A cybersecurity analyst wants to choose a machine learning (ML) model to classify log entries while providing the best explainability.
Which of the following models should the analyst use?
Large language model (LLM)
Neural networks
Decision trees
Generative adversarial network (GAN)
Basic Concept: Different ML model architectures offer varying degrees of explainability. In cybersecurity, understanding why a model classified a log entry as malicious or benign is critical for analyst trust, investigation, and regulatory compliance. CompTIA SecAI+ covers model explainability under responsible AI and basic AI concepts.
Why C is Correct: Decision trees are inherently interpretable models that classify data through a series of transparent if-then rules. Every classification decision can be traced through the exact path of conditions that led to it, showing precisely which log entry features triggered the classification. Analysts can read and understand the decision path, making decision trees the gold standard for explainable ML classification in security applications where understanding the reason for a classification is as important as the classification itself.
Why A is Wrong: Large language models are complex transformer architectures with hundreds of billions of parameters. They function as black boxes — their internal decision-making processes are not human-interpretable, making them poor choices when explainability is the primary requirement.
Why B is Wrong: Neural networks are non-linear black box models. While they can achieve high classification accuracy, their multi-layer architecture makes it extremely difficult to explain why specific decisions were made in human-understandable terms.
Why D is Wrong: Generative adversarial networks are designed for generating synthetic data, not for classification tasks. They consist of competing generator and discriminator networks and are fundamentally unsuitable for log entry classification with explainability requirements.
Which of the following is a key principle of responsible AI systems?
Using protected data for training
Ensuring transparency and explainability
Operating with human-in-the-loop
Maximizing model security
Basic Concept: Responsible AI encompasses a set of principles designed to ensure AI systems operate ethically, fairly, and accountably. These principles guide AI development and deployment to minimize harm and maximize trustworthiness. CompTIA SecAI+ Exam Objectives list transparency and explainability as foundational responsible AI principles under Domain 4.
Why B is Correct: Transparency and explainability are cornerstone principles of responsible AI. Transparency means AI systems are open about their nature, capabilities, limitations, and how they make decisions. Explainability means the system can articulate the reasons behind its decisions in human-understandable terms. Together, they enable accountability, support regulatory compliance, allow bias detection, and build user trust. The CompTIA SecAI+ Study Guide and responsible AI frameworks including OECD and NIST AI RMF consistently identify this as a key principle.
Why A is Wrong: Using protected data for training would violate privacy and intellectual property rights. This is not a responsible AI principle — responsible AI actually requires ensuring that training data respects privacy, consent, and legal protections.
Why C is Wrong: Human-in-the-loop is an important operational practice for high-stakes AI decisions, but it is one design pattern rather than the key overarching principle of responsible AI. Not all responsible AI systems require human-in-the-loop operation for every decision.
Why D is Wrong: Maximizing model security is a cybersecurity objective for AI systems. While important, it is an operational security concern rather than a responsible AI governance principle focused on fairness, accountability, and trustworthiness in AI decision-making.
Which of the following would most likely be used to prove that an image is AI generated?
Human validation
Guardrails
Diffusion
Watermarking
Basic Concept: As AI-generated images become increasingly indistinguishable from authentic photographs, technical mechanisms are needed to definitively identify synthetic content. Embedding verifiable markers in AI-generated content at creation time provides a reliable provenance trail. CompTIA SecAI+ Study Guide covers digital content authentication and AI provenance controls.
Why D is Correct: Watermarking embeds invisible or visible identifying markers into AI-generated images at the point of creation. These watermarks can be cryptographic, steganographic, or perceptual in nature and survive compression, cropping, and other common image manipulations. When an image ' s provenance is questioned, watermark detection tools can analyze it to confirm AI generation. This is the primary technical mechanism for proving AI image origin as supported by the Content Authenticity Initiative and C2PA standards.
Why A is Wrong: Human validation relies on subjective visual inspection by experts to determine if an image appears AI-generated. Modern AI image generation has advanced to the point where human reviewers frequently cannot distinguish synthetic from authentic images, making this approach unreliable for definitive proof.
Why B is Wrong: Guardrails are input and output filtering controls for AI systems. They restrict what content an AI can generate but do not create verifiable proof of an image ' s AI origin after generation.
Why C is Wrong: Diffusion refers to the diffusion model architecture used to generate images. It describes the creation process, not a verification mechanism. Knowing that diffusion models were used does not help prove a specific image was AI-generated after the fact.
Which of the following responsible AI standards refers to a principle that clearly states the reasons behind the decisions for a particular conclusion?
Accountability
Auditability
Transparency
Explainability
Basic Concept: Responsible AI encompasses several key principles governing how AI systems should behave to be trustworthy and ethical. These principles are distinct but related. Understanding their precise definitions is essential for CompTIA SecAI+ Domain 4 governance questions.
Why D is Correct: Explainability in responsible AI means the AI system can clearly articulate the specific reasons, factors, and logic that led to a particular decision or output. It answers the question " why did the AI make this specific decision? " For example, an explainable credit scoring AI would not only give a score but also explain which factors such as payment history or credit utilization contributed most to that specific score. This directly matches the question ' s description of " clearly stating reasons behind decisions. "
Why A is Wrong: Accountability refers to the ability to identify who is responsible for AI system decisions and their consequences. It addresses ownership and responsibility assignment rather than explaining the reasoning behind specific decisions.
Why B is Wrong: Auditability refers to the ability to examine and verify an AI system ' s decisions, processes, and outputs through systematic review. It enables after-the-fact verification but does not mean the system itself explains its reasoning.
Why C is Wrong: Transparency refers to openness about how an AI system works at a general level, including its purpose, capabilities, limitations, and the data it was trained on. It is broader than explainability and does not specifically address articulating reasons for individual decisions.
Which of the following describes the number of training cycles used in an AI model for threat detection?
k-means clustering
Tokens
Temperature
Epoch
Basic Concept: Training an AI model involves repeatedly exposing it to training data so it can learn optimal parameters. The terminology for training cycles is fundamental to understanding AI model training processes. CompTIA SecAI+ Study Guide covers core AI training concepts under basic AI concepts.
