Which of the following is the most concerning risk for a company that allows corporate end users to use public- facing large language models (LLMs)?
Answer(s): C
The greatest concern with employees using public-facing LLMs is the potential exposure of sensitive or regulated corporate data. Submitting such information to external systems may violate data protection laws (e.g., GDPR, HIPAA), creating legal and compliance risks that outweigh issues like hallucinations or malicious outputs.
Which of the following requires developers to harden infrastructure to protect AI systems?
Answer(s): D
Configuration standards define how infrastructure and systems must be securely set up and maintained. By following these standards, developers harden the environment that supports AI systems, reducing risks from misconfigurations and vulnerabilities.
Which of the following is the best example of an AI model that is trained to identify multiple points from input using a neural network to provide output for authentication?
Answer(s): A
Facial recognition uses neural networks to analyze multiple points or features from an input image (such as eyes, nose, mouth, and facial structure) to generate a unique identifier for authentication purposes.
An organization is developing and implementing AI features into a customer service application. Which of the following practices should the organization put the place before releasing the application for customer trials?
Before releasing AI features for customer trials, it is critical to protect sensitive information that may be used during testing. Data masking and sanitization ensure customer or corporate data is anonymized or obfuscated, reducing the risk of data exposure while still allowing realistic evaluation of the AI system.
An internal user enters a client credit card number into an internal generative machine learning (ML) model:#User prompt: Customer Jane Doe has a new credit card that she wants to add to her account. The number is 5555-5555-5555-5555Which of the following is the most effective way to prevent prompt injection attacks against a large language model (LLM)?
Guardrails are the primary security control for LLMs to prevent prompt injection attacks. They enforce rules on what inputs are accepted and how the model responds, blocking malicious or sensitive prompts (such as credit card numbers) before they can manipulate or exploit the model.
A security alert triggers an agentic system. An analyst notices the following payload in the logs"The alert includes multiple shell commands that are not typically run as part of any hardening. Which of the following is the most effective control to implement?
The payload in the alert attempts to trick the system into executing unauthorized shell commands. The most effective control is to implement allow-list validation (approved strings) before execution. This ensures that only predefined, safe commands are executed, blocking prompt injection attempts that introduce malicious code such as the fake patch script.
A global security operations center (SOC) wants to adapt and leverage the strength of AI in order to enhance its security operations. Which of the following is the best way to enhance the global SOC functions?
AI can significantly enhance SOC operations by summarizing and correlating high volumes of alerts, enabling analysts to quickly identify patterns, prioritize threats, and gain actionable insights. This reduces analyst fatigueand improves response times without introducing unsafe automation risks.
An attacker successfully completes a denial-of-service (DoS) attack through the context window of an AI system. Thousands of characters are obfuscated and hidden behind an emoji. Which of the following techniques best mitigates this type of attack?
A DoS attack through the context window relies on overwhelming the model with excessive or obfuscated input.Prompt filtering prevents such malicious or oversized inputs from being processed, ensuring that the model only receives safe, properly structured data within acceptable limits.
Share your comments for CompTIA CY0-001 exam with other users:
good question
really nice
please i need dumps for isc2 cybersecuity
ans is coldline i think
very helpful
can you please provide dumps so that it helps me more
thank you for providing me with the updated question and answers. this version has all the questions from the exam. i just saw them in my exam this morning. i passed my exam today.
how i can see exam questions?
can you please upload please?
question 75: option c is correct answer
please add this exam
please upoad
has anyone recently attended safe 6.0 certification? is it the samq question from here.
expository experience
52 should be b&c. controller failure has nothing to do with this type of issue. degraded state tells us its a raid issue, and if the os is missing then the bootable device isnt found. the only other consideration could be data loss but thats somewhat broad whereas b&c show understanding of the specific issues the question is asking about.
great help!!!
very useful tools
looks a good platform to prepare az-104
want to pass the exam
good resource
question 11 : d
only the free dumps will be enough for pass, or have to purchase the premium one. please suggest.
good questions. thanks.
good for practice.
great case study
the questions in this exam dumps is valid. i passed my test last monday. i only whish they had their pricing in inr instead of usd. but it is still worth it.
q40 the answer is not d, why are you giving incorrect answers? snapshot consolidation is used to merge the snapshot delta disk files to the vm base disk
thanks, very relevant
wrong answer. it is true not false.
please i need the mo-100 questions
very good use full
very valid questions
will these question help me to clear pl-300 exam?
please provide me with these dumps questions. thanks