Free CY0-001 Braindumps Download Updated on Jun 14, 2026 with 102 Questions CompTIA CY0-001 Exam Practice Test Questions NEW QUESTION # 60 User experience is declining since the launch of a large language model (LLM) in internal networks. Which of the following should be the highest priority for the prompt engineers? A. Business objectives B. Customer success management C. Quality control D. Sales [...]

All Products Contact now

Free CY0-001 Braindumps Download Updated on Jun 14, 2026 with 102 Questions [Q60-Q83]

Share

Free CY0-001 Braindumps Download Updated on Jun 14, 2026 with 102 Questions

CompTIA CY0-001 Exam Practice Test Questions

NEW QUESTION # 60
User experience is declining since the launch of a large language model (LLM) in internal networks. Which of the following should be the highest priority for the prompt engineers?

  • A. Business objectives
  • B. Customer success management
  • C. Quality control
  • D. Sales life cycle

Answer: C

Explanation:
When user experience is declining after an LLM launch, the top priority for prompt engineers is quality control. Ensuring prompts produce accurate, relevant, and safe outputs directly improves usability and restores user trust.


NEW QUESTION # 61
An AI security team must assess the probability of an attack on its new system and the impact associated with such an attack. Which of the following threat-modeling resources best addresses the threat landscape for machine learning (ML)?

  • A. Massachusetts Institute of Technology (MIT) risk repository
  • B. Open Worldwide Application Security Project (OWASP)
  • C. Common Vulnerabilities and Exposures (CVE) AI working group
  • D. MITRE Adversarial Threat Landscape for AI Systems (ATLAS)

Answer: D

Explanation:
MITRE ATLAS is specifically designed to capture adversarial tactics, techniques, and procedures (TTPs) targeting machine learning systems. It helps organizations assess both the probability and impact of AI/ML-related attacks, making it the most relevant threat-modeling resource.


NEW QUESTION # 62
Which of the following technologies is used in deepfake?

  • A. Prompt engineering
  • B. Generative adversarial network (GAN)
  • C. Multi-shot prompting
  • D. Transfer learning

Answer: B

Explanation:
Deepfakes are primarily created using GANs, where two neural networks (a generator and a discriminator) compete to produce highly realistic synthetic media, such as manipulated videos or images.


NEW QUESTION # 63
Which of the following job roles in an organizational governance structure develops a model from business use cases?

  • A. Machine learning operations (MLOps) engineer
  • B. AI risk analyst
  • C. Platform architect
  • D. Data scientist

Answer: D

Explanation:
A data scientist develops models from business use cases by translating organizational needs into machine learning solutions. They prepare data, select algorithms, and build models that align with the use cases.


NEW QUESTION # 64
An administrator, who works for a financial institution, is required to implement data security controls for data at rest within AI systems that involve data disclosure. Which of the following is the most suitable control?

  • A. Data lineage
  • B. Encryption
  • C. Masking
  • D. Rate limits

Answer: B

Explanation:
For financial institutions handling AI systems, protecting data at rest against disclosure requires encryption. Encryption ensures that even if the storage medium is accessed or compromised, the data remains unreadable without the proper decryption keys.


NEW QUESTION # 65
Which of the following controls is the best way to mitigate a denial-of-service (DoS) attack?

  • A. Rate limiting
  • B. Model guardrails
  • C. End-to-end encryption
  • D. Access controls

Answer: A

Explanation:
Rate limiting restricts the number of requests within a set timeframe, preventing attackers from overwhelming the system with excessive traffic, making it the best control to mitigate a DoS attack.


NEW QUESTION # 66
Which of the following attacks would be the best to automate with AI during dynamic application software testing (DAST)?

  • A. Data poisoning
  • B. Payload creation
  • C. Threat modeling
  • D. Distributed denial-of-service (DDoS)

Answer: B

Explanation:
During DAST, automating the generation of diverse, targeted attack payloads lets testers probe runtime inputs (e.g., XSS, SQLi, command injection) more thoroughly and discover vulnerabilities that manual or static tests might miss.


NEW QUESTION # 67
A social media company with more than a million lines of code wants to reduce the mean time to fix bugs and issues. Which of the following is the most balanced AI strategy to automate the vulnerability management flow?

