CY0-001 CompTIA SecAI+ v1 Exam Free Practice Exam Questions (2026 Updated)

Basic Concept: Prompt injection occurs when malicious content embedded in user input manipulates an LLM ' s behavior, causing it to leak sensitive data, bypass restrictions, or execute unintended actions. Preventing such attacks requires mechanisms that inspect and filter content at the prompt level. CompTIA SecAI+ covers LLM-specific security controls extensively.

Why A is Correct: Guardrails are purpose-built controls that inspect, filter, and constrain both input prompts and output responses in LLM systems. They can detect sensitive data patterns such as credit card numbers, block prompt injection payloads, enforce content policies, and prevent the model from processing or outputting restricted information. Guardrails are the primary LLM-native defense against prompt injection as cited in the CompTIA SecAI+ Study Guide.

Why B is Wrong: Antivirus software detects known malware signatures in files and executables. It does not inspect or understand the semantic content of LLM prompts and cannot detect or block prompt injection attacks.

Why C is Wrong: A WAF operates at the HTTP layer inspecting web requests and responses against rule sets. While it can block some patterns, it lacks the contextual intelligence to understand LLM prompt semantics and cannot prevent sophisticated injection attacks.

Why D is Wrong: Role-based access control manages who can access which resources. It controls authorization but does not inspect the content of prompts to prevent injection attacks once a user has legitimate access.

Basic Concept: Modern security operations require automation of complex, multi-step workflows. Different AI architectures have different capabilities. Understanding which AI type is best suited for task decomposition and autonomous execution is fundamental to AI-assisted security operations. CompTIA SecAI+ covers agentic AI capabilities under AI-assisted security.

Why A is Correct: Agentic AI systems are specifically designed to autonomously plan, decompose complex tasks into subtasks, execute multi-step workflows, use tools and APIs, and adapt their approach based on intermediate results. For a SOC analyst needing to automate multiple security tasks as a series of smaller coordinated steps, agentic AI is the ideal architecture as it can orchestrate an entire workflow including threat hunting, alert investigation, log analysis, and response actions.

Why B is Wrong: RAG AI enhances language model responses by retrieving relevant documents from a knowledge base. While useful for answering questions with current information, it is not designed for autonomous multi-step task execution or workflow automation.

Why C is Wrong: Generative AI creates content based on prompts including text, code, and summaries. While it can assist with individual tasks, it requires continuous human prompting for each step rather than autonomously breaking down and executing complex multi-step security workflows.

Why D is Wrong: A chatbot is a conversational interface designed for question-answering or guided dialogue. It responds reactively to user input rather than proactively planning and executing multi-step automated security workflows.

Basic Concept: Preventing vulnerable code from reaching production requires an automated, mandatory gate in the software delivery pipeline. The CI/CD pipeline is the enforcement point where all code must pass before deployment. CompTIA SecAI+ Study Guide covers AI integration in secure development pipelines under AI-assisted security.

Why C is Correct: Implementing an LLM in the CI/CD runner creates a mandatory automated security gate that every code change must pass. The LLM can analyze code for vulnerabilities, insecure patterns, and policy violations, then automatically fail the build if issues are found. This prevents vulnerable code from progressing toward production without human bypass capability, making it the most effective enforcement mechanism.

Why A is Wrong: IDE plug-ins provide warnings to developers during coding, but developers can choose to ignore them and proceed with compilation and commits. Warnings are advisory, not preventive, and cannot guarantee vulnerable code is blocked from the pipeline.

Why B is Wrong: SOAR platforms with ML models are excellent for incident response and security operations automation. However, they are not positioned in the code delivery pipeline and do not gate code from progressing to production.

Why D is Wrong: An agentic penetration testing tool validates vulnerabilities reactively after code is written or deployed. This approach does not intercept code before production deployment and is typically used for post-deployment assessment rather than prevention.

Basic Concept: Data integrity ensures that data has not been tampered with, corrupted, or modified during storage or transmission. For AI training data that is procured from external sources, cryptographic integrity verification is essential to confirm the data arrived unmodified. CompTIA SecAI+ Study Guide covers data integrity controls for AI data pipelines.

