Free Practice Questions for CompTIA CY0-001 Exam

Basic Concept: An on-path (formerly man-in-the-middle) attack intercepts communication between two parties, allowing the attacker to read, modify, or inject content. In the context of a generative AI application, an on-path attack on the session between user and AI service can manipulate prompts being sent to the model or responses being returned to users. CompTIA SecAI+ covers AI-specific attack vectors under securing AI systems.

Why B is Correct: Session hijacking involves an attacker taking control of an active user session by capturing or forging session tokens. In this attack, the attacker intercepts the communication channel between users and the AI application, allowing them to modify prompts sent to the model or replace legitimate model responses with offensive content. This explains why outputs seem unrelated to prompts and contain offensive material.

Why A is Wrong: Application server hijacking involves gaining unauthorized control of the server hosting the application. While severe, this would typically manifest as complete service disruption or data exfiltration rather than targeted modification of individual user session content.

Why C is Wrong: Domain hijacking involves unauthorized transfer of a domain name registration, redirecting all users to a different IP address. This would affect all users simultaneously and typically redirect to a completely different site rather than manipulating individual AI responses.

Why D is Wrong: Model hijacking refers to attacks that steal or replicate an AI model, not to intercepting and modifying the communication between users and an existing model during active sessions.

Basic Concept: Generative AI produces natural language content based on input data. In a security operations context, triage involves rapidly understanding and prioritizing security events. Generative AI ' s strength lies in synthesizing information and producing readable summaries from complex data. CompTIA SecAI+ Study Guide covers generative AI applications in security operations.

Why C is Correct: Summarizing security findings by category is a natural application of generative AI in triage. The AI can process large volumes of alerts and security events, group them by type or severity, and generate concise natural language summaries that enable analysts to quickly understand the current threat landscape without reading individual alerts. This directly reduces triage time and cognitive load.

Why A is Wrong: Predicting the next attack target requires predictive analytics and threat intelligence correlation. While AI can assist with this, it is a forecasting task better suited to analytical ML models rather than generative AI, and it is a strategic intelligence function rather than a triage task.

Why B is Wrong: Statistical analysis for malicious code assessment uses mathematical and ML techniques to analyze code characteristics. This is a traditional ML classification task, not a generative AI application, and is performed during malware analysis rather than alert triage.

Why D is Wrong: Tagging malware using ML algorithms is a classification task that uses supervised ML models trained on malware features. It is a detection and classification function, not a generative AI triage application.

Basic Concept: OWASP has published the Top 10 vulnerabilities for Large Language Model Applications, each addressing a distinct category of LLM security risk. Understanding which OWASP category maps to specific LLM vulnerability scenarios is a key competency in the CompTIA SecAI+ Study Guide under securing AI systems.

Why D is Correct: Improper output handling (OWASP LLM02) occurs when an application passes LLM-generated outputs to downstream systems such as plug-ins, web browsers, or databases without proper validation, sanitization, or encoding. This can enable XSS, SQL injection, remote code execution, or other injection attacks against plug-ins and downstream systems. The scenario exactly matches this: unsanitized AI responses are automatically passed to multiple plug-ins, which could execute malicious content in the model ' s output.

Why A is Wrong: Misinformation refers to the AI generating false or misleading content that users might believe. It is a content accuracy concern related to hallucinations and false information propagation, not a vulnerability describing how model outputs are handled by downstream systems.

Why B is Wrong: Prompt injection involves crafting inputs to manipulate model behavior and override instructions. While it can be a contributing cause of unsafe outputs, the vulnerability described — passing unsanitized outputs to plug-ins — is specifically the output handling failure, not the injection mechanism itself.

Why C is Wrong: Unbounded consumption (OWASP LLM10) refers to resource exhaustion attacks including denial-of-wallet and denial-of-service through excessive token consumption. It addresses resource management vulnerabilities, not the security implications of passing model outputs to downstream systems.

Basic Concept: Preventing vulnerable code from reaching production requires an automated, mandatory gate in the software delivery pipeline. The CI/CD pipeline is the enforcement point where all code must pass before deployment. CompTIA SecAI+ Study Guide covers AI integration in secure development pipelines under AI-assisted security.

