CY0-001 Exam Questions

An organization is concerned with the exposure of sensitive data. Which of the following is the most relevant security concern?

Faculty members at a university are concerned about potential inherent bias and inconsistency in one department's AI plagiarism detection service. Which of the following principles...

A security administrator must provide access controls for AI systems to list tables. Which of the following should the administrator implement?

A machine learning (ML) engineer is working with a security engineer to identify the best practices for securing a system with various AI models. Which of the following actions sho...

Which of the following is an example of how a security analyst uses generative AI in the triage process?

A company develops an AI model to diagnose patients. Hospitals access the model through an integrated application programming interface (API). The security team performs a denial-o...

A security team is using an AI-based tool to try to bypass organizational boundaries. The team uses AI to look at the current state and suggest different attack vectors based on th...

Which of the following attacks would be the best to automate with AI during dynamic application software testing (DAST)?

A disgruntled employee changed the company policies that a chatbot references in order to create confusion and disrupt the business. Which of the following AI-generated vulnerabili...

A security consultant must summarize the impact of posture management on a machine learning (ML) use case. Which of the following is the most appropriate reference for this purpose...

A cybersecurity analyst must use pattern recognition on a data set containing unstructured data. Which of the following models is the best for this task?

An employee wants a consulting company to procure a data set that contains age, ethnicity, and diabetes status. During development, the employer wants to ensure the integrity of th...

Which of the following strengthens the performance of a large language model (LLM) for malicious reconnaissance?

A social media company with more than a million lines of code wants to reduce the mean time to fix bugs and issues. Which of the following is the most balanced AI strategy to autom...

Which of the following would most likely be used to prove that an image is AI generated?

Which of the following controls is the best way to mitigate a denial-of-service (DoS) attack?

A group of security engineers is developing a security incident and event management (SIEM) system that will: - Be able to ingest data from multiple structured and unstructured sou...

A company uses human review for software development validation and wants to add another validation layer. Which of the following should a security administrator use to accomplish...

A team of data scientists is ready to release a model for enterprise use. The team wants to protect the model from unintentional changes or tampering. Which of the following is the...

An architect is creating a threat model for an agentic system. Which of the following should the architect do first?

A security analyst is aware of an active penetration test in the environment. The analyst examines security information and event management (SIEM) log data and notices the followi...

A recently deployed AI system becomes persistently unavailable. A restart temporarily fixes the issue, but the issue happens again. Upon examination of application programming inte...

A security analyst receives an alert about an AI system and is investigating the following output: Which of the following is the most appropriate control the analyst should recomme...

An organization develops a chatbot with the following requirements: - Does not provide harmful or explicit responses - Must use clean and professional language - Ensures that respo...

An AI security administrator notices that the information referenced by the model is incorrectly formatted and missing values. Which of the following job roles would most likely be...

Which of the following describe the practice of providing examples in a prompt? (Choose two.)

A user interface engineer adds new graphics to the latest release of an AI-integrated application. During the update, the engineer accidentally causes the model to retain on unveri...

A short AI-generated video shows a celebrity's likeness talking about a fake public security event. Which of the following was used to create this video?

An AI security team must assess the probability of an attack on its new system and the impact associated with such an attack. Which of the following threat-modeling resources best...

A SOC analyst notices a sudden spike in outbound traffic from a server. The traffic is being sent continuously to an unknown external IP address. Which of the following BEST descri...

A company discovers that attackers exploited an unpatched vulnerability in a web server. Which control BEST prevents this?

Which of the following are considered threat intelligence sources? (Choose two.)

A malware sample alters itself slightly each time it runs to evade signature detection. What technique is this?

An analyst finds failed login attempts across multiple systems using different usernames but from the same IP. Which attack is MOST likely?

Which of the following job roles in an organizational governance structure develops a model from business use cases?

An administrator, who works for a financial institution, is required to implement data security controls for data at rest within AI systems that involve data disclosure. Which of t...

A security engineer needs to monitor an AI-based system for runtime operations. The engineer is mostly concerned about the visibility of internal activity. Which of the following i...

Which of the following should an auditor reference when reviewing a company's human resources AI systems for legal non-compliance?

An airline corporation wants to implement a chatbot application using a large language model (LLM) so its customers: - Can ask question and receive answers about flight details. -...

A security operations center (SOC) has a very high volume of logs and alerts. The manager proposes the implementation of machine learning (ML) system to help with triage. Which of...

An organization recently created a custom model that integrates with a language model (LLM). The developer notices that the application programming interface (API) costs have incre...

A security administrator needs to improve an AI model. During an initial investigation, the administrator notices that two successive login features are recorded every day, and the...

Which of the following is the most concerning risk for a company that allows corporate end users to use public-facing large language models (LLMs)?

Which of the following requires developers to harden infrastructure to protect AI systems?

Which of the following is the best example of an AI model that is trained to identify multiple points from input using a neural network to provide output for authentication?

A vulnerability scan produces many false positives. What does this indicate?

Which are indicators of lateral movement? (Choose two.)

A company wants to reduce IDS false positives. What tuning should occur FIRST?

A phishing attachment appears harmless during static analysis but behaves maliciously when executed. Which technique would detect this?

Which of the following technologies is used in deepfake?