concept: API-based AI systems are susceptible to DoS attacks where excessive requests overwhelm the system ' s ability to respond to legitimate users. Rate limiting is the standard control for preventing both intentional and unintentional API abuse. CompTIA SecAI+ Study Guide covers rate limiting as a key availability control for AI APIs.

Why C is Correct: Rate limiting restricts the number of requests a client can make to an API within a defined time window. In this scenario, a brute-force DoS attack works by sending a massive volume of requests to exhaust the model ' s resources. Rate limiting would have automatically throttled or blocked the excessive request volume, preventing the attack from succeeding and preserving service availability for legitimate hospital users.

Why A is Wrong: Tokenization replaces sensitive data values with non-sensitive placeholders. It is a data security control for protecting sensitive information such as patient identifiers, not a control for managing API request volumes or preventing DoS attacks.

Why B is Wrong: Model guardrails filter and constrain model inputs and outputs for safety and policy compliance. They inspect content quality, not request volume, and cannot prevent a volume-based DoS attack.

Why D is Wrong: A prompt firewall inspects the content of prompts for malicious patterns or policy violations. Like guardrails, it analyzes content rather than controlling request frequency and cannot prevent resource exhaustion from a high-volume brute-force attack.

Basic Concept: Adding validation layers to software development processes improves security assurance by catching issues that human reviewers might miss. AI-assisted validation provides an automated, systematic review that complements human judgment. CompTIA SecAI+ Study Guide covers AI-assisted development security controls.

Why A is Correct: AI-assisted approval adds an intelligent automated review layer that works alongside existing human review. AI can systematically analyze code for security vulnerabilities, coding standard violations, dependency risks, and policy compliance with greater consistency and speed than manual review. This creates a defense-in-depth validation approach where both AI and human reviewers must approve changes, catching issues that either layer might miss independently.

Why B is Wrong: A low-code plug-in provides simplified visual development tools that reduce the amount of manual code writing required. It is a development productivity tool, not a security validation layer for reviewing already-written code.

Why C is Wrong: Automated rollback is a deployment safety mechanism that reverts a deployment to the previous version when errors are detected after deployment. It is a recovery control, not a validation layer applied during the development review process.

Why D is Wrong: Regression testing verifies that new code changes have not broken existing functionality. It tests functional correctness, not security vulnerabilities, and does not add an AI-powered security validation capability to the existing human review process.

Basic Concept: Domain-specific AI chatbots can produce contextually inappropriate responses when they lack sufficient domain grounding to disambiguate terms that have different meanings in different contexts. Guardrails can enforce domain-appropriate interpretation and response constraints. CompTIA SecAI+ Study Guide covers guardrails as a mechanism for maintaining model behavioral boundaries.

Why A is Correct: Configuring guardrails allows the organization to enforce domain-specific behavioral constraints on the chatbot, ensuring it interprets ambiguous terms within the correct technical context. Guardrails can include context-aware rules that recognize when a query is in a cybersecurity context and constrain the model to provide domain-appropriate responses. This directly addresses the issue of the model providing biologically-framed responses to a technical cybersecurity question.

Why B is Wrong: Encrypting model weights at rest protects the model parameters from unauthorized access or modification. It is a data protection control for model intellectual property and does not influence how the model interprets or responds to domain-specific queries at inference time.

Why C is Wrong: Model access controls restrict who can query and modify the model. They manage authorization at the user and system level but do not enforce domain-appropriate response constraints or prevent contextually incorrect answers from being generated.

Why D is Wrong: Prompt templates provide structured, reusable formats for common queries. While they can help standardize how cybersecurity questions are asked, they require users to use the template and do not provide real-time enforcement of domain-appropriate response generation for all input variations.

Basic Concept: When API sessions or connections remain active and consuming resources after their intended operations have completed, they create resource leaks that progressively degrade system availability. Session lifecycle management is critical for maintaining AI system health. CompTIA SecAI+ Study Guide covers session management as an availability control for AI systems.

Why B is Correct: Enforcing session expiration ensures that external API sessions and connections are automatically terminated after a defined idle period or maximum duration. This prevents resource-consuming zombie sessions from accumulating and exhausting system memory, thread pools, or connection limits. The observed pattern — persistent unavailability that resolves temporarily with restart — is classic resource leak behavior from sessions that never close, making session expiration the direct fix.

Why A is Wrong: Token limits cap the number of tokens processed per request. While useful for controlling per-request resource consumption, they do not address the root cause of sessions persisting and consuming resources long after their operations complete.

Why C is Wrong: Increasing system memory defers the problem rather than solving it. The leak will eventually consume the additional memory too, requiring another restart. Addressing the root cause through session management is superior to scaling resources to accommodate the leak.

Why D is Wrong: MFA adds an additional authentication factor for users accessing the system. It is a security control for identity verification, not a mechanism for managing session lifecycle or preventing resource exhaustion from lingering sessions.

Basic Concept: LLM hallucinations occur when the model generates plausible-sounding but factually incorrect or fabricated information. For internal content management solutions where accuracy is critical, detecting and handling hallucinated responses before they are acted upon is essential. CompTIA SecAI+ Study Guide covers response validation as a mitigation for hallucination risks.

Why B is Correct: Response validation implements checks that verify the accuracy and relevance of LLM-generated responses before they are presented to users or acted upon. This can involve cross-referencing responses against authoritative internal data sources, using a secondary model to evaluate response accuracy, or implementing confidence scoring that flags low-confidence responses for human review. Response validation directly addresses the hallucination problem by catching inaccurate responses before they cause harm.