Why D is Correct: An epoch refers to one complete pass through the entire training dataset. When a model trains for multiple epochs, it sees each training example multiple times, allowing it to refine its parameters progressively. The number of training epochs is a key hyperparameter that directly affects model performance — too few and the model underfits; too many and it may overfit. For a threat detection model, specifying epochs controls how thoroughly the model has learned from the training data.
Why A is Wrong: k-means clustering is an unsupervised machine learning algorithm that groups data points into k clusters based on feature similarity. It is a data clustering algorithm, not a term describing training cycles or iterations.
Why B is Wrong: Tokens are the discrete units that LLMs use to process text inputs and outputs. Token count measures text processing volume and LLM utilization, not the number of times a model has processed its training dataset.
Why C is Wrong: Temperature is an inference parameter that controls the randomness or creativity of an LLM ' s output generation. Higher temperature produces more varied outputs; lower temperature produces more deterministic responses. It is not related to training cycles or iterations.
A security consultant must summarize the impact of posture management on a machine learning (ML) use case.
Which of the following is the most appropriate reference for this purpose?
Organization for Economic Co-operation and Development (OECD) standards
National Institute of Standards and Technology (NIST) AI Risk Management Framework (RMF)
European Union AI Act
Generative adversarial network (GAN)
Basic Concept: Security posture management for AI systems involves assessing and improving the overall security state of AI deployments, including identifying risks, implementing controls, and maintaining ongoing compliance. Appropriate frameworks provide structure for this assessment. CompTIA SecAI+ Study Guide identifies NIST AI RMF as the primary framework for AI risk and posture management.
Why B is Correct: The NIST AI Risk Management Framework provides comprehensive, actionable guidance for managing and improving AI security and risk posture across the entire AI lifecycle. It includes the GOVERN, MAP, MEASURE, and MANAGE functions that directly address posture management activities including risk identification, assessment, and control implementation for ML use cases. Its technical depth and ML-specific guidance make it ideal for this summarization task.
Why A is Wrong: OECD standards provide high-level policy principles for AI governance at an international level. They lack the technical specificity and operational guidance needed to summarize posture management impact on a specific ML use case.
Why C is Wrong: The EU AI Act is a regulatory compliance framework establishing legal requirements for AI systems. While it addresses risk management, its focus is on legal compliance rather than technical posture management guidance for ML systems.
Why D is Wrong: A Generative Adversarial Network is an AI architecture for generating synthetic data, not a framework or standard. It has no relevance as a reference for AI security posture management.
A company develops an AI model to diagnose patients. Hospitals access the model through an integrated application programming interface (API). The security team performs a denial-of-service (DoS) attack via brute force on the model.
Which of the following controls would have prevented this issue?
Tokenization
Model guardrails
Rate limiting
Prompt firewall
Basic Concept: API-based AI systems are susceptible to DoS attacks where excessive requests overwhelm the system ' s ability to respond to legitimate users. Rate limiting is the standard control for preventing both intentional and unintentional API abuse. CompTIA SecAI+ Study Guide covers rate limiting as a key availability control for AI APIs.
Why C is Correct: Rate limiting restricts the number of requests a client can make to an API within a defined time window. In this scenario, a brute-force DoS attack works by sending a massive volume of requests to exhaust the model ' s resources. Rate limiting would have automatically throttled or blocked the excessive request volume, preventing the attack from succeeding and preserving service availability for legitimate hospital users.
Why A is Wrong: Tokenization replaces sensitive data values with non-sensitive placeholders. It is a data security control for protecting sensitive information such as patient identifiers, not a control for managing API request volumes or preventing DoS attacks.
Why B is Wrong: Model guardrails filter and constrain model inputs and outputs for safety and policy compliance. They inspect content quality, not request volume, and cannot prevent a volume-based DoS attack.
Why D is Wrong: A prompt firewall inspects the content of prompts for malicious patterns or policy violations. Like guardrails, it analyzes content rather than controlling request frequency and cannot prevent resource exhaustion from a high-volume brute-force attack.
A short AI-generated video shows a celebrity ' s likeness talking about a fake public security event.
Which of the following was used to create this video?
Statistical analysis
Convolutional neural network
Machine learning (ML) classifier
Random forest
Basic Concept: Creating realistic deepfake videos that convincingly replicate a real person ' s facial expressions, movements, and voice requires deep learning models capable of learning and synthesizing complex spatial and temporal features from existing video data. CompTIA SecAI+ covers deepfake technologies under basic AI concepts.
Why B is Correct: Convolutional Neural Networks are foundational to deepfake video generation. CNNs excel at learning spatial features from visual data and are used within deepfake architectures to analyze source and target faces, extract facial features, and synthesize realistic face swaps or face animations. Modern deepfake systems typically combine CNNs with autoencoders and GANs to generate convincing video content showing a person saying or doing things they never did.
Why A is Wrong: Statistical analysis involves mathematical methods for analyzing data distributions and relationships. It does not have the capability to generate synthetic video content or replicate a person ' s visual likeness in motion.
Why C is Wrong: An ML classifier assigns input data to predefined categories. Classification models detect and label content rather than generating new synthetic video content of a person ' s likeness. They are detection tools, not generation tools.
Why D is Wrong: Random forest is an ensemble ML method using multiple decision trees for classification and regression tasks. It works on structured, tabular data and cannot process or generate visual, spatial data needed for realistic deepfake video synthesis.
Which of the following job roles in an organizational governance structure develops a model from business use cases?
Platform architect
AI risk analyst
Machine learning operations (MLOps) engineer
Data scientist
Basic Concept: In AI governance, each role holds distinct responsibilities. Understanding these roles is core to CompTIA SecAI+ Domain 4 (AI Governance, Risk, and Compliance).
Why D is Correct: The Data Scientist is responsible for translating business use cases into working AI/ML models. They analyze business requirements, identify the appropriate machine learning approach, and develop models that fulfill specific business objectives. According to the CompTIA SecAI+ Study Guide, data scientists bridge raw data and actionable AI solutions by building and validating models derived from business-driven needs.
