CY0-001Preview

A data set containing medical information is put into a machine learning (ML) model that is designed to predict specific illnesses for a population. In the process of verifying the reliability of the system, the compliance officer realizes that the system cannot reliably predict illnesses for certain segments of the population. Which of the following types of risk is most applicable to this case?

A penetration tester is assessing the controls of a deployed AI system that is designed to search and return the contents of files. The tester runs the following:

Which of the following is the best control to prevent abuse of the system?

A line of business wants to onboard an application that uses a custom AI model for employee assessments. The Chief Information Officer (CIO) agrees to allow the engagement to proceed but first wants a threat model. Which of the following is the most appropriate to use for an AI threat model?

An organization recently developed an AI-powered product and discovers that it is vulnerable to attacks in which malicious actors can alter the input, causing the system to recommend inappropriate information. Which of the following techniques is the most effective way to secure the system against manipulation attacks?

An AI security team must assess the probability of an attack on its new system and the impact associated with such an attack. Which of the following threat-modeling resources best addresses the threat landscape for machine learning (ML)?

An AI security administrator notices that the information referenced by the model is incorrectly formatted and missing values. Which of the following job roles would most likely be responsible for correcting this error?

Which of the following describe the practice of providing examples in a prompt? (Choose two.)

An organization develops a chatbot with the following requirements:
Does not provide harmful or explicit responses
Must use clean and professional language
Ensures that responses are accurate
Which of the following should the organization conduct after the chatbot is fully developed but before a customer-facing deployment?

Customer feedback for an AI chatbot has a high-rate of non-answers, which is causing higher central processing unit (CPU) utilization. Which of the following should be implemented?

A security analyst is aware of an active penetration test in the environment. The analyst examines security information and event management (SIEM) log data and notices the following output from the AI system:

Which of the following is the vulnerability that has occurred and the control the analyst should implement?

A security consultant needs to detect attacks across a large language model (LLM) firewall. Which of the following techniques should the consultant use?

Which of the following is most resistant to AI manipulation?

A team of data scientists is ready to release a model for enterprise use. The team wants to protect the model from unintentional changes or tampering. Which of the following is the most appropriate action?

A social media company with more than a million lines of code wants to reduce the mean time to fix bugs and issues. Which of the following is the most balanced AI strategy to automate the vulnerability management flow?

Which of the following is required first in order to send a prompt query and response in a language model (LLM) system when authentication is enabled?

An architect is creating a threat model for an agentic system. Which of the following should the architect do first?

A recently deployed AI system becomes persistently unavailable. A restart temporarily fixes the issue, but the issue happens again. Upon examination of application programming interface (API) logs, an analyst finds that external calls continued to use system resources after the action completed.
Which of the following is the best way to improve availability of the system?

HOTSPOT -

Instructions -
Use the drop-down menus to define two appropriate security controls for each component of the AI system. Each control may be used only once.
If at any time you would like to bring back the initial state of the simulation please click the Reset All button.
An engineer is deploying a new AI system and wants to integrate it into the core system through an API.

Which of the following attacks would be the best to automate with AI during dynamic application software testing (DAST)?

A company uses human review for software development validation and wants to add another validation layer. Which of the following should a security administrator use to accomplish task?

Which of the following is the primary purpose of validating data for an AI system?

A cybersecurity analyst wants to choose a machine learning (ML) model to classify log entries while providing the best explainability. Which of the following models should the analyst use?

A security administrator must provide access controls for AI systems to list tables. Which of the following should the administrator implement?

A manufacturing company wants to use AI within its operations to improve the efficiency and accuracy of its processes. Which of the following should the organization do first to enable adoption and achieve the business objectives?