
New 2026 CY0-001 exam questions Welcome to download the newest PassLeaderVCE CY0-001 PDF dumps (102 Q&As)
P.S. Free 2026 CompTIA SecAI+ CY0-001 dumps are available on Google Drive shared by PassLeaderVCE
NEW QUESTION # 43
Which of the following job roles in an organizational governance structure develops a model from business use cases?
- A. AI risk analyst
- B. Machine learning operations (MLOps) engineer
- C. Platform architect
- D. Data scientist
Answer: D
Explanation:
A data scientist develops models from business use cases by translating organizational needs into machine learning solutions. They prepare data, select algorithms, and build models that align with the use cases.
NEW QUESTION # 44
A recently deployed AI system becomes persistently unavailable. A restart temporarily fixes the issue, but the issue happens again. Upon examination of application programming interface (API) logs, an analyst finds that external calls continued to use system resources after the action completed.
Which of the following is the best way to improve availability of the system?
- A. Implementing multifactor authentication (MFA)
- B. Creating token limits
- C. Increasing system memory
- D. Enforcing session expiration
Answer: D
Explanation:
The persistent unavailability is caused by external calls consuming resources even after completion, indicating sessions are not being closed. Enforcing session expiration ensures unused sessions are terminated, freeing resources and improving system availability.
NEW QUESTION # 45
An AI architect reviews AI utilization and wants to improve the user experience. Which of the following should the architect review within the logs?
- A. Access controls
- B. Data storage
- C. Rate monitoring
- D. Model accuracy
Answer: D
Explanation:
To improve user experience, the architect should review model accuracy in the logs. High accuracy ensures users receive relevant, reliable responses, directly impacting satisfaction and effectiveness of the AI system.
NEW QUESTION # 46
Which of the following attacks would be the best to automate with AI during dynamic application software testing (DAST)?
- A. Data poisoning
- B. Payload creation
- C. Threat modeling
- D. Distributed denial-of-service (DDoS)
Answer: B
Explanation:
During DAST, automating the generation of diverse, targeted attack payloads lets testers probe runtime inputs (e.g., XSS, SQLi, command injection) more thoroughly and discover vulnerabilities that manual or static tests might miss.
NEW QUESTION # 47
A security architect performs threat modeling of an AI system. The architect needs to determine which attacks can be performed against the system.
Which of the following actions should the architect take next?
- A. Identify trust boundaries and perform threat modeling with Open Worldwide Application Security Project (OWASP) Top 10.
- B. Quantify the risk of known vulnerabilities identified in the AI system.
- C. Analyze MITRE Adversarial Threat Landscape for AI Systems (ATLAS) for tactics, techniques, and procedures (TTPs).
- D. Leverage a large language model (LLM) to map likely attack paths based on the code base.
Answer: A
Explanation:
MITRE ATLAS is specifically designed to catalog adversarial TTPs targeting AI systems. By analyzing ATLAS, the architect can determine which types of attacks are possible against the AI system, making it the most appropriate resource for threat modeling in this context.
NEW QUESTION # 48
An attacker successfully completes a denial-of-service (DoS) attack through the context window of an AI system. Thousands of characters are obfuscated and hidden behind an emoji. Which of the following techniques best mitigates this type of attack?
- A. Prompt filter
- B. Fraud detection
- C. Large language model (LLM)-as-a-judge
- D. Pattern recognition
Answer: A
Explanation:
A DoS attack through the context window relies on overwhelming the model with excessive or obfuscated input. Prompt filtering prevents such malicious or oversized inputs from being processed, ensuring that the model only receives safe, properly structured data within acceptable limits.
NEW QUESTION # 49
Which techniques belong to the MITRE ATT&CK Command-and-Control phase? (Choose two.)
- A. Covert channels
- B. Credential dumping
- C. Registry modification
- D. Beaconing
- E. Initial access
Answer: A,D
Explanation:
Beaconing and covert channels maintain communication with the attacker.
NEW QUESTION # 50
Which of the following is an example of how a security analyst uses generative AI in the triage process?
- A. To summarize security findings by category
- B. To tag malware using machine learning (ML) algorithms
- C. To predict the next attack target with higher accuracy
- D. To use statistical analysis for malicious code assessment
Answer: A
Explanation:
In triage, generative AI is most effective for quickly summarizing and categorizing large volumes of alerts or findings. This helps analysts prioritize incidents and streamline the investigation process.
NEW QUESTION # 51
A company wants to reduce IDS false positives. What tuning should occur FIRST?
- A. Baseline normal behavior
- B. Increase signature sensitivity
- C. Disable low-priority alerts
- D. Add new signatures
Answer: A
Explanation:
A behavioral baseline enables effective tuning and alert reduction.
NEW QUESTION # 52
A security administrator must provide access controls for AI systems to list tables. Which of the following should the administrator implement?
- A. Network access control list (NACL)
- B. Model access
- C. Data access
- D. Agentic AI access
Answer: C
Explanation:
Since the requirement is to control which users or systems can list tables, the proper control lies at the data access level. Implementing data access controls ensures only authorized entities can view or query the underlying tables used by the AI system.
