CompTIA CY0-001 시험

Question No : 1

Which of the following is the most impactful security risk associated with the use of a generative AI chatbot?

• A.Overly permissive access
• B.Data leakage
• C.Weak encryption
• D.Model validation

답을 확인하기

정답:

Question No : 2

A security architect performs threat modeling of an AI system. The architect needs to determine which attacks can be performed against the system.
Which of the following actions should the architect take next?

• A.Leverage a large language model (LLM) to map likely attack paths based on the code base.
• B.Quantify the risk of known vulnerabilities identified in the AI system.
• C.Identify trust boundaries and perform threat modeling with Open Worldwide Application Security Project (OWASP) Top 10.
• D.Analyze MITRE Adversarial Threat Landscape for AI Systems (ATLAS) for tactics, techniques, and procedures (TTPs).

답을 확인하기

정답:

Question No : 3

Which of the following is used to train an AI model with unstructured data?

• A.Statistical learning
• B.Fine-tuning
• C.Supervised learning
• D.Reinforcement training

답을 확인하기

정답:

Question No : 4

Users report that the output of a generative AI application seems unrelated to the prompts and contains offensive content. A security team investigates and determines that there was an on-path attack.
Which of the following is the most likely attack method?

• A.Application server hijacking
• B.Session hijacking
• C.Domain hijacking
• D.Model hijacking

답을 확인하기

정답:

Question No : 5

Which of the following improves the observability and auditing of an AI system?

• A.Redeploying the model
• B.Using manual detection
• C.Implementing machine learning operations (MLOps)
• D.Using anomaly detections

답을 확인하기

정답:

Question No : 6

Which of the following helps in managing potential security issues related to model training?

• A.National Institute of Standards and Technology (NIST) AI Risk Management Framework (RMF)
• B.International Organization for Standardization (ISO) 27001
• C.Organization for Economic Co-operation and Development (OECD)
• D.General Data Protection Regulation (GDPR)

답을 확인하기

정답:

Question No : 7

A healthcare organization plans to deploy a chatbot for appointment scheduling and patient records.
Which of the following is the first step a security administrator should take?

• A.Implement prompt firewalls.
• B.Enable role-based access management
• C.Conduct a risk assessment.
• D.Use a secure data communication channel for chat.

답을 확인하기

정답:

Question No : 8

During the selection of a machine learning (ML)-based threat classification model, a cybersecurity administrator verifies that label distribution is highly unbalanced.
Which of the following processing techniques should the engineer use to balance the model?

• A.Data lineage
• B.Data augmentation
• C.Data provenance
• D.Data verification

답을 확인하기

정답:

Question No : 9

Which of the following technologies is used in deepfake?

• A.Generative adversarial network (GAN)
• B.Multi-shot prompting
• C.Prompt engineering
• D.Transfer learning

답을 확인하기

정답:

Question No : 10

A financial organization implements a new AI-based fraud detection system to flag suspicious transactions. A security analyst discovers that it occasionally blocks legitimate transactions.
Which of the following is the best recommendation?

• A.Retaining the model with more data and recent transaction patterns
• B.Implementing AI token usage and rate limits
• C.Encrypting all the data processed by AI and applying further access controls
• D.Rolling back the model and using a traditional fraud detection system

답을 확인하기

정답:

Question No : 11

A security analyst finds that the AI system is under a denial-of-wallet attack.
Which of the following should the analyst enforce to protect the company? (Choose two.)

• A.Endpoint access controls
• B.Content delivery network (CDN)
• C.Model fine-tuning
• D.Modality controls
• E.Application programming interface (API) rate controls
• F.Output token controls

답을 확인하기

정답:

Question No : 12

A line of business wants to onboard an application that uses a custom AI model for employee assessments. The Chief Information Officer (CIO) agrees to allow the engagement to proceed but first wants a threat model.
Which of the following is the most appropriate to use for an AI threat model?

• A.Responsible AI
• B.Adversarial Threat Landscape for AI Systems (ATLAS)
• C.Organization for Economic Co-operation and Development (OECD)
• D.International Organization for Standardization (ISO)

답을 확인하기

정답:

Question No : 13

A human resources officer is using AI to evaluate resumes and help select candidates that meet minimum criteria. To improve the results, the human resources officer adjusts the query parameters and includes an example resume that matches a successful candidate.
Which if the following best describes this query?

• A.Distillation
• B.Prompt template
• C.One-shot prompting
• D.System role

답을 확인하기

정답:

Question No : 14

An AI architect reviews AI utilization and wants to improve the user experience.
Which of the following should the architect review within the logs?

• A.Rate monitoring
• B.Model accuracy
• C.Access controls
• D.Data storage

답을 확인하기

정답:

Question No : 15

An attacker successfully completes a denial-of-service (DoS) attack through the context window of an AI system. Thousands of characters are obfuscated and hidden behind an emoji.
Which of the following techniques best mitigates this type of attack?

• A.Fraud detection
• B.Large language model (LLM)-as-a-judge
• C.Pattern recognition
• D.Prompt filter

답을 확인하기

정답: