CompTIA Updated CY0-001 Exam Questions and Answers by lois

Basic Concept: AI systems that access file systems or databases use service accounts to authenticate. Applying the principle of least privilege to these service accounts limits the damage that can result from prompt injection or other attacks that cause the AI to perform unauthorized file access. CompTIA SecAI+ Study Guide covers least privilege as a core AI security control.

Why D is Correct: Reducing the privilege scope of the service account implements the least privilege principle, ensuring the AI system can only access files it legitimately needs for its intended function. If an attacker uses prompt injection to abuse the file search capability, the service account ' s limited permissions prevent access to sensitive files outside the defined scope, containing the blast radius of any exploitation.

Why A is Wrong: Custom detection rules identify anomalous behavior after it occurs. They are detective controls, not preventive controls. They do not stop an attacker from successfully abusing the system; they only alert after abuse has occurred.

Why B is Wrong: VPC segmentation isolates the workload at the network level, limiting lateral movement. However, it does not restrict what files the AI ' s service account can access within its own environment, so file abuse attacks within the segment are still possible.

Why C is Wrong: LLM guardrails filter prompt inputs and outputs for policy violations. While useful, they can potentially be bypassed through sophisticated prompt injection. Reducing service account privileges provides a defense-in-depth layer that limits damage even if guardrails are bypassed.

Basic Concept: Jailbreaking through prompt injection exploits the LLM ' s tendency to follow instructions embedded in user input, overriding its intended behavior. The model was manipulated to offer unauthorized discounts, demonstrating that its operational boundaries were not properly enforced. CompTIA SecAI+ Study Guide identifies guardrails as the primary defense against jailbreaking attacks.

Why D is Correct: Guardrails are robust, layered controls that enforce behavioral boundaries on LLM inputs and outputs. They can detect and block jailbreaking attempts, enforce business logic constraints such as preventing unauthorized discounts, validate outputs against policy rules before delivery, and prevent the model from operating outside its defined scope. Guardrails are specifically designed to make models more robust against prompt injection and jailbreaking.

Why A is Wrong: Bias filtering is designed to detect and remove biased, discriminatory, or offensive content from model outputs. It addresses content fairness issues but does not prevent jailbreaking attacks that manipulate the model into performing unauthorized actions.

Why B is Wrong: A system prompt sets the model ' s base instructions and persona, but the jailbreak attack already demonstrates that the current prompt can be overridden. Guardrails provide enforcement at a layer that is more resistant to prompt manipulation than the system prompt alone.

Why C is Wrong: Log monitoring detects jailbreaking attempts after they have already succeeded. It is a detective control that enables incident response but does not prevent the model from offering unauthorized discounts in the first place.

Basic Concept: DoS attacks overwhelm AI systems by sending excessive requests that exhaust computational resources, memory, or bandwidth, preventing legitimate users from being served. The primary defense against volume-based attacks is throttling the rate at which requests can be processed. CompTIA SecAI+ Exam Objectives identify rate limiting as the key DoS mitigation control for AI systems.

Why B is Correct: Rate limiting directly addresses the root mechanism of DoS attacks by restricting the number of requests any single client or IP address can submit within a defined time window. By enforcing request quotas, rate limiting prevents attackers from generating the request volume necessary to overwhelm the system while preserving capacity for legitimate users. It is the most direct and effective preventive control against DoS attacks on AI APIs and services.

Why A is Wrong: Model guardrails inspect and filter the content of prompts and responses for policy compliance and safety. They operate at the semantic content level, not at the request volume level, and cannot prevent resource exhaustion from high-volume request flooding.

Why C is Wrong: End-to-end encryption protects the confidentiality and integrity of data in transit. Encrypted DoS traffic is just as damaging as unencrypted traffic; encryption does not limit request rates or prevent resource exhaustion.

Why D is Wrong: Access controls restrict who can interact with the system, which can reduce the potential attacker pool. However, authenticated users and compromised accounts can still launch DoS attacks, and access controls alone cannot prevent high-volume attacks from authorized sources.

Basic Concept: LLM firewalls inspect prompts and responses to identify malicious content, policy violations, and attack attempts. To detect known attack patterns, these systems apply inspection techniques that compare content against established threat indicators. CompTIA SecAI+ Study Guide covers LLM security monitoring and detection techniques.

Why A is Correct: Signature matching compares incoming prompts and outgoing responses against a library of known attack signatures, including common prompt injection patterns, jailbreaking attempts, data exfiltration queries, and known malicious payload strings. When content matches a known attack signature, the LLM firewall can block or flag it. Signature matching is an efficient, proven detection technique for identifying known attack patterns traversing an LLM firewall.

Why B is Wrong: Distributed denial-of-service is itself a type of attack, not a detection technique. DDoS floods systems with traffic to cause service unavailability and has no role in detecting attacks through an LLM firewall.

Why C is Wrong: Translation analysis involves converting content between languages or formats. While it might be used to detect obfuscated attacks in different encodings, it is not a standard detection technique for identifying attacks crossing an LLM firewall.

Why D is Wrong: Vulnerability enumeration systematically identifies and catalogs vulnerabilities in systems or applications during security assessments. It is an assessment activity used to discover weaknesses, not a real-time detection technique for attacks traversing an LLM firewall.