Why A is Wrong: A Platform Architect designs and manages the infrastructure and technical platforms hosting AI systems. Their focus is architectural design of the environment, not model development from business use cases.
Why B is Wrong: An AI Risk Analyst identifies, evaluates, and mitigates risks associated with AI adoption. Their role is governance and risk-oriented, not model creation.
Why C is Wrong: An MLOps Engineer operationalizes, deploys, monitors, and maintains AI models in production. They take models already built by data scientists and ensure reliable operation at scale, not develop them from business use cases.
An AI security administrator receives an inquiry about an unusually high monthly bill from the AI solution provider. The administrator thinks the majority of staff might be using the most powerful model available.
Which of the following AI measures should the administrator implement to lower costs?
Storage monitoring
Modality types
Prompt firewalls
Token limits
Basic Concept: LLM API billing is primarily based on token consumption. High costs resulting from staff using powerful, verbose models can be controlled by limiting the maximum tokens processed per interaction and restricting which models staff can access. CompTIA SecAI+ Study Guide covers token management as the primary cost control mechanism for AI deployments.
Why D is Correct: Implementing token limits caps the maximum tokens consumed per API call for both input and output. This directly controls the per-interaction cost by preventing excessively long prompts or overly verbose model responses from generating large token bills. Combined with model tier restrictions, token limits ensure that interactions with powerful models remain within budget constraints regardless of how extensively staff use the service.
Why A is Wrong: Storage monitoring tracks the utilization and performance of data storage systems. Storage costs are separate from LLM API token-based billing and monitoring storage does not address the high API charges resulting from excessive model usage by staff.
Why B is Wrong: Modality types refer to the input formats an AI model accepts such as text, images, audio, or video. While different modalities have different pricing, managing modality types is not the direct cost control lever. Token consumption is the primary cost driver for text-based interactions.
Why C is Wrong: Prompt firewalls inspect and filter prompt content for security and policy compliance. While they can block certain types of queries, they are designed for security purposes, not as financial controls to limit token consumption or enforce cost budgets across staff usage.
Which of the following technologies is used in deepfake?
Generative adversarial network (GAN)
Multi-shot prompting
Prompt engineering
Transfer learning
Basic Concept: Deepfakes are AI-generated synthetic media that convincingly replace or manipulate a person ' s likeness, voice, or actions in images and videos. Creating realistic deepfakes requires generative AI techniques capable of learning and reproducing complex data distributions. CompTIA SecAI+ Exam Objectives cover deepfake technology under basic AI concepts.
Why A is Correct: Generative Adversarial Networks (GANs) are the primary technology behind deepfakes. A GAN consists of two competing neural networks: a generator that creates synthetic content and a discriminator that evaluates whether content is real or fake. Through adversarial training, the generator continuously improves at creating convincing synthetic media such as realistic human faces, voice clones, and video manipulations indistinguishable from authentic recordings.
Why B is Wrong: Multi-shot prompting is a prompting technique where multiple examples are provided to an LLM to guide its responses. It is an inference technique for language models and has no role in generating synthetic video or image deepfake content.
Why C is Wrong: Prompt engineering is the practice of crafting effective prompts to guide LLM outputs. It is a communication strategy for working with text-based AI systems, not a technology for generating synthetic media.
Why D is Wrong: Transfer learning is a training technique that repurposes knowledge from one domain to another, improving model performance with limited data. While it can be used in model training pipelines, it is not the core technology that enables deepfake generation.
Which of the following provides guidance on AI-specific compliance?
Organisation for Economic Co-operation and Development (OECD)
International Organization for Standardization (ISO) 27001
Payment Card Industry Data Security Standard (PCI DSS)
General Data Protection Regulation (GDPR)
Basic Concept: Different regulatory and standards bodies address different aspects of technology governance. For AI-specific compliance guidance that addresses the unique characteristics of AI systems including transparency, fairness, accountability, and societal impact, a framework specifically designed for AI is required. CompTIA SecAI+ Study Guide identifies OECD as a key source of AI-specific compliance guidance.
Why A is Correct: The OECD AI Principles and Recommendation on AI provide internationally recognized, AI-specific guidance on compliance with responsible AI values including transparency, accountability, robustness, security, safety, and human-centric values. The OECD has developed a dedicated framework specifically addressing the compliance considerations unique to AI systems across sectors and national boundaries, making it the most AI-specific compliance guidance option listed.
Why B is Wrong: ISO 27001 is a general information security management standard addressing broad organizational security controls. It is not AI-specific and does not address the unique compliance considerations of AI transparency, fairness, or algorithmic accountability.
Why C is Wrong: PCI DSS is a payment card industry security standard focused on protecting payment card data. It has no AI-specific compliance provisions and is limited to financial transaction security requirements.
Why D is Wrong: GDPR is a European data protection regulation focused on personal data privacy rights and obligations. While relevant to AI systems that process personal data, GDPR is a privacy regulation rather than AI-specific compliance guidance addressing the full spectrum of AI governance considerations.
A disgruntled employee changed the company policies that a chatbot references in order to create confusion and disrupt the business.
Which of the following AI-generated vulnerabilities is the employee exploiting?
Data reduction
Data masking
Data poisoning
Data leaking
Basic Concept: AI systems that rely on knowledge bases, vector databases, or reference documents are vulnerable to attacks that corrupt or manipulate that source data. When an adversary deliberately modifies the data an AI uses, this is a form of data poisoning. CompTIA SecAI+ Study Guide covers data poisoning as a core AI vulnerability.
Why C is Correct: Data poisoning is an attack where an adversary intentionally corrupts or manipulates the data that an AI system uses for training, inference, or reference. In this scenario, the employee modified the company policies document that the chatbot uses as its knowledge base, causing the chatbot to provide incorrect, misleading, or confusing information to users. This is a classic indirect data poisoning attack targeting the AI ' s reference data rather than its model weights.
Why A is Wrong: Data reduction refers to techniques that decrease the volume or dimensionality of data for processing efficiency. It is a data engineering concept, not an attack vector or vulnerability classification.
Why B is Wrong: Data masking replaces sensitive data values with anonymized equivalents to protect privacy. It is a data protection control used legitimately, not an attack that an employee would exploit to cause disruption.