Why A is Correct: Implementing checksums provides cryptographic verification of data integrity. A checksum or hash value such as SHA-256 is computed from the dataset at the source. The receiver computes the same hash and compares it to the provided value. Any modification to the data during transit or storage will produce a different hash, immediately detecting tampering or corruption. This is the most reliable, automated, and scalable strategy for ensuring the integrity of procured training data.

Why B is Wrong: Human evaluation can verify data quality and relevance but is impractical for verifying integrity across large datasets of medical records. Human reviewers cannot detect subtle bit-level corruption or intentional small modifications, and the process is not scalable.

Why C is Wrong: Querying the model tests model performance rather than verifying the integrity of the underlying training data. The model cannot tell you whether its training data was modified after collection or during procurement.

Why D is Wrong: Log monitoring tracks system activities and events over time. While useful for auditing access to data, it cannot retroactively confirm that data content has not been modified and does not provide cryptographic integrity guarantees.

Basic Concept: AI manipulation attacks exploit vulnerabilities in systems, interfaces, and content. Some security approaches are inherently more resistant to AI-driven attacks because they reduce the available avenues through which manipulation can occur, rather than attempting to detect or block individual attacks. CompTIA SecAI+ Study Guide covers defensive strategies for AI system protection.

Why D is Correct: Attack surface reduction minimizes the number of entry points, interfaces, and components available for exploitation. By eliminating unnecessary services, APIs, integrations, and features, it reduces the total number of pathways through which AI-driven manipulation attacks can be attempted. Unlike signature-based or behavioral detection, attack surface reduction provides structural resistance regardless of how sophisticated or novel the AI manipulation technique is.

Why A is Wrong: Payloads are the malicious content used in attacks, not a defensive control. Attackers using AI can generate increasingly sophisticated payloads designed to evade detection, making them highly susceptible to AI-driven manipulation rather than resistant to it.

Why B is Wrong: AI-generated content is a product of AI systems and can itself be manipulated or weaponized by adversarial AI. It is not a defense mechanism and is inherently vulnerable to AI-driven manipulation and poisoning.

Why C is Wrong: An API gateway provides a managed access point for API traffic with authentication and filtering capabilities. However, APIs are primary attack targets for AI manipulation and require ongoing security updates. API gateways are less fundamentally resistant than structural attack surface reduction.

Why E is Wrong: Antivirus relies on signatures and behavioral heuristics to detect known malware. AI-powered attacks can generate novel, polymorphic payloads that evade signature detection, making antivirus less resistant to AI manipulation than attack surface reduction.

Basic Concept: Input validation is a fundamental security principle that checks incoming data against expected criteria before processing it. For AI systems, this requires a mechanism capable of inspecting the semantic content and structure of inputs — not just their volume or format. CompTIA SecAI+ Study Guide identifies prompt firewalls as the primary input validation control for AI systems.

Why A is Correct: A prompt firewall validates incoming inputs by inspecting their content against security policies, detecting malicious patterns such as injection strings or jailbreaking attempts, enforcing structural rules, and blocking non-compliant inputs before they reach the AI model. Unlike network firewalls that operate on packet headers, a prompt firewall understands the semantic content of AI prompts, making it the appropriate input validation mechanism for AI systems.

Why B is Wrong: Rate limits control how frequently inputs are submitted, not what those inputs contain. A malicious prompt submitted within rate limits will not be detected or blocked — rate limiting does not validate the content or intent of individual inputs.

Why C is Wrong: Token limits cap the maximum length of inputs and outputs in terms of tokens. While this can prevent excessively long inputs from being processed, it does not inspect input content for malicious patterns or validate that inputs conform to policy requirements.

Why D is Wrong: Input quantity is a generic term that might refer to limiting the number or size of inputs. Like token limits and rate limits, quantity controls do not validate the content of inputs for security compliance or detect malicious prompt patterns.

Basic Concept: Responsible AI encompasses several key principles governing how AI systems should behave to be trustworthy and ethical. These principles are distinct but related. Understanding their precise definitions is essential for CompTIA SecAI+ Domain 4 governance questions.

