Demo CompTIA CY0-001 Exam Questions

Basic Concept: Monitoring an AI system's internal runtime behavior requires deep observability into what the system is doing at the code and function execution level, not just at the perimeter. CompTIA SecAI+ Study Guide addresses AI system observability and runtime monitoring under securing AI infrastructure. Why D is Correct: Enabling stack call and debugging level traces at the function level provides the highest granularity of visibility into internal operations. This approach exposes what functions are called, in what order, with what inputs, and what is returned, offering genuine insight into the AI system's internal activity at runtime precisely as the engineer requires. Why A is Wrong: A SIEM aggregates and correlates log and event data from multiple sources. While useful for security alerting, it does not inherently provide visibility into internal function-level operations of an AI model at runtime. Why B is Wrong: A WAF with header logging monitors and filters HTTP traffic at the application boundary. It captures external request and response data, not the AI system's internal runtime mechanics. Why C is Wrong: Relying on vendor controls and monitoring prompt inputs is a passive, externally focused approach. It provides no visibility into intermediate computations or internal operations within the AI model itself

Basic Concept: Data at rest refers to inactive data stored in databases or storage media. Protecting it from unauthorized disclosure is a fundamental data security principle covered in the CompTIA SecAI+ Study Guide under securing AI data pipelines. Why C is Correct: Encryption protects data at rest by rendering it unreadable to unauthorized parties without the appropriate decryption key. In a financial institution with sensitive data, encryption at rest (e.g., AES-256) is the primary control against data disclosure. Even if storage media is physically compromised, encrypted data remains unintelligible. CompTIA SecAI+ Exam Objectives highlight encryption as the primary confidentiality control for stored AI data. Why A is Wrong: Data lineage tracks the origin and movement of data throughout its lifecycle. It improve straceability and auditability but does not prevent unauthorized disclosure of data at rest. Why B is Wrong: Rate limits control the number of API requests within a time period. They protect against abuse and denial-of-service scenarios, not data-at-rest confidentiality. Why D is Wrong: Data masking replaces sensitive values with fictitious substitutes, useful during development or testing. For actual production data at rest in AI systems handling real financial records, encryption provides stronger and more comprehensive confidentiality.

Basic Concept: In AI governance, each role holds distinct responsibilities. Understanding these roles is core to CompTIA SecAI+ Domain 4 (AI Governance, Risk, and Compliance). Why D is Correct: The Data Scientist is responsible for translating business use cases into working AI/ML models. They analyze business requirements, identify the appropriate machine learning approach, and develop models that fulfill specific business objectives. According to the CompTIA SecAI+ Study Guide, data scientists bridge raw data and actionable AI solutions by building and validating models derived from business-driven needs. Why A is Wrong: A Platform Architect designs and manages the infrastructure and technical platforms hosting AIsystems. Their focusis architectural design of the environment, not model development from business use cases. Why B is Wrong: An AI Risk Analyst identifies, evaluates, and mitigates risks associated with AI adoption. Their role is governance and risk-oriented, not model creation. Why C is Wrong: An MLOps Engineer operationalizes, deploys, monitors, and maintains AI models in production. They take models already built by data scientists and ensure reliable operation at scale, not develop them from business use cases.