Get All CompTIA SecAI+ v1 Exam Questions with Validated Answers
| Vendor: | CompTIA |
|---|---|
| Exam Code: | CY0-001 |
| Exam Name: | CompTIA SecAI+ v1 Exam |
| Exam Questions: | 126 |
| Last Updated: | June 10, 2026 |
| Related Certifications: | CompTIA SecAI+ |
| Exam Tags: |
Looking for a hassle-free way to pass the CompTIA SecAI+ v1 Exam? DumpsProvider provides the most reliable Dumps Questions and Answers, designed by CompTIA certified experts to help you succeed in record time. Available in both PDF and Online Practice Test formats, our study materials cover every major exam topic, making it possible for you to pass potentially within just one day!
DumpsProvider is a leading provider of high-quality exam dumps, trusted by professionals worldwide. Our CompTIA CY0-001 exam questions give you the knowledge and confidence needed to succeed on the first attempt.
Train with our CompTIA CY0-001 exam practice tests, which simulate the actual exam environment. This real-test experience helps you get familiar with the format and timing of the exam, ensuring you're 100% prepared for exam day.
Your success is our commitment! That's why DumpsProvider offers a 100% money-back guarantee. If you don’t pass the CompTIA CY0-001 exam, we’ll refund your payment within 24 hours no questions asked.
Don’t waste time with unreliable exam prep resources. Get started with DumpsProvider’s CompTIA CY0-001 exam dumps today and achieve your certification effortlessly!
Which of the following job roles in an organizational governance structure develops a model from business use cases?
Basic Concept: In AI governance, each role holds distinct responsibilities. Understanding these roles is core to CompTIA SecAI+ Domain 4 (AI Governance, Risk, and Compliance).
Why D is Correct: The Data Scientist is responsible for translating business use cases into working AI/ML models. They analyze business requirements, identify the appropriate machine learning approach, and develop models that fulfill specific business objectives. According to the CompTIA SecAI+ Study Guide, data scientists bridge raw data and actionable AI solutions by building and validating models derived from business-driven needs.
Why A is Wrong: A Platform Architect designs and manages the infrastructure and technical platforms hosting AI systems. Their focus is architectural design of the environment, not model development from business use cases.
Why B is Wrong: An AI Risk Analyst identifies, evaluates, and mitigates risks associated with AI adoption. Their role is governance and risk-oriented, not model creation.
Why C is Wrong: An MLOps Engineer operationalizes, deploys, monitors, and maintains AI models in production. They take models already built by data scientists and ensure reliable operation at scale, not develop them from business use cases.
Which of the following should an auditor reference when reviewing a company's human resources AI systems for legal non-compliance?
Basic Concept: Various regulatory frameworks govern AI use in different contexts. For auditing legal compliance in high-risk AI applications such as employment and HR, binding regulatory legislation takes precedence over voluntary standards. CompTIA SecAI+ Exam Objectives cover AI governance and compliance frameworks under Domain 4.
Why C is Correct: The EU AI Act is the world's first comprehensive, legally binding AI regulation. It explicitly classifies AI systems used in employment, worker management, and recruitment as high-risk AI systems, subjecting them to strict compliance requirements including conformity assessments, transparency obligations, and human oversight mandates. An auditor reviewing HR AI for legal non-compliance must reference this binding legislation.
Why A is Wrong: The OECD AI Principles are non-binding international guidelines promoting responsible AI. They offer policy guidance but carry no legal enforcement power for compliance auditing.
Why B is Wrong: The NIST AI RMF is a voluntary, risk management-focused framework. It is not a legal compliance standard and cannot be used to assess legal non-compliance.
Why D is Wrong: ISO standards such as ISO 42001 are voluntary international best practice standards. They are not legal compliance instruments with enforceable penalties for HR AI systems.
A human resources officer is using AI to evaluate resumes and help select candidates that meet minimum criteri
a. To improve the results, the human resources officer adjusts the query parameters and includes an example resume that matches a successful candidate.
Which of the following best describes this query?