Why D is Wrong: Data leaking involves unauthorized disclosure of sensitive information from an AI system or its associated data stores. The employee ' s action of manipulating data is an integrity attack, not a confidentiality violation involving leakage of data to unauthorized parties.
During an update, an AI system flags some potential compatibility issues and provides recommendations. An administrator reviews the recommendations before addressing the issues.
Which of the following processes describes this scenario?
Data validation
Data preparation
Human-in-the-loop
Model evaluation
Basic Concept: Human-in-the-loop is a design pattern where AI systems generate recommendations or decisions but require human review and approval before those recommendations are acted upon. This approach maintains human oversight and accountability in AI-assisted workflows. CompTIA SecAI+ Study Guide covers human-in-the-loop as a key responsible AI principle and operational pattern.
Why C is Correct: The scenario precisely describes the human-in-the-loop pattern: the AI system identifies potential issues and provides recommendations, but an administrator must review those recommendations before any action is taken. This deliberate inclusion of human judgment in the AI ' s decision or recommendation workflow ensures human oversight is maintained, which is the defining characteristic of the human-in-the-loop process.
Why A is Wrong: Data validation verifies that data meets expected quality standards and formats before being used in AI processing. It is a data quality control activity, not a workflow pattern describing human review of AI recommendations.
Why B is Wrong: Data preparation involves transforming raw data into a format suitable for AI model training or inference. It encompasses cleaning, normalizing, and formatting data, not the process of human review of AI-generated recommendations during system updates.
Why D is Wrong: Model evaluation assesses a model ' s performance against metrics such as accuracy, precision, and recall on test datasets. It is a technical assessment of model quality, not a workflow process where humans review AI-generated recommendations before acting on them.
A company introduces a large language model (LLM) in an application in order to monitor for a potential denial-of-service attack.
Which of the following should the company use to measure the utilization of the LLM?
Token
Transformer
Chain of thoughts
Prompt
Basic Concept: LLMs process and generate text as discrete units called tokens, which represent words or word pieces. The number of tokens consumed is the primary metric for LLM resource utilization and billing. Understanding token consumption is essential for both performance monitoring and cost management. CompTIA SecAI+ Study Guide covers token-based measurement under AI system management.
Why A is Correct: Tokens are the fundamental unit of measurement for LLM utilization. Both input tokens sent in prompts and output tokens generated in responses are counted. Token consumption directly correlates with computational resource usage, response time, and API cost. Monitoring token counts enables the company to establish usage baselines and detect the abnormal token consumption spikes associated with DoS attacks or denial-of-wallet attacks against the LLM.
Why B is Wrong: A transformer is the neural network architecture that underlies modern LLMs. It is an architectural description, not a measurable utilization metric. You cannot quantify LLM resource consumption in " transformers. "
Why C is Wrong: Chain of thought is a prompting technique that encourages models to reason step-by-step before providing answers. It is an inference strategy for improving response quality, not a unit of measurement for monitoring LLM utilization or resource consumption.
Why D is Wrong: A prompt is the input text submitted to the LLM. While monitoring prompt volumes provides request count information, tokens provide a more granular and meaningful utilization metric because they capture both the complexity of inputs and the length of generated outputs.
Instructions: Use the drop-down menus to define two appropriate security controls for each component of the AI system. Each control may be used only once.
An engineer is deploying a new AI system and wants to integrate it into the core system through an API.



Basic Concept: This is a Performance-Based Question (PBQ) — a HOTSPOT/simulation item requiring interactive selection in the actual exam. It tests the candidate ' s ability to map appropriate security controls to AI system components such as API gateway, model endpoint, data layer, and authentication layer.
Key Concept — Appropriate Controls by Component: For an API gateway connecting an AI system, typical controls include API key authentication, rate limiting, TLS encryption, and input validation. For the model endpoint, controls include IAM role-based access, audit logging, and guardrails. For data access components, encryption at rest and data masking are appropriate. For the authentication layer, MFA and expiring session tokens are relevant.
Why This Matters: The CompTIA SecAI+ Study Guide emphasizes defense-in-depth for AI system integration, ensuring each architectural layer has dedicated, appropriate security controls. The principle of least privilege should guide access control assignments at each component, while availability controls such as rate limiting protect against abuse.
An employee wants a consulting company to procure a data set that contains age, ethnicity, and diabetes status. During development, the employer wants to ensure the integrity of the data.
Which of the following is the best strategy to accomplish this task?
Implementing checksums
Conducting human evaluation
Querying the model
Enabling log monitoring
Basic Concept: Data integrity ensures that data has not been tampered with, corrupted, or modified during storage or transmission. For AI training data that is procured from external sources, cryptographic integrity verification is essential to confirm the data arrived unmodified. CompTIA SecAI+ Study Guide covers data integrity controls for AI data pipelines.
Why A is Correct: Implementing checksums provides cryptographic verification of data integrity. A checksum or hash value such as SHA-256 is computed from the dataset at the source. The receiver computes the same hash and compares it to the provided value. Any modification to the data during transit or storage will produce a different hash, immediately detecting tampering or corruption. This is the most reliable, automated, and scalable strategy for ensuring the integrity of procured training data.
Why B is Wrong: Human evaluation can verify data quality and relevance but is impractical for verifying integrity across large datasets of medical records. Human reviewers cannot detect subtle bit-level corruption or intentional small modifications, and the process is not scalable.
Why C is Wrong: Querying the model tests model performance rather than verifying the integrity of the underlying training data. The model cannot tell you whether its training data was modified after collection or during procurement.
Why D is Wrong: Log monitoring tracks system activities and events over time. While useful for auditing access to data, it cannot retroactively confirm that data content has not been modified and does not provide cryptographic integrity guarantees.
A security administrator needs to improve an AI model. During an initial investigation, the administrator notices that two successive login failures are recorded every day, and then a successful login occurs after a specific time interval. All the successful login attempts have been during office hours.
Which of the following techniques should the administrator use to improve the AI model ' s security?
