A customer-facing, AI-powered chatbot has been jailbroken through prompt injections. As a result, the AI model is offering a 99% discount on the purchase of a new vehicle.
Which of the following should be implemented to enhance the model's robustness against such attacks?
Basic Concept: Jailbreaking through prompt injection exploits the LLM's tendency to follow instructions embedded in user input, overriding its intended behavior. The model was manipulated to offer unauthorized discounts, demonstrating that its operational boundaries were not properly enforced. CompTIA SecAI+ Study Guide identifies guardrails as the primary defense against jailbreaking attacks.
Why D is Correct: Guardrails are robust, layered controls that enforce behavioral boundaries on LLM inputs and outputs. They can detect and block jailbreaking attempts, enforce business logic constraints such as preventing unauthorized discounts, validate outputs against policy rules before delivery, and prevent the model from operating outside its defined scope. Guardrails are specifically designed to make models more robust against prompt injection and jailbreaking.
Why A is Wrong: Bias filtering is designed to detect and remove biased, discriminatory, or offensive content from model outputs. It addresses content fairness issues but does not prevent jailbreaking attacks that manipulate the model into performing unauthorized actions.
Why B is Wrong: A system prompt sets the model's base instructions and persona, but the jailbreak attack already demonstrates that the current prompt can be overridden. Guardrails provide enforcement at a layer that is more resistant to prompt manipulation than the system prompt alone.
Why C is Wrong: Log monitoring detects jailbreaking attempts after they have already succeeded. It is a detective control that enables incident response but does not prevent the model from offering unauthorized discounts in the first place.
An internal user enters a client credit card number into an internal generative machine learning (ML) model:
#User prompt: Customer Jane Doe has a new credit card that she wants to add to her account. The number is 5555-5555-5555-5555
Which of the following is the most effective way to prevent prompt injection attacks against a large language model (LLM)?
Basic Concept: Prompt injection occurs when malicious content embedded in user input manipulates an LLM's behavior, causing it to leak sensitive data, bypass restrictions, or execute unintended actions. Preventing such attacks requires mechanisms that inspect and filter content at the prompt level. CompTIA SecAI+ covers LLM-specific security controls extensively.
Why A is Correct: Guardrails are purpose-built controls that inspect, filter, and constrain both input prompts and output responses in LLM systems. They can detect sensitive data patterns such as credit card numbers, block prompt injection payloads, enforce content policies, and prevent the model from processing or outputting restricted information. Guardrails are the primary LLM-native defense against prompt injection as cited in the CompTIA SecAI+ Study Guide.
Why B is Wrong: Antivirus software detects known malware signatures in files and executables. It does not inspect or understand the semantic content of LLM prompts and cannot detect or block prompt injection attacks.
Why C is Wrong: A WAF operates at the HTTP layer inspecting web requests and responses against rule sets. While it can block some patterns, it lacks the contextual intelligence to understand LLM prompt semantics and cannot prevent sophisticated injection attacks.
Why D is Wrong: Role-based access control manages who can access which resources. It controls authorization but does not inspect the content of prompts to prevent injection attacks once a user has legitimate access.
A short AI-generated video shows a celebrity's likeness talking about a fake public security event.
Which of the following was used to create this video?
Basic Concept: Creating realistic deepfake videos that convincingly replicate a real person's facial expressions, movements, and voice requires deep learning models capable of learning and synthesizing complex spatial and temporal features from existing video data. CompTIA SecAI+ covers deepfake technologies under basic AI concepts.
Why B is Correct: Convolutional Neural Networks are foundational to deepfake video generation. CNNs excel at learning spatial features from visual data and are used within deepfake architectures to analyze source and target faces, extract facial features, and synthesize realistic face swaps or face animations. Modern deepfake systems typically combine CNNs with autoencoders and GANs to generate convincing video content showing a person saying or doing things they never did.
Why A is Wrong: Statistical analysis involves mathematical methods for analyzing data distributions and relationships. It does not have the capability to generate synthetic video content or replicate a person's visual likeness in motion.
Why C is Wrong: An ML classifier assigns input data to predefined categories. Classification models detect and label content rather than generating new synthetic video content of a person's likeness. They are detection tools, not generation tools.
Why D is Wrong: Random forest is an ensemble ML method using multiple decision trees for classification and regression tasks. It works on structured, tabular data and cannot process or generate visual, spatial data needed for realistic deepfake video synthesis.
Which of the following International Organization for Standardization (ISO) standards should be selected for certification to use for third-party assurance for responsible AI practices?
Basic Concept: ISO develops international standards for management systems across various domains. For organizations seeking third-party certification demonstrating commitment to responsible AI governance practices, the appropriate ISO standard must specifically address AI management systems. CompTIA SecAI+ Exam Objectives cover ISO standards relevant to AI governance under Domain 4.
Why D is Correct: ISO 42001 is the International Standard for Artificial Intelligence Management Systems (AIMS). It provides a framework for establishing, implementing, maintaining, and continually improving an AI management system within organizations. ISO 42001 certification provides third-party assurance specifically for responsible AI practices including risk management, transparency, human oversight, and ethical AI governance --- directly answering the question.
Why A is Wrong: ISO 20000 is the standard for IT Service Management (ITSM). It provides requirements for establishing and maintaining a service management system for IT services. It does not address AI governance or responsible AI practices.
Why B is Wrong: ISO 27001 is the standard for Information Security Management Systems (ISMS). It addresses general information security risk management, not AI-specific governance or responsible AI practices such as fairness, transparency, and AI lifecycle management.
Why C is Wrong: ISO 27701 extends ISO 27001 to address Privacy Information Management (PIMS), covering personal data protection requirements aligned with GDPR. While relevant to data privacy in AI systems, it does not specifically certify responsible AI governance practices.
A security analyst is preparing a presentation for the sales team that describes the most common vulnerabilities that are specific to AI applications.
Which of the following is the best source for the analyst to consult?
Basic Concept: Identifying AI-specific application vulnerabilities requires consulting a resource that has cataloged and documented the unique vulnerability types that affect AI systems, particularly LLMs. Different security standards serve different purposes, and selecting the right reference for AI application vulnerabilities is essential. CompTIA SecAI+ Study Guide references OWASP for AI application vulnerability guidance.
Why C is Correct: OWASP maintains the OWASP Top 10 for Large Language Model Applications, which specifically catalogs the most critical and common vulnerabilities in AI applications including prompt injection, sensitive information disclosure, excessive agency, insecure output handling, and training data poisoning. This AI-specific vulnerability list is the most directly relevant and accessible resource for a presentation on AI application vulnerabilities.
Why A is Wrong: ISO 27001 is a general information security management system standard covering broad organizational security controls. It does not specifically catalog AI application vulnerabilities or LLM-specific weakness categories.
Why B is Wrong: CWE catalogues software weakness types at a code and design level for traditional software. While some weaknesses apply to AI systems, CWE does not have a dedicated AI application vulnerability taxonomy comparable to the OWASP LLM Top 10.
Why D is Wrong: NIST RMF is a risk management framework providing guidance for managing and reducing information security risk. It is a process framework, not a vulnerability catalog, and does not list specific AI application vulnerability types suitable for a vulnerabilities presentation.
Rupali Saxena
10 days agoAmira Malik
23 days agoLaura Walker
1 month ago