Why C is Correct: Implementing an LLM in the CI/CD runner creates a mandatory automated security gate that every code change must pass. The LLM can analyze code for vulnerabilities, insecure patterns, and policy violations, then automatically fail the build if issues are found. This prevents vulnerable code from progressing toward production without human bypass capability, making it the most effective enforcement mechanism.

Why A is Wrong: IDE plug-ins provide warnings to developers during coding, but developers can choose to ignore them and proceed with compilation and commits. Warnings are advisory, not preventive, and cannot guarantee vulnerable code is blocked from the pipeline.

Why B is Wrong: SOAR platforms with ML models are excellent for incident response and security operations automation. However, they are not positioned in the code delivery pipeline and do not gate code from progressing to production.

Why D is Wrong: An agentic penetration testing tool validates vulnerabilities reactively after code is written or deployed. This approach does not intercept code before production deployment and is typically used for post-deployment assessment rather than prevention.

Basic Concept: Data at rest refers to inactive data stored in databases or storage media. Protecting it from unauthorized disclosure is a fundamental data security principle covered in the CompTIA SecAI+ Study Guide under securing AI data pipelines.

Why C is Correct: Encryption protects data at rest by rendering it unreadable to unauthorized parties without the appropriate decryption key. In a financial institution with sensitive data, encryption at rest (e.g., AES-256) is the primary control against data disclosure. Even if storage media is physically compromised, encrypted data remains unintelligible. CompTIA SecAI+ Exam Objectives highlight encryption as the primary confidentiality control for stored AI data.

Why A is Wrong: Data lineage tracks the origin and movement of data throughout its lifecycle. It improves traceability and auditability but does not prevent unauthorized disclosure of data at rest.

Why B is Wrong: Rate limits control the number of API requests within a time period. They protect against abuse and denial-of-service scenarios, not data-at-rest confidentiality.

Why D is Wrong: Data masking replaces sensitive values with fictitious substitutes, useful during development or testing. For actual production data at rest in AI systems handling real financial records, encryption provides stronger and more comprehensive confidentiality.

Basic Concept: Protecting a released AI model from unauthorized modification requires controlling who can interact with it and at what privilege level. IAM-integrated API access provides granular, auditable control over model interactions. CompTIA SecAI+ Study Guide covers model protection through identity and access management integration.

Why D is Correct: Integrating an API with IAM roles ensures that all interactions with the model are authenticated and authorized according to precisely defined permissions. IAM roles enforce the principle of least privilege, ensuring users can query the model only within authorized scope and cannot modify model parameters, weights, or configuration. API-level access provides an abstraction layer that protects the underlying model from direct access while enabling controlled, auditable interactions.

Why A is Wrong: Changing to an LLM with guardrails addresses model behavior safety but does not protect the model artifacts themselves from tampering or unauthorized modification. It changes the model type rather than implementing access controls.

Why B is Wrong: Providing secure copies for local runtime distributes model copies to multiple endpoints, significantly increasing the attack surface for tampering. Each local copy represents a potential point of unauthorized modification.

Why C is Wrong: Restricting access to IT professionals is overly broad and vague. IT professionals may still need varying levels of access for different purposes, and generic role-based access without IAM integration and API mediation provides insufficient granularity to prevent unintentional modification.

Basic Concept: AI-generated content including personalized text, synthetic voice, and deepfake video has dramatically enhanced the effectiveness and scalability of social engineering attacks. Understanding how AI amplifies specific attack types is key to CompTIA SecAI+ basic AI concepts in the cybersecurity context.

Why B is Correct: Phishing attacks are most dramatically enabled by AI-generated content. AI can generate highly personalized, grammatically perfect phishing emails tailored to individual targets using publicly available information. It can create convincing deepfake audio and video for voice phishing (vishing) and video phishing, replicate executive communication styles for business email compromise, and generate phishing campaigns at massive scale. The quality and personalization that previously required skilled human social engineers can now be automated with AI.

Why A is Wrong: Model poisoning is a specific attack against AI systems that corrupts training data to manipulate model behavior. While sophisticated, it is a targeted AI security attack rather than a broad cybercrime enabled by AI-generated content at scale.

