- 126 Actual Exam Questions
- Compatible with all Devices
- Printable Format
- No Download Limits
- 90 Days Free Updates
Get All CompTIA SecAI+ v1 Exam Questions with Validated Answers
| Vendor: | CompTIA |
|---|---|
| Exam Code: | CY0-001 |
| Exam Name: | CompTIA SecAI+ v1 Exam |
| Exam Questions: | 126 |
| Last Updated: | July 16, 2026 |
| Related Certifications: | CompTIA SecAI+ |
| Exam Tags: |
Looking for a hassle-free way to pass the CompTIA SecAI+ v1 Exam? DumpsProvider provides the most reliable Dumps Questions and Answers, designed by CompTIA certified experts to help you succeed in record time. Available in both PDF and Online Practice Test formats, our study materials cover every major exam topic, making it possible for you to pass potentially within just one day!
DumpsProvider is a leading provider of high-quality exam dumps, trusted by professionals worldwide. Our CompTIA CY0-001 exam questions give you the knowledge and confidence needed to succeed on the first attempt.
Train with our CompTIA CY0-001 exam practice tests, which simulate the actual exam environment. This real-test experience helps you get familiar with the format and timing of the exam, ensuring you're 100% prepared for exam day.
Your success is our commitment! That's why DumpsProvider offers a 100% money-back guarantee. If you don’t pass the CompTIA CY0-001 exam, we’ll refund your payment within 24 hours no questions asked.
Don’t waste time with unreliable exam prep resources. Get started with DumpsProvider’s CompTIA CY0-001 exam dumps today and achieve your certification effortlessly!
A customer-facing, AI-powered chatbot has been jailbroken through prompt injections. As a result, the AI model is offering a 99% discount on the purchase of a new vehicle.
Which of the following should be implemented to enhance the model's robustness against such attacks?
Basic Concept: Jailbreaking through prompt injection exploits the LLM's tendency to follow instructions embedded in user input, overriding its intended behavior. The model was manipulated to offer unauthorized discounts, demonstrating that its operational boundaries were not properly enforced. CompTIA SecAI+ Study Guide identifies guardrails as the primary defense against jailbreaking attacks.
Why D is Correct: Guardrails are robust, layered controls that enforce behavioral boundaries on LLM inputs and outputs. They can detect and block jailbreaking attempts, enforce business logic constraints such as preventing unauthorized discounts, validate outputs against policy rules before delivery, and prevent the model from operating outside its defined scope. Guardrails are specifically designed to make models more robust against prompt injection and jailbreaking.
Why A is Wrong: Bias filtering is designed to detect and remove biased, discriminatory, or offensive content from model outputs. It addresses content fairness issues but does not prevent jailbreaking attacks that manipulate the model into performing unauthorized actions.
Why B is Wrong: A system prompt sets the model's base instructions and persona, but the jailbreak attack already demonstrates that the current prompt can be overridden. Guardrails provide enforcement at a layer that is more resistant to prompt manipulation than the system prompt alone.
Why C is Wrong: Log monitoring detects jailbreaking attempts after they have already succeeded. It is a detective control that enables incident response but does not prevent the model from offering unauthorized discounts in the first place.
A recent release of an AI software update exposes confidential customer information due to storage misconfiguration.
Which of the following data security controls will help maintain confidentiality despite the data leak?
Basic Concept: When a storage misconfiguration leads to data exposure, the question is which encryption type would have protected the confidentiality of data stored in that misconfigured storage. The three states of data --- at rest, in transit, and in use --- each require different encryption mechanisms. CompTIA SecAI+ Study Guide covers encryption states and their applicability to AI data protection.
Why D is Correct: Encryption at rest protects data stored in databases, file systems, and storage media by encrypting it so that even if unauthorized parties gain access to the storage through a misconfiguration, the data remains unreadable without the decryption key. Since the exposure resulted from a storage misconfiguration that allowed access to stored data, encryption at rest would have maintained confidentiality of the customer information despite the misconfiguration granting storage access.
Why A is Wrong: Model encryption specifically protects AI model weights and parameters from unauthorized access. It does not protect customer data stored in databases or data stores associated with the AI system.
Why B is Wrong: Encryption in transit protects data moving between components over networks. It does not protect data stored at rest in misconfigured storage that is accessed directly rather than over a network connection.