NEW QUESTION # 53
Which tool prevents unauthorized system file modifications?
- A. NIDS
- B. WAF
- C. Containerization
- D. File Integrity Monitoring (FIM)
Answer: D
Explanation:
FIM detects changes to critical system files.
NEW QUESTION # 54
Which of the following responsible AI standards refers to a principle that clearly states the reasons behind the decisions for a particular conclusion?
- A. Transparency
- B. Auditability
- C. Accountability
- D. Explainability
Answer: D
Explanation:
Explainability is the responsible AI principle that ensures AI systems can provide clear reasoning for their decisions, allowing users to understand how and why a particular conclusion was reached.
NEW QUESTION # 55
A customer-facing, AI-powered chatbot has been jailbroken through prompt injections. As a result, the AI model is offering a 99% discount on the purchase of a new vehicle. Which of the following should be implemented to enhance the model's robustness against such attacks?
- A. Log monitoring
- B. System prompt
- C. Bias filtering
- D. Guardrails
Answer: D
Explanation:
Guardrails enforce strict rules on what the AI model can and cannot do, preventing malicious prompt injections from overriding intended behavior. In this case, guardrails would stop the chatbot from generating unauthorized offers such as extreme discounts.
NEW QUESTION # 56
Faculty members at a university are concerned about potential inherent bias and inconsistency in one department's AI plagiarism detection service.
Which of the following principles will most likely to address their concerns?
- A. Explainability
- B. Transparency
- C. Accountability
- D. Consistency
Answer: D
Explanation:
Consistency ensures that an AI system applies rules and produces results in a uniform manner across all cases. This principle directly addresses concerns about bias and irregular outcomes in the plagiarism detection service.
NEW QUESTION # 57
A disgruntled employee changed the company policies that a chatbot references in order to create confusion and disrupt the business. Which of the following AI-generated vulnerabilities is the employee exploiting?
- A. Data poisoning
- B. Data masking
- C. Data reduction
- D. Data leaking
Answer: A
Explanation:
Altering the source data (policy content) that the chatbot relies on corrupts its knowledge and behavior, which is characteristic of data poisoning attacks.
NEW QUESTION # 58
A healthcare organization plans to deploy a chatbot for appointment scheduling and patient records. Which of the following is the first step a security administrator should take?
- A. Conduct a risk assessment.
- B. Implement prompt firewalls.
- C. Use a secure data communication channel for chat.
- D. Enable role-based access management
Answer: A
Explanation:
Before deploying an AI chatbot that will handle sensitive healthcare data, the first step is to conduct a risk assessment. This identifies potential threats, compliance requirements (such as HIPAA), and security gaps, ensuring proper controls are planned before implementation.
NEW QUESTION # 59
A security consultant must summarize the impact of posture management on a machine learning (ML) use case. Which of the following is the most appropriate reference for this purpose?
- A. National Institute of Standards and Technology (NIST) AI Risk Management Framework (RMF)
- B. Generative adversarial network (GAN)
- C. Organization for Economic Co-operation and Development (OECD) standards
- D. European Union AI Act
Answer: A
Explanation:
The NIST AI RMF provides structured guidance for assessing and managing risks across the AI lifecycle, including posture management. It helps organizations align AI security practices with governance, resilience, and trustworthiness requirements.
NEW QUESTION # 60
A company discovers that attackers exploited an unpatched vulnerability in a web server. Which control BEST prevents this?
- A. Configuration baselines
- B. Patch management
- C. WAF rules
- D. Password complexity enforcement
Answer: B
Explanation:
Timely patching directly prevents exploitation of known vulnerabilities.
NEW QUESTION # 61
A cybersecurity analyst must use pattern recognition on a data set containing unstructured data.
Which of the following models is the best for this task?
- A. Long short-term memory
- B. Convolutional neural network
- C. Decision tree
- D. Logistic regression
Answer: B
Explanation:
Convolutional neural networks (CNNs) are highly effective at detecting patterns in unstructured data such as images, audio, or text embeddings. Their ability to automatically learn spatial or hierarchical features makes them the best choice for pattern recognition on unstructured datasets.
NEW QUESTION # 62
Which are indicators of lateral movement? (Choose two.)
- A. DNS tunneling traffic
- B. Sudden increase in CPU usage
- C. Encrypted outbound traffic to a suspicious domain
- D. Repeated SMB login attempts between internal hosts
- E. Use of Pass-the-Hash techniques
Answer: D,E
Explanation:
Lateral movement often involves internal SMB attacks and credential reuse.
NEW QUESTION # 63
......
CY0-001 exam questions from PassLeaderVCE dumps: https://www.passleadervce.com/CompTIA-SecAI/reliable-CY0-001-exam-learning-guide.html (102 Q&As)
Free 2026 CompTIA SecAI+ CY0-001 dumps are available on Google Drive shared by PassLeaderVCE: https://drive.google.com/open?id=1SnCa3rwut3_XEy3_LbUYC78IjolSADOc