Why D is Correct: Explainability in responsible AI means the AI system can clearly articulate the specific reasons, factors, and logic that led to a particular decision or output. It answers the question " why did the AI make this specific decision? " For example, an explainable credit scoring AI would not only give a score but also explain which factors such as payment history or credit utilization contributed most to that specific score. This directly matches the question ' s description of " clearly stating reasons behind decisions. "

Why A is Wrong: Accountability refers to the ability to identify who is responsible for AI system decisions and their consequences. It addresses ownership and responsibility assignment rather than explaining the reasoning behind specific decisions.

Why B is Wrong: Auditability refers to the ability to examine and verify an AI system ' s decisions, processes, and outputs through systematic review. It enables after-the-fact verification but does not mean the system itself explains its reasoning.

Why C is Wrong: Transparency refers to openness about how an AI system works at a general level, including its purpose, capabilities, limitations, and the data it was trained on. It is broader than explainability and does not specifically address articulating reasons for individual decisions.

Basic Concept: AI chatbot operational costs are primarily driven by token consumption — the number of tokens processed in requests and generated in responses. Unexpected cost increases in LLM-based chatbots almost always trace back to abnormal token usage patterns. CompTIA SecAI+ Study Guide covers AI cost monitoring and token-based billing under securing AI systems.

Why D is Correct: Model token usage logs directly show how many tokens are being consumed per request, by which users or endpoints, and whether usage has increased abnormally. Examining token usage data is the most direct path to identifying the root cause of unexpected cost increases — whether from a denial-of-wallet attack, user abuse, a new feature generating verbose responses, or legitimate organic growth in usage. This is the first and most relevant examination point for LLM cost analysis.

Why A is Wrong: Firewall logs capture network-level traffic information. While they can reveal unusual access patterns or volumes, they do not contain token consumption data that directly explains LLM billing increases.

Why B is Wrong: WAF rules define filtering policies for web traffic. Reviewing rule configurations does not reveal whether token usage has increased or why costs have risen; it shows security policy settings rather than consumption metrics.

Why C is Wrong: Vector database IOPS performance measures how quickly the database processes read and write operations. While relevant to RAG system performance, IOPS metrics do not directly explain LLM API cost increases driven by token consumption.

Basic Concept: Advances in AI generative technology have enabled the creation of highly realistic synthetic video and audio content that convincingly impersonates real individuals. These AI-generated impersonations are called deepfakes and represent a significant threat for corporate fraud, misinformation, and social engineering. CompTIA SecAI+ covers deepfakes under basic AI concepts and cybersecurity threats.

Why C is Correct: The scenario describes a video in which the CEO ' s likeness was convincingly replicated to deliver a false message about bankruptcy. This is a textbook deepfake attack — AI-generated synthetic media using the target ' s face and potentially voice to make it appear they said something they never said. Deepfake technology uses GANs and CNNs to create this type of convincing impersonation, and the attack specifically exploited AI generation for deception.

Why A is Wrong: An on-path attack intercepts network communications between two parties to eavesdrop or modify traffic. It requires positioning in the network path, not creating synthetic media of a person ' s likeness.

Why B is Wrong: Phishing is a social engineering attack that uses deceptive messages typically via email to trick recipients into taking harmful actions such as clicking malicious links or providing credentials. While this attack has social engineering elements, the use of AI-generated video to impersonate the CEO specifically categorizes it as a deepfake attack.

Why D is Wrong: Social engineering broadly describes psychological manipulation tactics to deceive individuals. While deepfakes can be used as part of social engineering campaigns, the specific technical technique used — AI-generated synthetic video — makes deepfake the most precise and accurate categorization.

Basic Concept: AI systems that repeatedly query external data sources for similar information during a single report generation process spend significant time on redundant network requests. Caching frequently accessed data locally eliminates this overhead. CompTIA SecAI+ Study Guide covers AI performance optimization strategies in security operations contexts.

Why B is Correct: Downloading the full CVE database locally before starting the cross-referencing process eliminates the need for multiple individual external API calls as the AI processes each OS version ' s patch list. Instead of making thousands of small external queries to look up CVE information for each patch-OS combination, the AI can query the locally cached database internally. This transforms multiple slow external network operations into fast local lookups, dramatically reducing report generation time.

