Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA CY0-001 Exam - Topic 2 Question 4 Discussion

Actual exam question for CompTIA's CY0-001 exam
Question #: 4
Topic #: 2
[All CY0-001 Questions]

A security analyst is preparing a presentation for the sales team that describes the most common vulnerabilities that are specific to AI applications.

Which of the following is the best source for the analyst to consult?

Show Suggested Answer Hide Answer
Suggested Answer: C

Basic Concept: Identifying AI-specific application vulnerabilities requires consulting a resource that has cataloged and documented the unique vulnerability types that affect AI systems, particularly LLMs. Different security standards serve different purposes, and selecting the right reference for AI application vulnerabilities is essential. CompTIA SecAI+ Study Guide references OWASP for AI application vulnerability guidance.

Why C is Correct: OWASP maintains the OWASP Top 10 for Large Language Model Applications, which specifically catalogs the most critical and common vulnerabilities in AI applications including prompt injection, sensitive information disclosure, excessive agency, insecure output handling, and training data poisoning. This AI-specific vulnerability list is the most directly relevant and accessible resource for a presentation on AI application vulnerabilities.

Why A is Wrong: ISO 27001 is a general information security management system standard covering broad organizational security controls. It does not specifically catalog AI application vulnerabilities or LLM-specific weakness categories.

Why B is Wrong: CWE catalogues software weakness types at a code and design level for traditional software. While some weaknesses apply to AI systems, CWE does not have a dedicated AI application vulnerability taxonomy comparable to the OWASP LLM Top 10.

Why D is Wrong: NIST RMF is a risk management framework providing guidance for managing and reducing information security risk. It is a process framework, not a vulnerability catalog, and does not list specific AI application vulnerability types suitable for a vulnerabilities presentation.


by Isabella at May 31, 2026, 11:04 AM

Limited Time Offer

25%

Off

Get Premium CY0-001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel

Currently there are no comments in this discussion, be the first to comment!


Save Cancel