最新的CompTIA SecAI+ Certification - CY0-001免費考試真題

An organization develops a chatbot that does not provide harmful or explicit responses, must use clean and professional language, and ensures that responses are accurate.
Which of the following should the organization conduct after the chatbot is fully developed but before a customer-facing deployment?

正確答案: A
說明:(僅 Fast2test 成員可見)
A data scientist investigates reports that a production machine learning (ML) model no longer performs with accuracy.
The data scientist finds the following pipeline log entries:

Which of the following should the security team do to mitigate future occurrences?

正確答案: B
說明:(僅 Fast2test 成員可見)
Which of the following is most resistant to AI manipulation?

正確答案: E
說明:(僅 Fast2test 成員可見)
A company introduces a large language model (LLM) in an application in order to monitor for a potential denial-of-service attack.
Which of the following should the company use to measure the utilization of the LLM?

正確答案: D
說明:(僅 Fast2test 成員可見)
An airline corporation wants to implement a chatbot application using a large language model (LLM) so its customers can ask questions and receive answers about flight details and have the option to upload files.
Which of the following security controls should the airline use to protect against malicious input and unauthorized use beyond the service-level agreement? (Choose two.)

正確答案: C,D
說明:(僅 Fast2test 成員可見)
Which of the following is the primary security risk when deploying AI models in production?

正確答案: D
說明:(僅 Fast2test 成員可見)
A line of business wants to onboard an application that uses a custom AI model for employee assessments.
The Chief Information Officer (CIO) agrees to allow the engagement to proceed but first wants a threat model.
Which of the following is the most appropriate to use for an AI threat model?

正確答案: A
說明:(僅 Fast2test 成員可見)
Part 1: Use drop-down menu to select the most appropriate protocol or cipher for each system component.
Part 2: Use the drop-down menu to select the most appropriate technique to apply to the modified data.
An engineer is analyzing findings from a penetration test that indicate insufficient data encryption. The engineer must implement data security.
正確答案:

Explanation:
See Explanation

Basic Concept: This is a Performance-Based Question (PBQ) - a simulation requiring interactive protocol and cipher selection in the actual exam. It tests the candidate ' s ability to select appropriate encryption protocols for different AI system components and apply proper data security techniques for sensitive AI data.
Key Concept - Encryption by Component: For data in transit between AI components, TLS 1.3 is the current standard protocol. For API communications, HTTPS with TLS 1.3 and certificate pinning is appropriate. For database connections used by AI systems, TLS with strong cipher suites such as AES-256-GCM should be applied. For data at rest in model stores and training data repositories, AES-256 encryption is standard. For authentication tokens and keys, RSA-2048 or ECC P-256 are appropriate asymmetric options.
Key Concept - Data Techniques: For sensitive AI training data that has been modified, tokenization replaces sensitive values with non-sensitive tokens. Masking obscures sensitive fields in outputs. Hashing provides one-way verification for data integrity.
Reference: CompTIA SecAI+ Study Guide Domain 2 covers encryption requirements for AI system data security. Candidates should know standard encryption protocols (TLS 1.3, AES-256), when to apply each cipher type, and which data security techniques such as masking, tokenization, and encryption at rest are appropriate for different AI system data categories and sensitivity levels.

聯系我們

如果您有任何問題,請留下您的電子郵件地址,我們將在12小時內回复電子郵件給您。

我們的工作時間:( GMT 0:00-15:00 )
週一至週六

技術支持: 立即聯繫 

English 日本語 Deutsch 한국어