Why C is Wrong: Ransomware is malware that encrypts victim data and demands payment for decryption keys. While AI can assist in ransomware development, ransomware deployment relies on code execution and network propagation techniques more than AI-generated content.

Why D is Wrong: Remote code execution involves exploiting vulnerabilities to run arbitrary code on a target system. It relies on technical vulnerability exploitation rather than AI-generated content. AI might assist in finding vulnerabilities, but RCE is not primarily enabled by content generation.

Basic Concept: When AI models are deployed in production, they interact with real data including sensitive business information, personal data, and confidential records. The intersection of AI capabilities and sensitive data creates significant security risks. CompTIA SecAI+ Exam Objectives identify data exposure as the primary production security risk for AI deployments.

Why D is Correct: Data exposure is the primary security risk in production AI deployments. AI models in production process sensitive data through queries and responses, and vulnerabilities such as prompt injection, model inversion attacks, insecure output handling, and misconfigured access controls can expose confidential training data, user PII, proprietary information, or system credentials. The consequences include regulatory violations, legal liability, and reputational damage, making data exposure the most critical ongoing security concern.

Why A is Wrong: GPU acceleration is a performance optimization technique that uses graphics processors for faster AI computation. While hardware security is important, GPU acceleration itself is not a security risk — it is a performance feature that does not inherently expose data.

Why B is Wrong: Model overfitting is a model quality issue where a model performs poorly on new data after memorizing training data too specifically. While it can indirectly contribute to data memorization, it is primarily a performance and generalization concern during development rather than a primary production security risk.

Why C is Wrong: Model encryption is a security control used to protect AI model weights from unauthorized access, not a risk itself. Framing a protection mechanism as a primary risk conflates controls with threats.

Basic Concept: LLM hallucinations occur when the model generates plausible-sounding but factually incorrect or fabricated information. For internal content management solutions where accuracy is critical, detecting and handling hallucinated responses before they are acted upon is essential. CompTIA SecAI+ Study Guide covers response validation as a mitigation for hallucination risks.

Why B is Correct: Response validation implements checks that verify the accuracy and relevance of LLM-generated responses before they are presented to users or acted upon. This can involve cross-referencing responses against authoritative internal data sources, using a secondary model to evaluate response accuracy, or implementing confidence scoring that flags low-confidence responses for human review. Response validation directly addresses the hallucination problem by catching inaccurate responses before they cause harm.

Why A is Wrong: Model training addresses hallucinations at the model level by providing more accurate training data or fine-tuning. While effective long-term, it requires significant time and resources and does not provide immediate protection against hallucinations in the currently deployed model.

Why C is Wrong: Access controls manage who can query the LLM and what resources they can access. They do not inspect or validate the accuracy of the model ' s responses, so they cannot mitigate hallucination risks.

Why D is Wrong: Integrity monitoring tracks whether data or systems have been tampered with or changed unexpectedly. It is relevant for detecting unauthorized modifications but does not validate whether LLM-generated content accurately reflects reality or internal authoritative data.

Basic Concept: ML models excel at classification tasks, learning to assign incoming data points to predefined categories based on patterns in training data. In a SOC context, alert classification is the highest-value triage function ML can perform. CompTIA SecAI+ Exam Objectives address AI-assisted security operations under Domain 3.

Why C is Correct: ML-based alert classification automatically analyzes characteristics of each alert and assigns it to a severity category such as critical, high, medium, or low, or to a threat type such as malware or intrusion attempt. This dramatically reduces analyst workload and speeds triage by prioritizing which alerts demand immediate human attention, directly solving the high-volume problem.

Why A is Wrong: Applying filters on specific alerts is a rule-based operation achievable without ML using simple log management tools. It requires no learning capability and does not adapt to new or evolving threats.

Why B is Wrong: Automatically patching systems is a remediation action requiring validated, controlled processes. Having an ML system autonomously patch production systems without human oversight poses unacceptable operational and security risk.

Why D is Wrong: Summarizing alert content is a useful generative AI function but does not provide prioritization value for triage. Classification tells analysts what to act on first; summarization only rephrases existing information.