Why C is Wrong: Encryption in use (homomorphic encryption or confidential computing) protects data while it is being actively processed in memory. It addresses runtime processing security, not the confidentiality of data stored in misconfigured storage that is not currently being processed.
Which of the following requires developers to harden infrastructure to protect AI systems?
Basic Concept: Infrastructure hardening for AI systems involves applying security baseline settings and eliminating unnecessary attack surfaces. CompTIA SecAI+ Exam Objectives identify configuration standards as the specific governance instrument that mandates infrastructure hardening requirements for AI deployments.
Why D is Correct: Configuration standards are formal, technical documents specifying exact security settings, baseline configurations, and hardening requirements that developers and administrators must implement to protect systems including AI infrastructure. They establish enforceable rules such as disabling unnecessary services, applying least-privilege access, and enforcing secure communication protocols specifically for AI systems.
Why A is Wrong: Intake processes govern how new projects, systems, or requests are evaluated and onboarded into an organization. They are procedural checkpoints for initial assessment, not technical hardening directives for developers.
Why B is Wrong: Acceptable use policies define appropriate ways employees and users may use organizational systems and AI tools. They are behavioral guidelines aimed at end users, not technical requirements instructing developers to secure infrastructure.
Why C is Wrong: Development guidelines provide best practices and recommendations for software development and may include security considerations. However, they are advisory in nature and broader in scope than the specific mandatory infrastructure-hardening requirements found in configuration standards.
An organization wants to reduce vulnerabilities after deployment. The organization decides to incorporate an AI-assisted early detection and vulnerability identification process in its development workflow.
Which of the following AI-assisted functions is the best option?
Basic Concept: Reducing post-deployment vulnerabilities requires catching security issues as early as possible in the development workflow. AI-assisted tools that analyze code during development provide the earliest possible intervention point. CompTIA SecAI+ Study Guide covers AI integration in secure development under AI-assisted security.
Why A is Correct: AI-assisted code linting analyzes source code in real time during development to identify security vulnerabilities, insecure coding patterns, policy violations, and quality issues before code is compiled or committed. By catching vulnerabilities at the coding stage --- the earliest possible point in the development workflow --- AI code linting prevents vulnerable code from progressing to testing, staging, or production, directly reducing post-deployment vulnerabilities at their source.
Why B is Wrong: Incident management handles security events and incidents after they have occurred in production. It is a reactive capability focused on response and recovery rather than early-stage vulnerability identification in the development workflow.
Why C is Wrong: Automated deployment/rollback automates the process of pushing code to production and reverting to previous versions when issues are detected post-deployment. It is a deployment safety mechanism rather than an early detection tool during the development phase.
Why D is Wrong: System auditing reviews and records system activities and configurations for compliance verification. It is primarily a detective and compliance control for systems that are already deployed, not an early development-phase vulnerability identification tool.
Users report that the output of a generative AI application seems unrelated to the prompts and contains offensive content. A security team investigates and determines that there was an on-path attack.
Which of the following is the most likely attack method?
Basic Concept: An on-path (formerly man-in-the-middle) attack intercepts communication between two parties, allowing the attacker to read, modify, or inject content. In the context of a generative AI application, an on-path attack on the session between user and AI service can manipulate prompts being sent to the model or responses being returned to users. CompTIA SecAI+ covers AI-specific attack vectors under securing AI systems.
Why B is Correct: Session hijacking involves an attacker taking control of an active user session by capturing or forging session tokens. In this attack, the attacker intercepts the communication channel between users and the AI application, allowing them to modify prompts sent to the model or replace legitimate model responses with offensive content. This explains why outputs seem unrelated to prompts and contain offensive material.
Why A is Wrong: Application server hijacking involves gaining unauthorized control of the server hosting the application. While severe, this would typically manifest as complete service disruption or data exfiltration rather than targeted modification of individual user session content.
Why C is Wrong: Domain hijacking involves unauthorized transfer of a domain name registration, redirecting all users to a different IP address. This would affect all users simultaneously and typically redirect to a completely different site rather than manipulating individual AI responses.
Why D is Wrong: Model hijacking refers to attacks that steal or replicate an AI model, not to intercepting and modifying the communication between users and an existing model during active sessions.
Security & Privacy
Satisfied Customers
Committed Service
Money Back Guranteed