Access management
Pattern recognition
Signature matching
Vulnerability analysis
Basic Concept: Pattern recognition is an AI technique that enables a system to identify recurring sequences or structures within data. In cybersecurity, detecting behavioral patterns such as consistent pre-login failure sequences followed by successful access is critical for threat detection. CompTIA SecAI+ Exam Objectives cover this under AI-assisted security.
Why B is Correct: The scenario describes a highly regular, repeating behavioral pattern — two failures followed by success at a specific time interval, consistently during office hours. Pattern recognition enables the AI model to learn this sequence and flag it as indicative of credential stuffing or an automated brute-force attack with timing controls. ML-driven pattern recognition is specifically designed for such behavioral anomaly detection.
Why A is Wrong: Access management controls who can log in and under what conditions. It enforces authorization policies but does not analyze or detect suspicious behavioral sequences in authentication logs.
Why C is Wrong: Signature matching compares known attack signatures against observed data. The described pattern is behavioral and time-based rather than a known malware or exploit signature, making this technique unsuitable.
Why D is Wrong: Vulnerability analysis identifies weaknesses in systems and code. It does not analyze authentication log sequences or detect behavioral patterns in user activity data.
Which of the following controls is the best way to mitigate a denial-of-service (DoS) attack?
Model guardrails
Rate limiting
End-to-end encryption
Access controls
Basic Concept: DoS attacks overwhelm AI systems by sending excessive requests that exhaust computational resources, memory, or bandwidth, preventing legitimate users from being served. The primary defense against volume-based attacks is throttling the rate at which requests can be processed. CompTIA SecAI+ Exam Objectives identify rate limiting as the key DoS mitigation control for AI systems.
Why B is Correct: Rate limiting directly addresses the root mechanism of DoS attacks by restricting the number of requests any single client or IP address can submit within a defined time window. By enforcing request quotas, rate limiting prevents attackers from generating the request volume necessary to overwhelm the system while preserving capacity for legitimate users. It is the most direct and effective preventive control against DoS attacks on AI APIs and services.
Why A is Wrong: Model guardrails inspect and filter the content of prompts and responses for policy compliance and safety. They operate at the semantic content level, not at the request volume level, and cannot prevent resource exhaustion from high-volume request flooding.
Why C is Wrong: End-to-end encryption protects the confidentiality and integrity of data in transit. Encrypted DoS traffic is just as damaging as unencrypted traffic; encryption does not limit request rates or prevent resource exhaustion.
Why D is Wrong: Access controls restrict who can interact with the system, which can reduce the potential attacker pool. However, authenticated users and compromised accounts can still launch DoS attacks, and access controls alone cannot prevent high-volume attacks from authorized sources.
A SOC team has an AI agent that performs web searches and calls to the SOAR solution. The team is concerned about enterprise uptime and case resolution time.
Which of the following is the most appropriate use of the AI agent?
To analyze and contain offending users or hosts using SOAR playbooks
To perform research using open-source intelligence to enrich the alerts
To aggregate SOC metrics and generate reports for the leadership team
To create tabletop exercises so the team can increase its incident response speed
Basic Concept: AI agents in SOC environments can automate repetitive, rules-based response actions that previously required human intervention. When the primary concerns are enterprise uptime and case resolution time, the AI agent ' s ability to autonomously execute containment actions through SOAR is the most impactful application. CompTIA SecAI+ Study Guide covers AI agent use cases in security operations.
Why A is Correct: Using the AI agent to analyze incidents and execute containment actions through SOAR playbooks directly addresses both uptime and resolution time concerns. The agent can immediately analyze alert details, determine the appropriate playbook, and execute containment actions such as isolating compromised hosts or disabling compromised accounts autonomously, without waiting for human intervention. This dramatically reduces mean time to contain threats, improving both uptime and resolution speed.
Why B is Wrong: Enriching alerts with open-source intelligence improves analyst context but is a preparatory step rather than a response action. While valuable, it does not directly reduce resolution time by taking containment actions to stop ongoing threats.
Why C is Wrong: Aggregating metrics and generating leadership reports is an administrative function that consumes agent capacity for non-operational purposes. It improves visibility but does not directly improve uptime or case resolution time for active incidents.
Why D is Wrong: Creating tabletop exercises improves team preparedness over time through training scenarios. While beneficial for long-term capability development, it does not directly address the immediate concerns of enterprise uptime and active case resolution time.
A security operations center (SOC) analyst needs to automate multiple security tasks by breaking them down into smaller parts.
Which of the following AI tools is the best for this task?
Agentic AI
Retrieval-augmented generation (RAG) AI
Generative AI
Chatbot
Basic Concept: Modern security operations require automation of complex, multi-step workflows. Different AI architectures have different capabilities. Understanding which AI type is best suited for task decomposition and autonomous execution is fundamental to AI-assisted security operations. CompTIA SecAI+ covers agentic AI capabilities under AI-assisted security.
Why A is Correct: Agentic AI systems are specifically designed to autonomously plan, decompose complex tasks into subtasks, execute multi-step workflows, use tools and APIs, and adapt their approach based on intermediate results. For a SOC analyst needing to automate multiple security tasks as a series of smaller coordinated steps, agentic AI is the ideal architecture as it can orchestrate an entire workflow including threat hunting, alert investigation, log analysis, and response actions.
Why B is Wrong: RAG AI enhances language model responses by retrieving relevant documents from a knowledge base. While useful for answering questions with current information, it is not designed for autonomous multi-step task execution or workflow automation.
Why C is Wrong: Generative AI creates content based on prompts including text, code, and summaries. While it can assist with individual tasks, it requires continuous human prompting for each step rather than autonomously breaking down and executing complex multi-step security workflows.
Why D is Wrong: A chatbot is a conversational interface designed for question-answering or guided dialogue. It responds reactively to user input rather than proactively planning and executing multi-step automated security workflows.
Which of the following is used to train an AI model with unstructured data?
Statistical learning
Fine-tuning
Supervised learning
Reinforcement training
Basic Concept: Unstructured data such as free-form text, images, and audio does not have predefined labels or rigid schema. Training an AI model effectively on unstructured data requires techniques that can leverage patterns within the data itself or adapt a pre-trained model to new data types. CompTIA SecAI+ covers AI training methodologies under basic AI concepts.
