CompTIA SecAI+ Beta v1.0
Question 1
A security operations center (SOC) analyst needs to automate multiple security tasks by breaking them down into smaller parts. Which of the following AI tools is the best for this task?
- A. Agentic AI
- B. Retrieval-augmented generation (RAG) AI
- C. Generative AI
- D. Chatbot
Answer : A
Question 2
Which of the following responsible AI standards refers to a principle that clearly states the reasons behind the decisions for a particular conclusion?
- A. Accountability
- B. Auditability
- C. Transparency
- D. Explainability
Answer : D
Question 3
A detection engineering team wants to use AI to automatically prevent vulnerable code from reaching production. Which of the following is the most effective way to accomplish this task?
- A. Deploying an integrated development environment (IDE) plug-in that will warn developers of dangerous code before compiling
- B. Using a security orchestration, automation, and response (SOAR) with a machine learning (ML) model to classify code
- C. Implementing a large language model (LLM) in the continuous integration and continuous deployment (CI/CD) runner to examine code and pass or fail build jobs
- D. Developing an agentic penetration testing tool to validate potential vulnerable code
Answer : C
Question 4
A penetration tester is assessing the controls of a deployed AI system that is designed to search and return the contents of files. The tester runs the following:
Which of the following is the best control to prevent abuse of the system?
- A. Implementing custom detection rules for anomalous model behavior
- B. Segmenting the workload into a separate virtual private cloud (VPC)
- C. Adding a large language model (LLM) guardrails library to the application code
- D. Reducing the privilege scope of the service account
Answer : D
Question 5
A customer-facing, AI-powered chatbot has been jailbroken through prompt injections. As a result, the AI model is offering a 99% discount on the purchase of a new vehicle. Which of the following should be implemented to enhance the model’s robustness against such attacks?
- A. Bias filtering
- B. System prompt
- C. Log monitoring
- D. Guardrails
Answer : D
Question 6
User experience is declining since the launch of a large language model (LLM) in internal networks. Which of the following should be the highest priority for the prompt engineers?
- A. Customer success management
- B. Sales life cycle
- C. Quality control
- D. Business objectives
Answer : C
Question 7
A data set containing medical information is put into a machine learning (ML) model that is designed to predict specific illnesses for a population. In the process of verifying the reliability of the system, the compliance officer realizes that the system cannot reliably predict illnesses for certain segments of the population. Which of the following types of risk is most applicable to this case?
- A. Bias
- B. Consistency
- C. Transparency
- D. Inclusiveness
Answer : A
Question 8
An organization is concerned with the exposure of sensitive data. Which of the following is the most relevant security concern?
- A. Overfitting
- B. Model inversion
- C. Data normalization
- D. Hyperparameter tuning
Answer : B
Question 9
Faculty members at a university are concerned about potential inherent bias and inconsistency in one department’s AI plagiarism detection service.
Which of the following principles will most likely to address their concerns?
- A. Transparency
- B. Explainability
- C. Consistency
- D. Accountability
Answer : C
Question 10
A security administrator must provide access controls for AI systems to list tables. Which of the following should the administrator implement?
- A. Agentic AI access
- B. Network access control list (NACL)
- C. Model access
- D. Data access
Answer : D
Question 11
A machine learning (ML) engineer is working with a security engineer to identify the best practices for securing a system with various AI models.
Which of the following actions should the engineers suggest?
- A. Conducting guardrail testing and security validation
- B. Following a secure model development life cycle (MDLC)
- C. Implementing comprehensive security architecture
- D. Using a secure software development life cycle (SDLC)
Answer : B
Question 12
Which of the following is an example of how a security analyst uses generative AI in the triage process?
- A. To predict the next attack target with higher accuracy
- B. To use statistical analysis for malicious code assessment
- C. To summarize security findings by category
- D. To tag malware using machine learning (ML) algorithms
Answer : C
Question 13
A company develops an AI model to diagnose patients. Hospitals access the model through an integrated application programming interface (API). The security team performs a denial-of-service (DoS) attack via brute force on the model. Which of the following controls would have prevented this issue?
- A. Tokenization
- B. Model guardrails
- C. Rate limiting
- D. Prompt firewall
Answer : C
Question 14
A security team is using an AI-based tool to try to bypass organizational boundaries. The team uses AI to look at the current state and suggest different attack vectors based on the outcome of the previous ones. Which of the following techniques is the team most likely using?
- A. Manual signature matching
- B. Code quality testing
- C. Fraud detection
- D. Automated penetration testing
Answer : D
Question 15
Which of the following attacks would be the best to automate with AI during dynamic application software testing (DAST)?
- A. Distributed denial-of-service (DDoS)
- B. Data poisoning
- C. Payload creation
- D. Threat modeling
Answer : C