Free Practice Questions for CompTIA CY0-001 Exam

Basic Concept: Assessing attack probability and impact for ML systems requires a resource specifically built to catalog real-world adversarial attacks against AI and ML systems, including documented techniques with associated impact information. CompTIA SecAI+ Exam Objectives identify MITRE ATLAS as the authoritative ML threat landscape resource.

Why B is Correct: MITRE ATLAS is specifically designed as a comprehensive knowledge base of adversarial tactics, techniques, and case studies targeting AI and ML systems. It catalogs real-world attacks with associated probability factors derived from actual incidents and provides impact assessments for various attack types including data poisoning, model evasion, model extraction, and inference attacks. This directly enables the probability and impact assessment the team requires.

Why A is Wrong: The CVE AI working group focuses on identifying and cataloging specific vulnerability instances in AI software components. While useful for vulnerability management, it does not provide the comprehensive threat landscape coverage with probability and impact assessments for ML-specific attack tactics that ATLAS provides.

Why C is Wrong: The MIT risk repository is an academic resource cataloging general AI-related risks. It is research-oriented and does not provide the practitioner-focused, operational attack taxonomy and case study library that MITRE ATLAS offers for ML threat modeling.

Why D is Wrong: OWASP provides application security guidance including the OWASP LLM Top 10. While valuable for LLM-specific risks, OWASP does not provide the comprehensive ML threat landscape coverage or the probability and impact data that MITRE ATLAS offers for assessing the full spectrum of ML attack scenarios.

Basic Concept: Different ML model architectures offer varying degrees of explainability. In cybersecurity, understanding why a model classified a log entry as malicious or benign is critical for analyst trust, investigation, and regulatory compliance. CompTIA SecAI+ covers model explainability under responsible AI and basic AI concepts.

Why C is Correct: Decision trees are inherently interpretable models that classify data through a series of transparent if-then rules. Every classification decision can be traced through the exact path of conditions that led to it, showing precisely which log entry features triggered the classification. Analysts can read and understand the decision path, making decision trees the gold standard for explainable ML classification in security applications where understanding the reason for a classification is as important as the classification itself.

Why A is Wrong: Large language models are complex transformer architectures with hundreds of billions of parameters. They function as black boxes — their internal decision-making processes are not human-interpretable, making them poor choices when explainability is the primary requirement.

Why B is Wrong: Neural networks are non-linear black box models. While they can achieve high classification accuracy, their multi-layer architecture makes it extremely difficult to explain why specific decisions were made in human-understandable terms.

Why D is Wrong: Generative adversarial networks are designed for generating synthetic data, not for classification tasks. They consist of competing generator and discriminator networks and are fundamentally unsuitable for log entry classification with explainability requirements.

Basic Concept: When an AI chatbot powered by RAG retrieves and outputs sensitive patient information such as names, medical histories, or identifiers, the risk of Protected Health Information (PHI) disclosure must be mitigated. CompTIA SecAI+ Study Guide covers data protection techniques for AI systems handling sensitive health data.

Why A is Correct: Masking replaces sensitive data values such as patient names, dates of birth, medical record numbers, and diagnoses with redacted or anonymized equivalents in the chatbot ' s output. Even if the RAG system retrieves records containing patient information, masking ensures that the sensitive fields are obscured before the response is presented to the user. This directly prevents PHI disclosure while allowing the chatbot to provide useful responses based on the underlying data patterns.

Why B is Wrong: Classification involves categorizing data by its sensitivity level such as public, internal, confidential, or restricted. While it identifies which data requires protection, classification alone does not transform or obscure the sensitive values in chatbot outputs.

Why C is Wrong: Data minimization is a privacy principle that limits data collection to only what is necessary for the specified purpose. While valuable as a design principle when building the RAG knowledge base, it is a data governance strategy rather than a technical output control that can be applied to mitigate existing PHI disclosure in chatbot responses.

Why D is Wrong: Normalization is a data processing technique that scales numerical values to a standard range or standardizes data formats. It is a preprocessing step for improving model training efficiency, not a data protection technique for preventing patient information disclosure in AI outputs.

Basic Concept: Monitoring an AI system ' s internal runtime behavior requires deep observability into what the system is doing at the code and function execution level, not just at the perimeter. CompTIA SecAI+ Study Guide addresses AI system observability and runtime monitoring under securing AI infrastructure.

Why D is Correct: Enabling stack call and debugging level traces at the function level provides the highest granularity of visibility into internal operations. This approach exposes what functions are called, in what order, with what inputs, and what is returned, offering genuine insight into the AI system ' s internal activity at runtime precisely as the engineer requires.