Why B is Correct: Fine-tuning takes a pre-trained foundation model that has already learned rich representations from massive unstructured datasets and further trains it on a specific, potentially smaller unstructured dataset. This adapts the model to a new domain, task, or data type without requiring labeled data for every training example. Fine-tuning is the most practical and effective approach for working with unstructured data in modern AI development.
Why A is Wrong: Statistical learning typically refers to classical machine learning approaches that often assume structured, numerical data with defined features. These methods generally struggle with high-dimensional unstructured data without significant preprocessing.
Why C is Wrong: Supervised learning requires labeled training data where each example has an associated correct output label. Applying supervised learning to unstructured data requires extensive manual labeling, which is the opposite of working with raw unstructured data.
Why D is Wrong: Reinforcement learning trains models through reward signals based on actions taken in an environment. It is designed for sequential decision-making tasks and is not the standard approach for learning representations from unstructured data at scale.
Which of the following is the primary purpose of validating data for an AI system?
To automate the process
To reduce consumption of resources
To optimize the storage databases
To ensure bias-free outcomes
Basic Concept: Data validation is a critical step in the AI development pipeline that involves verifying that the data used for training and inference meets quality standards, is representative, and is free from systematic errors that could introduce bias. The quality of training data directly determines the quality and fairness of model outputs. CompTIA SecAI+ Study Guide covers data validation under AI development and responsible AI principles.
Why D is Correct: The primary purpose of data validation for an AI system is to ensure that the data is accurate, representative, and free from systematic errors that would cause the model to produce biased or discriminatory outcomes. Validating data checks for class imbalance, demographic underrepresentation, labeling errors, and corrupted values that could embed biases into the model. This ensures the AI system produces fair, accurate, and trustworthy outputs across all user groups.
Why A is Wrong: Automating the process is a benefit of using automated data validation tools but is not the primary purpose of validation itself. The automation serves the validation goal rather than being the reason validation is performed.
Why B is Wrong: Reducing resource consumption is an engineering optimization concern. Data validation may reduce resource waste by preventing training on poor-quality data, but this is a secondary benefit, not the primary purpose.
Why C is Wrong: Optimizing storage databases is a database engineering concern about performance and efficiency. Data validation examines data quality and representativeness for AI purposes, not database architecture optimization.
A management team is concerned about an unexpected cost increase for a public-facing AI chatbot.
Which of the following should a security administrator examine first to determine the root cause?
Firewall logs
Web application firewall (WAF) rules
Vector database input/output operations per second performance
Model token usage
Basic Concept: AI chatbot operational costs are primarily driven by token consumption — the number of tokens processed in requests and generated in responses. Unexpected cost increases in LLM-based chatbots almost always trace back to abnormal token usage patterns. CompTIA SecAI+ Study Guide covers AI cost monitoring and token-based billing under securing AI systems.
Why D is Correct: Model token usage logs directly show how many tokens are being consumed per request, by which users or endpoints, and whether usage has increased abnormally. Examining token usage data is the most direct path to identifying the root cause of unexpected cost increases — whether from a denial-of-wallet attack, user abuse, a new feature generating verbose responses, or legitimate organic growth in usage. This is the first and most relevant examination point for LLM cost analysis.
Why A is Wrong: Firewall logs capture network-level traffic information. While they can reveal unusual access patterns or volumes, they do not contain token consumption data that directly explains LLM billing increases.
Why B is Wrong: WAF rules define filtering policies for web traffic. Reviewing rule configurations does not reveal whether token usage has increased or why costs have risen; it shows security policy settings rather than consumption metrics.
Why C is Wrong: Vector database IOPS performance measures how quickly the database processes read and write operations. While relevant to RAG system performance, IOPS metrics do not directly explain LLM API cost increases driven by token consumption.
Users report that the output of a generative AI application seems unrelated to the prompts and contains offensive content. A security team investigates and determines that there was an on-path attack.
Which of the following is the most likely attack method?
Application server hijacking
Session hijacking
Domain hijacking
Model hijacking
Basic Concept: An on-path (formerly man-in-the-middle) attack intercepts communication between two parties, allowing the attacker to read, modify, or inject content. In the context of a generative AI application, an on-path attack on the session between user and AI service can manipulate prompts being sent to the model or responses being returned to users. CompTIA SecAI+ covers AI-specific attack vectors under securing AI systems.
Why B is Correct: Session hijacking involves an attacker taking control of an active user session by capturing or forging session tokens. In this attack, the attacker intercepts the communication channel between users and the AI application, allowing them to modify prompts sent to the model or replace legitimate model responses with offensive content. This explains why outputs seem unrelated to prompts and contain offensive material.
Why A is Wrong: Application server hijacking involves gaining unauthorized control of the server hosting the application. While severe, this would typically manifest as complete service disruption or data exfiltration rather than targeted modification of individual user session content.
Why C is Wrong: Domain hijacking involves unauthorized transfer of a domain name registration, redirecting all users to a different IP address. This would affect all users simultaneously and typically redirect to a completely different site rather than manipulating individual AI responses.
Why D is Wrong: Model hijacking refers to attacks that steal or replicate an AI model, not to intercepting and modifying the communication between users and an existing model during active sessions.
An organization is concerned with the exposure of sensitive data.
Which of the following is the most relevant security concern?
Overfitting
Model inversion
Data normalization
Hyperparameter tuning
Basic Concept: AI models can inadvertently memorize sensitive information from their training data. Certain attack techniques can exploit this memorization to extract private information from a deployed model, even without direct access to the training dataset. CompTIA SecAI+ Study Guide covers model inversion as an AI-specific data exposure attack vector.
Why B is Correct: Model inversion is an attack where an adversary queries a deployed AI model with carefully crafted inputs to reconstruct or infer sensitive training data. For example, an attacker could query a facial recognition model with optimized images to reconstruct faces of individuals from the training set, or query a medical diagnosis model to infer patient records used in training. This directly exposes sensitive data that was supposed to be protected.