Why A is Wrong: Using an MCP server to run multiple LLM queries simultaneously could improve throughput through parallelization. However, the fundamental bottleneck is external CVE database queries, not LLM processing capacity. Parallelizing LLM calls does not eliminate the external query latency.

Why C is Wrong: Specifying summarization algorithms in the system prompt affects how the AI structures its output. It does not address the time-consuming external data retrieval process that is the actual performance bottleneck in this cross-referencing workflow.

Why D is Wrong: Increasing token limits prevents session restarts for long contexts but does not address the external query latency that makes the report slow to generate. The bottleneck is data retrieval speed, not token limit constraints causing session breaks.

Basic Concept: Prompting techniques determine how effectively an LLM is guided to produce desired outputs. Providing a single example within a prompt is a well-established technique known as one-shot prompting, which leverages in-context learning. CompTIA SecAI+ Study Guide covers prompting strategies under basic AI concepts.

Why C is Correct: One-shot prompting involves providing exactly one example of the desired input-output format within the prompt to guide the model ' s responses. In this scenario, the HR officer includes one example resume matching a successful candidate to show the model what a qualifying candidate looks like. This single example instructs the model on the evaluation criteria through demonstration rather than explicit description.

Why A is Wrong: Distillation is a model training technique where a smaller student model is trained to replicate the behavior of a larger teacher model. It is a model compression methodology, not a prompting technique used at query time.

Why B is Wrong: A prompt template is a reusable, structured format for prompts with placeholders that can be filled in for different queries. While templates may incorporate examples, the term specifically describes the structural framework, not the act of providing a single example.

Why D is Wrong: A system role defines the AI model ' s persona, context, and behavioral guidelines at the system level before user interaction begins. It sets the model ' s overall behavior, not a specific technique of providing examples within queries.

Basic Concept: OWASP has published the Top 10 vulnerabilities for Large Language Model Applications, each addressing a distinct category of LLM security risk. Understanding which OWASP category maps to specific LLM vulnerability scenarios is a key competency in the CompTIA SecAI+ Study Guide under securing AI systems.

Why D is Correct: Improper output handling (OWASP LLM02) occurs when an application passes LLM-generated outputs to downstream systems such as plug-ins, web browsers, or databases without proper validation, sanitization, or encoding. This can enable XSS, SQL injection, remote code execution, or other injection attacks against plug-ins and downstream systems. The scenario exactly matches this: unsanitized AI responses are automatically passed to multiple plug-ins, which could execute malicious content in the model ' s output.

Why A is Wrong: Misinformation refers to the AI generating false or misleading content that users might believe. It is a content accuracy concern related to hallucinations and false information propagation, not a vulnerability describing how model outputs are handled by downstream systems.

Why B is Wrong: Prompt injection involves crafting inputs to manipulate model behavior and override instructions. While it can be a contributing cause of unsafe outputs, the vulnerability described — passing unsanitized outputs to plug-ins — is specifically the output handling failure, not the injection mechanism itself.

Why C is Wrong: Unbounded consumption (OWASP LLM10) refers to resource exhaustion attacks including denial-of-wallet and denial-of-service through excessive token consumption. It addresses resource management vulnerabilities, not the security implications of passing model outputs to downstream systems.

Basic Concept: When a non-ML engineer can accidentally trigger model retraining during a UI update, this indicates a lack of proper lifecycle management and change controls around the AI model. Uncontrolled retraining on unverified data is a critical vulnerability in the development and deployment process. CompTIA SecAI+ Study Guide identifies the Model Development Life Cycle as the framework for preventing such issues.

Why C is Correct: Implementing a Model Development Life Cycle (MDLC) establishes formal, controlled processes for every stage of model development and updates including data validation requirements before training, change management gates, testing and validation stages, and separation of duties between UI development and model training activities. An MDLC would have prevented the accidental retraining by requiring explicit, controlled authorization before any model training occurs.

Why A is Wrong: A WAF filters HTTP traffic at the application boundary. It does not govern internal development processes or control when and how model retraining occurs within the AI development pipeline.

