Basic AI Concepts Related to Cybersecurity for CompTIA SecAI+

This page covers the Basic AI Concepts Related to Cybersecurity domain of the CompTIA SecAI+ certification. Master Cybersecurity offers 13 practice questions in this domain, drawn from the same content we use across our timed exam simulations. Below are five sample questions with full answer explanations.

Sample Practice Questions

  1. Question 1

    Which of the following job roles in an organizational governance structure develops a model from business use cases?
    1. A. Platform architect
    2. B. AI risk analyst
    3. C. Machine learning operations (MLOps) engineer
    4. D. Data scientist
    Explanation

    The correct answer is: D. Data scientist.

    The data scientist is the role that translates business problems into formal machine learning tasks, selects an appropriate algorithm, engineers features, trains candidate models, and validates them against business success criteria. This person owns the experimentation phase where a use case becomes a working model. A platform architect designs the underlying compute, storage, and networking foundation that hosts AI workloads but does not author the model logic itself. An AI risk analyst evaluates ethical, regulatory, bias, and safety exposures of AI systems and reports on residual risk; that role consumes models rather than building them. An MLOps engineer takes a trained model and operationalizes it through CI and CD pipelines, monitoring, versioning, and rollback automation, so they live downstream of model development. Mapping a raw business use case into a trained artifact is squarely the data scientist's seat in the governance structure.

  2. Question 2

    Which of the following is the best example of an AI model that is trained to identify multiple points from input using a neural network to provide output for authentication?
    1. A. Facial recognition
    2. B. Encryption key
    3. C. Open Authorization (OAuth)
    4. D. Bounding box
    Explanation

    The correct answer is: A. Facial recognition.

    Facial recognition is the textbook example of an AI authentication system that samples many spatial points from an input image and feeds them through a neural network, typically a convolutional architecture, to produce an embedding vector that is then matched against an enrolled template. The model is trained on huge labelled face corpora so it can extract landmark points such as eye corners, nose bridge, and jaw geometry, and the comparison output drives an accept or reject decision for the user. An encryption key is a cryptographic secret used to transform data, not a trained model, and it does not learn anything from input features. Open Authorization is a token-based delegated authorization protocol used to grant third-party applications scoped access to resources; it carries no machine learning component and does not analyze biometric input. A bounding box is simply a rectangular region produced by an object detector to localize where something appears in an image; it labels a region of interest but is not itself a complete authentication model.

  3. Question 3

    An AI architect reviews AI utilization and wants to improve the user experience. Which of the following should the architect review within the logs?
    1. A. Rate monitoring
    2. B. Model accuracy
    3. C. Access controls
    4. D. Data storage
    Explanation

    The correct answer is: B. Model accuracy.

    Model accuracy is the metric that most directly tracks whether users are getting useful, correct answers from the system, so reviewing accuracy in the logs tells the AI architect whether the user experience is improving or degrading over time. Drops in accuracy correlate with hallucinations, irrelevant completions, and broken workflows, which are the symptoms users actually feel. Rate monitoring counts requests or tokens per interval and helps with capacity planning and abuse detection, but a fully throttled and rate-limited service can still produce a terrible user experience. Access controls govern which identities can call which endpoints and enforce least privilege; they are security and governance signals rather than quality signals. Data storage metrics describe where artifacts live and how they are retained, which matters for compliance and cost but does not surface whether the output quality is acceptable. Only accuracy maps cleanly onto perceived user satisfaction.

  4. Question 4

    A human resources officer is using AI to evaluate resumes and help select candidates that meet minimum criteria. To improve the results, the human resources officer adjusts the query parameters and includes an example resume that matches a successful candidate. Which if the following best describes this query?
    1. A. Distillation
    2. B. Prompt template
    3. C. One-shot prompting
    4. D. System role
    Explanation

    The correct answer is: C. One-shot prompting.

    Embedding exactly one worked example of a successful resume inside the prompt is the definition of one-shot prompting, where a single demonstration teaches the model the desired input-output mapping at inference time without any weight updates. The model uses that lone exemplar to generalize its scoring of subsequent resumes. Distillation is a model-compression technique in which a smaller student model is trained to mimic the outputs of a larger teacher model and has nothing to do with adding examples to a query. A prompt template is a reusable scaffold with placeholders that gets filled in at request time; the HR officer is not parameterizing a reusable structure, they are giving a single concrete example. A system role sets durable persona and policy instructions for the whole conversation rather than supplying a one-off exemplar. Because there is one example and one example only, one-shot is the precise label.

  5. Question 5

    Which of the following technologies is used in deepfake?
    1. A. Generative adversarial network (GAN)
    2. B. Multi-shot prompting
    3. C. Prompt engineering
    4. D. Transfer learning
    Explanation

    The correct answer is: A. Generative adversarial network (GAN).

    A generative adversarial network is the foundational technology behind deepfakes because it pits a generator network that synthesizes fake media against a discriminator network that tries to tell real from fake, and the adversarial training loop drives the generator to produce increasingly convincing forgeries of faces, voices, and video. The discriminator's feedback is precisely what makes the output indistinguishable from genuine content to most viewers. Multi-shot prompting is an inference-time technique for instructing a language model with several worked examples and has nothing to do with synthesizing media. Prompt engineering is the broader discipline of crafting effective inputs for generative models, which can shape outputs but is not the underlying generative architecture. Transfer learning reuses weights from a model trained on one task as a starting point for a related task; it can accelerate deepfake training but it is a methodology, not the synthesis technology that actually fabricates the imagery.

Other CompTIA SecAI+ domains

Practice all 13 Basic AI Concepts Related to Cybersecurity questions · Browse CompTIA SecAI+