Why A is Wrong: Overfitting is a model training quality issue where a model learns training data too specifically and performs poorly on new data. While it can indicate that sensitive data was memorized, overfitting itself is a performance concern rather than directly a data exposure attack vector.
Why C is Wrong: Data normalization is a preprocessing technique that scales numerical features to a common range to improve training performance. It is a data preparation step with no direct relevance to sensitive data exposure or privacy attacks.
Why D is Wrong: Hyperparameter tuning adjusts configuration parameters of a model to optimize its performance during training. It is an optimization technique with no relevance to protecting against sensitive data exposure attacks.
Which of the following is the primary security risk when deploying AI models in production?
Graphics processing unit (GPU) acceleration
Model overfitting
Model encryption
Data exposure
Basic Concept: When AI models are deployed in production, they interact with real data including sensitive business information, personal data, and confidential records. The intersection of AI capabilities and sensitive data creates significant security risks. CompTIA SecAI+ Exam Objectives identify data exposure as the primary production security risk for AI deployments.
Why D is Correct: Data exposure is the primary security risk in production AI deployments. AI models in production process sensitive data through queries and responses, and vulnerabilities such as prompt injection, model inversion attacks, insecure output handling, and misconfigured access controls can expose confidential training data, user PII, proprietary information, or system credentials. The consequences include regulatory violations, legal liability, and reputational damage, making data exposure the most critical ongoing security concern.
Why A is Wrong: GPU acceleration is a performance optimization technique that uses graphics processors for faster AI computation. While hardware security is important, GPU acceleration itself is not a security risk — it is a performance feature that does not inherently expose data.
Why B is Wrong: Model overfitting is a model quality issue where a model performs poorly on new data after memorizing training data too specifically. While it can indirectly contribute to data memorization, it is primarily a performance and generalization concern during development rather than a primary production security risk.
Why C is Wrong: Model encryption is a security control used to protect AI model weights from unauthorized access, not a risk itself. Framing a protection mechanism as a primary risk conflates controls with threats.
A group of security engineers is developing a SIEM system that will be able to ingest data from multiple structured and unstructured sources, have a chatbot integrated with an LLM that the security analyst can interact with, and provide insights from the SIEM alert data.
Which of the following techniques should the security engineers consider before collecting the data from the respective sources?
Balancing
Verification
Cleansing
Vector storage
Basic Concept: Before ingesting data from multiple sources — both structured and unstructured — into an AI-powered SIEM system, the data must be prepared to ensure quality, consistency, and usability. Data from diverse sources often contains noise, errors, duplicates, and formatting inconsistencies that will degrade AI performance if not addressed. CompTIA SecAI+ covers data preparation as a prerequisite for AI system effectiveness.
Why C is Correct: Data cleansing is the process of detecting and correcting or removing corrupt, inaccurate, incomplete, and duplicate data. Before collecting data from multiple structured and unstructured SIEM sources, engineers must cleanse the data to standardize formats, remove duplicates, fill missing values, and eliminate noise. Clean input data is fundamental to producing accurate AI-generated insights and reliable LLM interactions in the SIEM context.
Why A is Wrong: Balancing addresses class distribution imbalance in labeled training data for classification models. While relevant when training ML detection models, it is not the primary consideration before initial data collection from diverse SIEM sources.
Why B is Wrong: Verification confirms that data meets expected quality standards and validates its accuracy against trusted sources. It is a post-collection quality check performed after cleansing, not the first step before data collection.
Why D is Wrong: Vector storage refers to databases that store embeddings for semantic search, relevant for RAG systems. It is a storage architecture decision made after data is collected, processed, and prepared, not a pre-collection technique.
An architect is using the firm ' s recommended large language model (LLM) to find an internal solution for content management.
Given the following:

Which of the following controls is the best for mitigating this issue?
Model training
Response validation
Access controls
Integrity monitoring
Basic Concept: LLM hallucinations occur when the model generates plausible-sounding but factually incorrect or fabricated information. For internal content management solutions where accuracy is critical, detecting and handling hallucinated responses before they are acted upon is essential. CompTIA SecAI+ Study Guide covers response validation as a mitigation for hallucination risks.
Why B is Correct: Response validation implements checks that verify the accuracy and relevance of LLM-generated responses before they are presented to users or acted upon. This can involve cross-referencing responses against authoritative internal data sources, using a secondary model to evaluate response accuracy, or implementing confidence scoring that flags low-confidence responses for human review. Response validation directly addresses the hallucination problem by catching inaccurate responses before they cause harm.
Why A is Wrong: Model training addresses hallucinations at the model level by providing more accurate training data or fine-tuning. While effective long-term, it requires significant time and resources and does not provide immediate protection against hallucinations in the currently deployed model.
Why C is Wrong: Access controls manage who can query the LLM and what resources they can access. They do not inspect or validate the accuracy of the model ' s responses, so they cannot mitigate hallucination risks.
Why D is Wrong: Integrity monitoring tracks whether data or systems have been tampered with or changed unexpectedly. It is relevant for detecting unauthorized modifications but does not validate whether LLM-generated content accurately reflects reality or internal authoritative data.
Which of the following ensures the integrity of data usage in an AI system?
Data masking
Data cleansing
Data verification
Data lineage
Basic Concept: Data integrity in AI systems requires not only that data is accurate at a point in time, but that its entire history of transformation and usage can be traced and verified. Tracking how data has been used and transformed throughout the AI system lifecycle provides ongoing integrity assurance. CompTIA SecAI+ Study Guide covers data governance controls including lineage for AI integrity.
Why D is Correct: Data lineage tracks and documents the complete journey of data from its origin through every transformation, processing step, and use within an AI system. By recording what happened to the data, when, by whom, and through which processes, data lineage provides the audit trail needed to ensure data integrity throughout the AI system ' s data usage lifecycle. It enables verification that data has been used as intended and has not been improperly modified at any stage.
Why A is Wrong: Data masking replaces sensitive data values with anonymized equivalents to protect privacy. It is a confidentiality control that modifies data values rather than a mechanism for ensuring or tracking data integrity across the system.
Why B is Wrong: Data cleansing removes or corrects errors, inconsistencies, and noise in datasets to improve data quality. It is a data preparation activity that improves data accuracy at a point in time but does not track data usage or provide ongoing integrity assurance throughout the AI system lifecycle.