Basic Concept: Prompting techniques determine how effectively an LLM is guided to produce desired outputs. Providing a single example within a prompt is a well-established technique known as one-shot prompting, which leverages in-context learning. CompTIA SecAI+ Study Guide covers prompting strategies under basic AI concepts.
Why C is Correct: One-shot prompting involves providing exactly one example of the desired input-output format within the prompt to guide the model's responses. In this scenario, the HR officer includes one example resume matching a successful candidate to show the model what a qualifying candidate looks like. This single example instructs the model on the evaluation criteria through demonstration rather than explicit description.
Why A is Wrong: Distillation is a model training technique where a smaller student model is trained to replicate the behavior of a larger teacher model. It is a model compression methodology, not a prompting technique used at query time.
Why B is Wrong: A prompt template is a reusable, structured format for prompts with placeholders that can be filled in for different queries. While templates may incorporate examples, the term specifically describes the structural framework, not the act of providing a single example.
Why D is Wrong: A system role defines the AI model's persona, context, and behavioral guidelines at the system level before user interaction begins. It sets the model's overall behavior, not a specific technique of providing examples within queries.
A security analyst reviews a recently released chatbot's log and discovers that outputs sometimes include personally identifiable information (PII) from other chatbot users.
Which of the following corrective actions should the security analyst take first to resolve this issue?
Basic Concept: When a chatbot leaks PII from one user's conversation into another user's responses, the root cause is cross-user memory contamination --- the chatbot is retaining and sharing conversation context across user sessions. Disabling the memory feature stops the active data leakage immediately. CompTIA SecAI+ Study Guide covers session memory management as a privacy control for AI chatbots.
Why B is Correct: Disabling memory from chat history for all users immediately stops the mechanism causing PII leakage between users. If the chatbot retains no cross-session memory, it cannot include information from one user's conversation in another user's response. This is the most direct, immediate corrective action that eliminates the root cause of the privacy violation without requiring additional user behavior changes or service disruption.
Why A is Wrong: Taking the chatbot offline and restoring from backup is a drastic action appropriate when the issue requires investigating a potential compromise or data breach. For a configuration issue such as cross-user memory sharing, disabling the memory feature is a more targeted and proportionate first response that addresses the root cause directly.
Why C is Wrong: Asking users to refrain from using PII relies on voluntary user behavior change and does not address the technical root cause. Users may not comply, and even if they do, previously stored PII in memory would continue to leak. This is an ineffective first corrective action.
Why D is Wrong: Requiring users to label sensitivity does not stop the chatbot from storing and sharing PII that has already been submitted. Labels inform the system about data sensitivity but do not prevent the memory mechanism from sharing labeled sensitive data across user sessions.
An airline corporation wants to implement a chatbot application using a large language model (LLM) so its customers can ask questions and receive answers about flight details and have the option to upload files.
Which of the following security controls should the airline use to protect against malicious input and unauthorized use beyond the service-level agreement? (Choose two.)
Basic Concept: LLM-based chatbots accepting user-uploaded files face two critical risk categories: malicious input injection and resource or cost abuse. CompTIA SecAI+ Study Guide highlights prompt security controls and resource management as key defensive layers for public-facing LLM applications.
Why A is Correct: Prompt guardrails intercept and filter user inputs and model outputs, blocking malicious prompts, prompt injection attempts, and harmful file content before affecting model behavior. Since users can upload files, guardrails are essential for sanitizing and validating that content before processing.
Why D is Correct: Model token quotas directly limit how much of the LLM's processing capacity a user can consume. This prevents abuse beyond the SLA, including denial-of-wallet attacks or resource exhaustion through excessively large inputs or repeated requests.
Why B is Wrong: Role-based access controls manage who can access what resources. While useful for internal systems, they do not address malicious input content or enforce LLM resource consumption limits for a public-facing chatbot.
Why C is Wrong: Firewall rules operate at the network layer and can block unauthorized IPs or ports but cannot inspect or filter the semantic content of prompts or control token-level LLM usage.
Security & Privacy
Satisfied Customers
Committed Service
Money Back Guranteed