Why A is Wrong: Model training addresses hallucinations at the model level by providing more accurate training data or fine-tuning. While effective long-term, it requires significant time and resources and does not provide immediate protection against hallucinations in the currently deployed model.

Why C is Wrong: Access controls manage who can query the LLM and what resources they can access. They do not inspect or validate the accuracy of the model ' s responses, so they cannot mitigate hallucination risks.

Why D is Wrong: Integrity monitoring tracks whether data or systems have been tampered with or changed unexpectedly. It is relevant for detecting unauthorized modifications but does not validate whether LLM-generated content accurately reflects reality or internal authoritative data.

Basic Concept: Responsible AI is a governance framework addressing risks that arise from AI systems producing outcomes that are unfair, harmful, or contrary to human values. Different risk types fall under different governance domains — some under responsible AI, others under security or operational management. CompTIA SecAI+ Study Guide covers responsible AI risk categories under Domain 4.

Why C is Correct: Response bias occurs when an AI system ' s outputs are systematically skewed against certain groups, topics, or perspectives, reflecting biases embedded in training data or model design. This is a core risk addressed by responsible AI principles including fairness, non-discrimination, and explainability. Responsible AI frameworks mandate bias detection, assessment, and mitigation to ensure AI responses treat all users and groups equitably.

Why A is Wrong: Model drift describes the degradation of model performance over time as the distribution of real-world data diverges from the training data distribution. While an important operational concern, model drift is primarily a technical performance risk managed through MLOps and monitoring practices, not a core responsible AI governance concern.

Why B is Wrong: Reputational loss is a business risk consequence that may result from various AI failures including biased outputs or privacy violations. It is an outcome or impact rather than a specific risk category that responsible AI frameworks directly address.

Why D is Wrong: Data poisoning is a security attack where adversaries corrupt AI training data to manipulate model behavior. This is a cybersecurity threat managed through security controls and data integrity protections rather than responsible AI ethical governance frameworks focused on fairness and accountability.

Basic Concept: When unauthorized changes to an ML training pipeline cause model degradation, the root cause is insufficient access control and change management around the pipeline. Preventing future occurrences requires implementing governance controls that ensure all pipeline changes are reviewed and approved before execution. CompTIA SecAI+ Study Guide covers MDLC change management controls.

Why B is Correct: Enabling human review and approval workflows in the repository creates a mandatory gate requiring authorized reviewers to examine and approve any changes to training pipeline code before they can be merged and executed. This prevents unauthorized modifications from reaching the pipeline by enforcing a review process where any suspicious or unauthorized changes will be caught and rejected before they affect model training and performance.

Why A is Wrong: Static code scanning analyzes code for vulnerabilities and coding standard violations. While it improves code quality and security, it does not prevent unauthorized individuals from submitting and merging malicious changes to the pipeline without proper review.

Why C is Wrong: Retraining with more data and epochs addresses model performance restoration after the fact but does not prevent future unauthorized pipeline modifications. If the pipeline remains unprotected, the same attack could occur again on the new model.

Why D is Wrong: Keeping multiple model copies enables rapid restoration of a previous version when a deployed model is found to be compromised. While useful for recovery, it is a reactive measure that does not prevent unauthorized pipeline changes from occurring and affecting future model training.

Basic Concept: Reconnaissance is the information gathering phase of an attack. LLMs can be enhanced to perform more effective reconnaissance by giving them access to current, specific information beyond their training data cutoff. CompTIA SecAI+ covers AI augmentation techniques including RAG under AI-assisted security.

Why A is Correct: RAG enhances an LLM by connecting it to an external knowledge base or real-time data sources that it can query during inference. For reconnaissance purposes, a RAG-enabled LLM can access up-to-date organizational information, technical documentation, and intelligence feeds that go beyond its static training data. This makes the LLM significantly more capable for gathering current, targeted intelligence about specific organizations or infrastructure.

Why B is Wrong: Creating a web scraper is a basic data collection technique. While AI can help write scraper code, the scraper itself is a simple script that does not enhance the LLM ' s intelligence or reasoning capabilities for sophisticated reconnaissance.

Why C is Wrong: Instructing an AI assistant to query as an administrator is a prompt manipulation attempt. An LLM cannot actually gain elevated permissions through a prompt instruction; this describes social engineering or privilege escalation via prompting, not a performance enhancement technique.

Why D is Wrong: Prompting a chatbot to describe naming patterns is a basic use of an existing LLM ' s knowledge. It does not strengthen or enhance the model ' s capabilities; it merely queries what the model already knows from training data, which may be outdated or generic.

Basic Concept: Managing security risks in AI model training requires a comprehensive framework specifically designed for AI risk identification, assessment, and mitigation across the entire AI lifecycle including data collection, training, and deployment. CompTIA SecAI+ Study Guide identifies NIST AI RMF as the primary resource for AI-specific risk management.

Why A is Correct: The NIST AI Risk Management Framework is purpose-built for managing risks throughout the AI lifecycle. It provides structured guidance for identifying, assessing, and mitigating risks specific to AI systems including training data quality, model bias, data poisoning, and training pipeline vulnerabilities. Its AI-specific scope makes it the most appropriate framework for managing model training security issues.

Why B is Wrong: ISO 27001 is an information security management system standard focused on general IT security controls and risk management. It does not specifically address AI model training risks, data pipeline integrity, or ML-specific vulnerabilities.

Why C is Wrong: The OECD provides high-level AI governance principles and policy recommendations at an international level. It offers ethical and policy guidance but does not provide operational risk management guidance for securing AI model training processes.

Why D is Wrong: GDPR is a European data protection regulation focused on personal data privacy, consent, and individual rights. While relevant to training data governance, it does not address the technical security risks of model training pipelines or ML system vulnerabilities.