  • A. Using AI to triage discovered issues and create tickets, but having a software engineer merge software
  • B. Using AI to triage discovered issues, create tickets, and merge software fixes
  • C. Having security analysts triage discovered issues and create tickets, but using AI to merge software
  • D. Having security analysts triage discovered issues and create tickets, but having a software engineer merge software

Answer: A

Explanation:
This approach balances automation and human oversight. AI accelerates vulnerability management by triaging issues and generating tickets, while software engineers retain responsibility for merging code changes, ensuring quality and reducing the risk of insecure or unstable code being deployed.


NEW QUESTION # 68
A security administrator needs to improve an AI model. During an initial investigation, the administrator notices that two successive login features are recorded every day, and then a successful login occurs after a specific time interval. All the successful login attempts have been during office hours.
Which of the following techniques should the administrator use to improve the AI model's security?

  • A. Access management
  • B. Signature matching
  • C. Vulnerability analysis
  • D. Pattern recognition

Answer: D

Explanation:
The administrator is analyzing repeated login behaviors and time-based patterns that precede successful access. Pattern recognition allows the AI model to detect these behavioral trends, improving its ability to identify anomalies or potential attacks while aligning with normal office-hour login behavior.


NEW QUESTION # 69
Which of the following responsible AI standards refers to a principle that clearly states the reasons behind the decisions for a particular conclusion?

  • A. Transparency
  • B. Explainability
  • C. Accountability
  • D. Auditability

Answer: B

Explanation:
Explainability is the responsible AI principle that ensures AI systems can provide clear reasoning for their decisions, allowing users to understand how and why a particular conclusion was reached.


NEW QUESTION # 70
Users report that the output of a generative AI application seems unrelated to the prompts and contains offensive content. A security team investigates and determines that there was an on- path attack. Which of the following is the most likely attack method?

  • A. Model hijacking
  • B. Domain hijacking
  • C. Session hijacking
  • D. Application server hijacking

Answer: C

Explanation:
In an on-path attack, an adversary intercepts and manipulates traffic between the user and the AI system. Session hijacking allows the attacker to inject or alter prompts and responses, leading to unrelated or offensive output.


NEW QUESTION # 71
A data set containing medical information is put into a machine learning (ML) model that is designed to predict specific illnesses for a population. In the process of verifying the reliability of the system, the compliance officer realizes that the system cannot reliably predict illnesses for certain segments of the population. Which of the following types of risk is most applicable to this case?

  • A. Inclusiveness
  • B. Transparency
  • C. Bias
  • D. Consistency

Answer: C

Explanation:
The model's inability to reliably predict illnesses for certain population segments indicates bias in the dataset or training process. This leads to unfair or inaccurate outcomes for specific groups, making bias the most applicable risk in this case.


NEW QUESTION # 72
An employee wants a consulting company to procure a data set that contains age, ethnicity, and diabetes status. During development, the employer wants to ensure the integrity of the data.
Which of the following is the best strategy to accomplish this task?

  • A. Conducting human evaluation
  • B. Querying the model
  • C. Enabling log monitoring
  • D. Implementing checksums

Answer: D

Explanation:
Checksums ensure data integrity by detecting any unauthorized or accidental changes to the dataset. This provides a reliable way to confirm that sensitive attributes such as age, ethnicity, and diabetes status remain unaltered during development.


NEW QUESTION # 73
A security consultant must summarize the impact of posture management on a machine learning (ML) use case. Which of the following is the most appropriate reference for this purpose?

  • A. Generative adversarial network (GAN)
  • B. National Institute of Standards and Technology (NIST) AI Risk Management Framework (RMF)
  • C. European Union AI Act
  • D. Organization for Economic Co-operation and Development (OECD) standards

Answer: B

Explanation:
The NIST AI RMF provides structured guidance for assessing and managing risks across the AI lifecycle, including posture management. It helps organizations align AI security practices with governance, resilience, and trustworthiness requirements.


NEW QUESTION # 74
A healthcare organization plans to deploy a chatbot for appointment scheduling and patient records. Which of the following is the first step a security administrator should take?

  • A. Implement prompt firewalls.
  • B. Enable role-based access management
  • C. Use a secure data communication channel for chat.
  • D. Conduct a risk assessment.