Why C is Wrong: Data verification confirms that data meets expected quality standards and validates its accuracy at a specific check point. While important for quality assurance, it provides a point-in-time check rather than continuous tracking of data usage and transformations as data lineage does.
A security operations center (SOC) has a very high volume of logs and alerts. The manager proposes the implementation of a machine learning (ML) system to help with triage.
Which of the following tasks is most suitable?
Applying filters on specific alerts
Automatically patching vulnerable systems
Identifying and classifying alerts
Summarizing the content of alerts
Basic Concept: ML models excel at classification tasks, learning to assign incoming data points to predefined categories based on patterns in training data. In a SOC context, alert classification is the highest-value triage function ML can perform. CompTIA SecAI+ Exam Objectives address AI-assisted security operations under Domain 3.
Why C is Correct: ML-based alert classification automatically analyzes characteristics of each alert and assigns it to a severity category such as critical, high, medium, or low, or to a threat type such as malware or intrusion attempt. This dramatically reduces analyst workload and speeds triage by prioritizing which alerts demand immediate human attention, directly solving the high-volume problem.
Why A is Wrong: Applying filters on specific alerts is a rule-based operation achievable without ML using simple log management tools. It requires no learning capability and does not adapt to new or evolving threats.
Why B is Wrong: Automatically patching systems is a remediation action requiring validated, controlled processes. Having an ML system autonomously patch production systems without human oversight poses unacceptable operational and security risk.
Why D is Wrong: Summarizing alert content is a useful generative AI function but does not provide prioritization value for triage. Classification tells analysts what to act on first; summarization only rephrases existing information.
A healthcare organization plans to deploy a chatbot for appointment scheduling and patient records.
Which of the following is the first step a security administrator should take?
Implement prompt firewalls.
Enable role-based access management
Conduct a risk assessment.
Use a secure data communication channel for chat.
Basic Concept: Before implementing any security controls for an AI system, especially in a highly regulated sector such as healthcare, a risk assessment must first be conducted to understand the specific threats, vulnerabilities, regulatory obligations, and compliance requirements. CompTIA SecAI+ Study Guide emphasizes risk assessment as the foundational first step in any AI security program.
Why C is Correct: A risk assessment identifies what assets need protection, what threats exist, what regulations apply such as HIPAA for healthcare AI, and what the potential impact of various failure modes would be. In healthcare, this is especially critical given the sensitivity of patient records and strict regulatory requirements. The risk assessment results then inform and prioritize all subsequent security control implementations.
Why A is Wrong: Implementing prompt firewalls is a technical security control appropriate after risks have been identified and prioritized. Deploying controls before conducting a risk assessment may address the wrong threats or miss critical vulnerabilities.
Why B is Wrong: Role-based access management is a security control that should be designed based on identified roles and access requirements discovered during risk assessment. It is an implementation step, not the first step.
Why D is Wrong: Using a secure communication channel is a specific technical control for data in transit. While important, it addresses only one specific risk and should be implemented as part of a comprehensive security strategy informed by a prior risk assessment.
An organization is developing and implementing AI features into a customer service application.
Which of the following practices should the organization put in place before releasing the application for customer trials?
Data masking and sanitization
External compliance audits
Approved AI vendor lists
Third-party risk management
Basic Concept: Before deploying AI applications that handle customer data in trials, protecting sensitive information through data masking and sanitization is essential. CompTIA SecAI+ Study Guide emphasizes pre-deployment data security controls as a critical step in the AI development lifecycle.
Why A is Correct: Data masking replaces sensitive real customer data with realistic but fictitious equivalents, while sanitization removes harmful or unwanted data elements. Before customer trials, these techniques prevent exposure of real PII or sensitive information, ensure the trial environment cannot leak production data, and protect the organization from privacy regulation violations. This is the most immediately actionable pre-trial security control.
Why B is Wrong: External compliance audits are formal processes typically conducted post-deployment or at planned intervals to verify regulatory compliance. They are not pre-trial security implementations and cannot prevent data exposure in a trial environment.
Why C is Wrong: Approved AI vendor lists are governance artifacts that manage vendor selection risk at the procurement stage. They do not directly protect customer data within an application being prepared for trials.
Why D is Wrong: Third-party risk management addresses risks from external vendors and partners at a strategic level. While important for overall governance, it does not constitute a direct data security control for a pre-trial release.
An architect is creating a threat model for an agentic system.
Which of the following should the architect do first?
Apply compensating controls based on exposure findings.
Identify the trust boundary between the components.
Calculate the risk to resources based on data sensitivity.
Scan for vulnerabilities from the Open Worldwide Application Security Project (OWASP) Top 10.
Basic Concept: Threat modeling for any system, and especially for agentic AI systems with multiple interacting components, begins with understanding the system ' s architecture and where trust boundaries exist. Trust boundaries define where data and control flows cross between components with different trust levels, representing potential attack surfaces. CompTIA SecAI+ Study Guide aligns with STRIDE and MITRE ATLAS threat modeling methodologies.
Why B is Correct: Identifying trust boundaries between components is the foundational first step in threat modeling. Agentic systems often involve multiple components such as the orchestrator, tools, APIs, data sources, and external services with different trust levels. Understanding where these boundaries exist reveals where untrusted inputs cross into trusted components, enabling the architect to systematically identify threats at each boundary before proceeding to risk quantification and control application.
Why A is Wrong: Applying compensating controls based on exposure findings is the final step in threat modeling, occurring after threats have been identified and risks quantified. Controls cannot be appropriately designed without first understanding the system ' s trust boundaries and threat landscape.
Why C is Wrong: Calculating risk to resources based on data sensitivity is a risk assessment step that occurs after trust boundaries are mapped and potential threats are identified. Risk quantification requires knowing what threats exist at each boundary first.
Why D is Wrong: Scanning for OWASP Top 10 vulnerabilities is a technical vulnerability assessment activity. While valuable, it comes after the architectural analysis of trust boundaries and threat identification phases of threat modeling.
TESTED 10 Jul 2026