Why A is Wrong: A SIEM aggregates and correlates log and event data from multiple sources. While useful for security alerting, it does not inherently provide visibility into internal function-level operations of an AI model at runtime.

Why B is Wrong: A WAF with header logging monitors and filters HTTP traffic at the application boundary. It captures external request and response data, not the AI system ' s internal runtime mechanics.

Why C is Wrong: Relying on vendor controls and monitoring prompt inputs is a passive, externally-focused approach. It provides no visibility into intermediate computations or internal operations within the AI model itself.

Basic Concept: AI chatbot operational costs are primarily driven by token consumption — the number of tokens processed in requests and generated in responses. Unexpected cost increases in LLM-based chatbots almost always trace back to abnormal token usage patterns. CompTIA SecAI+ Study Guide covers AI cost monitoring and token-based billing under securing AI systems.

Why D is Correct: Model token usage logs directly show how many tokens are being consumed per request, by which users or endpoints, and whether usage has increased abnormally. Examining token usage data is the most direct path to identifying the root cause of unexpected cost increases — whether from a denial-of-wallet attack, user abuse, a new feature generating verbose responses, or legitimate organic growth in usage. This is the first and most relevant examination point for LLM cost analysis.

Why A is Wrong: Firewall logs capture network-level traffic information. While they can reveal unusual access patterns or volumes, they do not contain token consumption data that directly explains LLM billing increases.

Why B is Wrong: WAF rules define filtering policies for web traffic. Reviewing rule configurations does not reveal whether token usage has increased or why costs have risen; it shows security policy settings rather than consumption metrics.

Why C is Wrong: Vector database IOPS performance measures how quickly the database processes read and write operations. While relevant to RAG system performance, IOPS metrics do not directly explain LLM API cost increases driven by token consumption.

Basic Concept: Reconnaissance is the information gathering phase of an attack. LLMs can be enhanced to perform more effective reconnaissance by giving them access to current, specific information beyond their training data cutoff. CompTIA SecAI+ covers AI augmentation techniques including RAG under AI-assisted security.

Why A is Correct: RAG enhances an LLM by connecting it to an external knowledge base or real-time data sources that it can query during inference. For reconnaissance purposes, a RAG-enabled LLM can access up-to-date organizational information, technical documentation, and intelligence feeds that go beyond its static training data. This makes the LLM significantly more capable for gathering current, targeted intelligence about specific organizations or infrastructure.

Why B is Wrong: Creating a web scraper is a basic data collection technique. While AI can help write scraper code, the scraper itself is a simple script that does not enhance the LLM ' s intelligence or reasoning capabilities for sophisticated reconnaissance.

Why C is Wrong: Instructing an AI assistant to query as an administrator is a prompt manipulation attempt. An LLM cannot actually gain elevated permissions through a prompt instruction; this describes social engineering or privilege escalation via prompting, not a performance enhancement technique.

Why D is Wrong: Prompting a chatbot to describe naming patterns is a basic use of an existing LLM ' s knowledge. It does not strengthen or enhance the model ' s capabilities; it merely queries what the model already knows from training data, which may be outdated or generic.

Basic Concept: AI chatbots are designed with safety guidelines and content policies that prevent them from generating harmful, offensive, or inappropriate content. When users find ways to bypass these restrictions through crafted prompts, they have " jailbroken " the model. CompTIA SecAI+ Study Guide covers jailbreaking as a key AI vulnerability category.

Why C is Correct: Jailbreaking is the process of using cleverly crafted prompts to bypass an AI model ' s built-in safety restrictions, content policies, and behavioral guardrails, causing it to produce outputs it was designed to refuse. The scenario describes a chatbot that was designed for automobile configuration assistance but is producing offensive responses following customer prompts, indicating that customers have successfully prompted the model to bypass its safety constraints and generate prohibited content.

Why A is Wrong: Model skewing refers to attacks or biases that cause a model to favor certain outputs or perspectives systematically over time, often through data manipulation. It describes a gradual distortion of model behavior, not a direct user-prompted bypass of safety restrictions in a single interaction.

Why B is Wrong: Model theft involves extracting or replicating a proprietary model ' s functionality or architecture through repeated queries. It is an intellectual property attack aimed at stealing the model ' s knowledge, not an attack that causes the model to produce offensive content.

Why D is Wrong: Insecure output handling occurs when an application fails to properly validate or sanitize AI-generated outputs before using them in ways that could cause harm such as passing AI output directly to a system command or database query. It describes a developer implementation vulnerability, not the act of a user prompting a model to bypass its safety constraints.