Answer: D

Explanation:
Before deploying an AI chatbot that will handle sensitive healthcare data, the first step is to conduct a risk assessment. This identifies potential threats, compliance requirements (such as HIPAA), and security gaps, ensuring proper controls are planned before implementation.


NEW QUESTION # 75
A machine learning (ML) engineer is working with a security engineer to identify the best practices for securing a system with various AI models.
Which of the following actions should the engineers suggest?

  • A. Using a secure software development life cycle (SDLC)
  • B. Implementing comprehensive security architecture
  • C. Conducting guardrail testing and security validation
  • D. Following a secure model development life cycle (MDLC)

Answer: D

Explanation:
A secure MDLC is tailored to AI and ML systems, ensuring security is integrated throughout the model's design, training, validation, deployment, and monitoring phases. This directly addresses best practices for securing systems with AI models.


NEW QUESTION # 76
Which of the following describe the practice of providing examples in a prompt? (Choose two.)

  • A. Multi-shot
  • B. Quantization
  • C. Prompt template
  • D. User prompt
  • E. One-shot
  • F. System prompt

Answer: A,E

Explanation:
Providing examples in a prompt is referred to as one-shot prompting when a single example is given and multi-shot prompting when multiple examples are provided.


NEW QUESTION # 77
A company discovers that attackers exploited an unpatched vulnerability in a web server. Which control BEST prevents this?

  • A. Patch management
  • B. Configuration baselines
  • C. Password complexity enforcement
  • D. WAF rules

Answer: A

Explanation:
Timely patching directly prevents exploitation of known vulnerabilities.


NEW QUESTION # 78
Which of the following would most likely be used to prove that an image is AI generated?

  • A. Diffusion
  • B. Human validation
  • C. Watermarking
  • D. Guardrails

Answer: C

Explanation:
Watermarking embeds hidden, verifiable markers into AI-generated images. These markers can later be detected to prove the image originated from an AI system, making it the most reliable method for verification.


NEW QUESTION # 79
A phishing attachment appears harmless during static analysis but behaves maliciously when executed. Which technique would detect this?

  • A. Heuristic scanning
  • B. Digital forensics
  • C. Log correlation
  • D. Dynamic analysis in a sandbox

Answer: D

Explanation:
Dynamic analysis observes real-time malicious activity.


NEW QUESTION # 80
An airline corporation wants to implement a chatbot application using a large language model (LLM) so its customers:
- Can ask question and receive answers about flight details.
- Have the option to upload files.
Which of the following security controls should the airline use to protect against malicious input and unauthorized use beyond the service-level agreement? (Choose two.)

  • A. Model token quotas
  • B. Prompt guardrails
  • C. Role-based access controls
  • D. Firewall rules

Answer: A,B

Explanation:
Prompt guardrails are needed to prevent malicious or manipulated inputs (prompt injection) from causing the chatbot to provide harmful, misleading, or unauthorized responses.
Model token quotas limit the amount of input/output a user can generate, preventing abuse or excessive usage beyond the service-level agreement (SLA).


NEW QUESTION # 81
A company wants to detect abnormal insider activity based on historical logs. Which technology is BEST?

  • A. CASB
  • B. PKI
  • C. SSL termination
  • D. UEBA

Answer: D

Explanation:
User and Entity Behavior Analytics detects deviations from normal patterns.


NEW QUESTION # 82
A security analyst finds that the AI system is under a denial-of-wallet attack. Which of the following should the analyst enforce to protect the company? (Choose two.)

  • A. Output token controls
  • B. Endpoint access controls
  • C. Application programming interface (API) rate controls
  • D. Content delivery network (CDN)
  • E. Modality controls
  • F. Model fine-tuning

Answer: A,C

Explanation:
API rate controls limit the number of requests within a set timeframe, preventing attackers from overloading the system and driving up costs.
Output token controls restrict the length of responses, reducing unnecessary token usage that attackers might exploit in a denial-of-wallet attack.


NEW QUESTION # 83
......

Updated Verified CY0-001 dumps Q&As - Pass Guarantee or Full Refund: https://examcollection.guidetorrent.com/CY0-001-dumps-questions.html

Related Articles

more
CompTIA CY0-001 Certification Practice Exam