Why B is Wrong: Role-based access control can restrict who has permission to trigger model retraining, which would help prevent this specific incident. However, it is one component of a broader MDLC governance framework and does not address data validation, testing stages, or the complete change management process.

Why D is Wrong: A GAN is a model architecture for generating synthetic data. It is a training technique unrelated to lifecycle governance or preventing accidental retraining from unverified data during unrelated application updates.

Basic Concept: AI agents in SOC environments can automate repetitive, rules-based response actions that previously required human intervention. When the primary concerns are enterprise uptime and case resolution time, the AI agent ' s ability to autonomously execute containment actions through SOAR is the most impactful application. CompTIA SecAI+ Study Guide covers AI agent use cases in security operations.

Why A is Correct: Using the AI agent to analyze incidents and execute containment actions through SOAR playbooks directly addresses both uptime and resolution time concerns. The agent can immediately analyze alert details, determine the appropriate playbook, and execute containment actions such as isolating compromised hosts or disabling compromised accounts autonomously, without waiting for human intervention. This dramatically reduces mean time to contain threats, improving both uptime and resolution speed.

Why B is Wrong: Enriching alerts with open-source intelligence improves analyst context but is a preparatory step rather than a response action. While valuable, it does not directly reduce resolution time by taking containment actions to stop ongoing threats.

Why C is Wrong: Aggregating metrics and generating leadership reports is an administrative function that consumes agent capacity for non-operational purposes. It improves visibility but does not directly improve uptime or case resolution time for active incidents.

Why D is Wrong: Creating tabletop exercises improves team preparedness over time through training scenarios. While beneficial for long-term capability development, it does not directly address the immediate concerns of enterprise uptime and active case resolution time.

Basic Concept: In AI governance, each role holds distinct responsibilities. Understanding these roles is core to CompTIA SecAI+ Domain 4 (AI Governance, Risk, and Compliance).

Why D is Correct: The Data Scientist is responsible for translating business use cases into working AI/ML models. They analyze business requirements, identify the appropriate machine learning approach, and develop models that fulfill specific business objectives. According to the CompTIA SecAI+ Study Guide, data scientists bridge raw data and actionable AI solutions by building and validating models derived from business-driven needs.

Why A is Wrong: A Platform Architect designs and manages the infrastructure and technical platforms hosting AI systems. Their focus is architectural design of the environment, not model development from business use cases.

Why B is Wrong: An AI Risk Analyst identifies, evaluates, and mitigates risks associated with AI adoption. Their role is governance and risk-oriented, not model creation.

Why C is Wrong: An MLOps Engineer operationalizes, deploys, monitors, and maintains AI models in production. They take models already built by data scientists and ensure reliable operation at scale, not develop them from business use cases.

Basic Concept: AI chatbots are designed with safety guidelines and content policies that prevent them from generating harmful, offensive, or inappropriate content. When users find ways to bypass these restrictions through crafted prompts, they have " jailbroken " the model. CompTIA SecAI+ Study Guide covers jailbreaking as a key AI vulnerability category.

Why C is Correct: Jailbreaking is the process of using cleverly crafted prompts to bypass an AI model ' s built-in safety restrictions, content policies, and behavioral guardrails, causing it to produce outputs it was designed to refuse. The scenario describes a chatbot that was designed for automobile configuration assistance but is producing offensive responses following customer prompts, indicating that customers have successfully prompted the model to bypass its safety constraints and generate prohibited content.

Why A is Wrong: Model skewing refers to attacks or biases that cause a model to favor certain outputs or perspectives systematically over time, often through data manipulation. It describes a gradual distortion of model behavior, not a direct user-prompted bypass of safety restrictions in a single interaction.

Why B is Wrong: Model theft involves extracting or replicating a proprietary model ' s functionality or architecture through repeated queries. It is an intellectual property attack aimed at stealing the model ' s knowledge, not an attack that causes the model to produce offensive content.

Why D is Wrong: Insecure output handling occurs when an application fails to properly validate or sanitize AI-generated outputs before using them in ways that could cause harm such as passing AI output directly to a system command or database query. It describes a developer implementation vulnerability, not the act of a user prompting a model to bypass its safety constraints.

