Securing AI Systems for CompTIA SecAI+

Sample Practice Questions

1. Question 1

   An administrator, who works for a financial institution, is required to implement data security controls for data at rest within AI systems that involve data disclosure. Which of the following is the most suitable control?
   1. A. Data lineage
   2. B. Rate limits
   3. C. Encryption
   4. D. Masking
   Explanation

   The correct answer is: C. Encryption.

   Encryption is the most suitable control for protecting data at rest in an AI system, particularly in a financial-institution context where regulatory regimes and the NIST AI RMF expect strong cryptographic protection of stored training data, embeddings, fine-tuning corpora, and model artifacts. Industry-standard AES-256 applied at the storage, database, or volume layer ensures that even if a disk, snapshot, or backup is exfiltrated, the contents remain unintelligible without the keys, which directly mitigates disclosure. Data lineage tracks the provenance and transformations of data and is essential for governance but does not by itself protect the bytes on disk. Rate limits address consumption and abuse on the API surface, not stored confidentiality. Masking is appropriate for displaying redacted values to users or non-privileged systems and is a complement, not a replacement, for at-rest encryption of the underlying records. Encryption is the load-bearing control here.

2. Question 2

   A security engineer needs to monitor an AI-based system for runtime operations. The engineer is mostly concerned about the visibility of internal activity. Which of the following is the most appropriate monitoring solution?
   1. A. Deploying a security information and event management (SIEM) tool
   2. B. Implementing a web application firewall (WAF) with header logging
   3. C. Relying on vendor model controls and monitoring prompt inputs
   4. D. Enabling stack call and debugging level traces at the function level
   Explanation

   The correct answer is: D. Enabling stack call and debugging level traces at the function level.

   Enabling stack call and debugging-level traces at the function level is the strongest fit because the engineer explicitly wants visibility into internal activity of the AI system at runtime, which requires instrumentation deep inside the application code path where prompts, tool calls, and model responses are processed. Function-level tracing exposes the internal control flow and is consistent with NIST AI RMF Measure guidance to maintain detailed telemetry for AI components. A SIEM collects and correlates external logs but, without that internal instrumentation, it sees only what is shipped to it and would not by itself reveal internal model behavior. A WAF with header logging only sees HTTP request and response metadata at the perimeter, missing prompt content and tool invocations inside the agent. Relying on vendor model controls and monitoring prompt inputs is partial coverage at best and treats the model as a black box, which is the opposite of internal visibility.

3. Question 3

   An airline corporation wants to implement a chatbot application using a large language model (LLM) so its customers: Can ask question and receive answers about flight details. Have the option to upload files. Which of the following security controls should the airline use to protect against malicious input and unauthorized use beyond the service-level agreement? (Choose two.)
   1. A. Prompt guardrails
   2. B. Role-based access controls
   3. C. Firewall rules
   4. D. Model token quotas
   Explanation

   The correct answers are: A. Prompt guardrails, D. Model token quotas.

   A customer-facing LLM chatbot that accepts free-form questions and file uploads faces two distinct threat classes that map to two distinct controls. Prompt guardrails filter incoming and outgoing content against policies, blocking jailbreak attempts, prompt injection, off-topic queries, and toxic or sensitive outputs, which directly addresses the malicious-input concern under OWASP LLM Top 10 entries for prompt injection and sensitive information disclosure. Model token quotas cap per-user or per-session input and output tokens so that no single customer can exhaust the model's context budget or drive a denial-of-wallet scenario by repeatedly issuing large or recursive prompts, enforcing the SLA boundary economically. Role-based access controls govern who can reach the chatbot but do not inspect prompt content, so they neither stop malicious payloads nor cap consumption per session. Firewall rules operate at network layers 3 and 4 and cannot evaluate natural-language semantics or token usage, so they are blind to prompt-level abuse. The pairing of guardrails plus quotas is the standard layered design recommended in the NIST AI RMF Manage function.

4. Question 4

   An organization recently created a custom model that integrates with a language model (LLM). The developer notices that the application programming interface (API) costs have increased. Which of the following is the best control to reduce cost?
   1. A. Implementing prompt templates
   2. B. Increasing central processing unit (CPU) and memory
   3. C. Reducing the model size
   4. D. Adjusting token limits
   Explanation

   The correct answer is: D. Adjusting token limits.

   Adjusting token limits is the best cost control because LLM API pricing is overwhelmingly driven by the number of input and output tokens, and capping maximum response length, or trimming context windows, directly bounds what the provider can bill, which is precisely the defense recommended for OWASP LLM10 Unbounded Consumption. Prompt templates can improve consistency and may indirectly reduce token spend by tightening prompts, but they do not enforce a hard limit and a template can still produce a very long response. Increasing CPU and memory affects self-hosted compute or local inference performance and has no relationship to external API billing. Reducing the model size applies when the model is self-hosted and is a different deployment decision; for a custom integration that calls an LLM API the model size is already fixed by the provider, so token limits remain the direct cost lever.

5. Question 5

   Which of the following requires developers to harden infrastructure to protect AI systems?
   1. A. Intake processes
   2. B. Acceptable use policies
   3. C. Development guidelines
   4. D. Configuration standards
   Explanation

   The correct answer is: D. Configuration standards.

   Configuration standards are the artifact that obligates developers and operators to harden the underlying infrastructure that hosts an AI system, specifying baseline operating-system settings, container images, network segmentation, secrets management, logging, and patch levels that must be applied before deployment. Because they are prescriptive and auditable, configuration standards translate hardening expectations into concrete, verifiable requirements consistent with NIST SP 800-218 secure software development practices and the MDLC. Intake processes govern how new projects or models enter the pipeline and define risk reviews, not the technical hardening itself. Acceptable use policies tell users what they may and may not do with a system and do not prescribe infrastructure hardening to developers. Development guidelines describe coding practices and patterns at a higher level and are less specific than configuration standards. The hardening mandate lives in the configuration baseline.

Other CompTIA SecAI+ domains

• AI-Assisted Security (13 questions)
• AI Governance, Risk & Compliance (12 questions)
• Basic AI Concepts Related to Cybersecurity (13 questions)