Basic Concept: AI systems can inadvertently reveal sensitive information such as PII, credentials, or internal data in their outputs when not properly controlled. Sensitive information disclosure is a critical OWASP LLM Top 10 risk. CompTIA SecAI+ Study Guide covers both vulnerability identification and appropriate data protection controls for AI outputs.

Why D is Correct: The scenario describes the AI system outputting sensitive information in its responses, which is a sensitive information disclosure vulnerability. The appropriate control is masking, which replaces sensitive data values such as credit card numbers, SSNs, or API keys with redacted or tokenized equivalents in the model ' s outputs before they are returned to users. This prevents the AI from disclosing sensitive data while still providing useful responses.

Why A is Wrong: Prompt injection involves crafting inputs to override model instructions. If the penetration test revealed sensitive information, the primary vulnerability is the disclosure of that sensitive data, not the injection mechanism itself. EDR monitors endpoint behavior, not AI output content.

Why B is Wrong: Model hallucinations produce fabricated information rather than disclosing real sensitive data. The described scenario involves actual sensitive information being revealed, not fictitious content generation.

Why C is Wrong: Jailbreaking circumvents safety restrictions but the primary harm demonstrated is sensitive data exposure. RBAC manages access permissions but does not prevent the model from including sensitive data in responses once access is granted.

Why E is Wrong: Role impersonation involves the AI pretending to be a different entity. This may be a secondary technique used by the penetration tester but the primary vulnerability described is the disclosure of actual sensitive information in the output.

Basic Concept: User account credentials stored in a database must be protected against unauthorized disclosure. The security of credentials at rest requires cryptographic controls that prevent even database administrators or attackers with database access from reading plaintext passwords. CompTIA SecAI+ Study Guide covers credential security controls as part of AI application security.

Why C is Correct: Implementing hashing and encryption for credential protection is the industry-standard approach. Passwords should be hashed using strong, slow algorithms such as bcrypt, Argon2, or scrypt with unique salts, making them computationally infeasible to reverse even if the database is compromised. Additional sensitive credential data can be encrypted. Together, hashing and encryption ensure that account credentials remain protected even if the underlying storage is accessed by unauthorized parties.

Why A is Wrong: Patching the model with new datasets updates the AI model ' s training data and knowledge. It does not address the security of user account credentials stored in the application ' s authentication database.

Why B is Wrong: Updating Linux and virtual server software patches system vulnerabilities and is important for overall security hygiene. However, it does not implement specific protections for the account credentials themselves stored in the application database.

Why D is Wrong: Deploying an authenticated API requires users to authenticate to use the API, improving access control. While this complements credential security, it does not protect the storage of credentials at rest and does not replace hashing and encryption of the credential values themselves.

Basic Concept: AI systems used in employment contexts such as job screening carry significant regulatory risk. For a multinational company operating in or serving markets covered by the EU AI Act, compliance with this binding regulation is mandatory to avoid substantial fines. CompTIA SecAI+ Exam Objectives cover AI regulatory compliance under Domain 4.

Why B is Correct: The EU AI Act explicitly classifies AI systems used for employment screening, candidate evaluation, and worker management as high-risk AI applications. These systems are subject to strict compliance requirements including mandatory conformity assessments, human oversight, transparency obligations, and registration. Non-compliance can result in fines up to 30 million euros or 6% of global annual turnover. A multinational company implementing AI job screening must reference the EU AI Act as the primary compliance obligation.

Why A is Wrong: ISO AI standards such as ISO 42001 are voluntary management system standards. While useful for best practices, they do not carry legal enforcement power and adherence does not prevent regulatory fines from binding legislation like the EU AI Act.

Why C is Wrong: Corporate policy is an internal governance document that sets organizational standards. It cannot supersede external legal obligations and following only corporate policy does not protect against fines from regulatory bodies enforcing the EU AI Act.

Why D is Wrong: NIST AI RMF is a voluntary American risk management framework. While excellent for AI risk governance, it is not a binding regulation and does not address the legal compliance requirements that generate fines from regulatory authorities in jurisdictions covered by the EU AI Act.