CY0-001 Practice Questions

Basic Concept: LLM-based chatbots accepting user-uploaded files face two critical risk categories: malicious input injection and resource or cost abuse. CompTIA SecAI+ Study Guide highlights prompt security controls and resource management as key defensive layers for public-facing LLM applications.

Why A is Correct: Prompt guardrails intercept and filter user inputs and model outputs, blocking malicious prompts, prompt injection attempts, and harmful file content before affecting model behavior. Since users can upload files, guardrails are essential for sanitizing and validating that content before processing.

Why D is Correct: Model token quotas directly limit how much of the LLM ' s processing capacity a user can consume. This prevents abuse beyond the SLA, including denial-of-wallet attacks or resource exhaustion through excessively large inputs or repeated requests.

Why B is Wrong: Role-based access controls manage who can access what resources. While useful for internal systems, they do not address malicious input content or enforce LLM resource consumption limits for a public-facing chatbot.

Why C is Wrong: Firewall rules operate at the network layer and can block unauthorized IPs or ports but cannot inspect or filter the semantic content of prompts or control token-level LLM usage.

Basic Concept: This is a Performance-Based Question (PBQ) — a simulation item requiring interactive drag-and-drop assignment of threat categories to appropriate frameworks in the actual exam. It tests knowledge of how different AI threat frameworks categorize and address specific threat types for agentic systems.

Key Concept — Framework-to-Threat Mapping: MITRE ATLAS covers ML-specific adversarial tactics such as model evasion, data poisoning, model extraction, and prompt injection for agentic systems. OWASP LLM Top 10 addresses application-level LLM vulnerabilities such as insecure output handling, excessive agency, and supply chain risks. NIST AI RMF addresses governance-level risks across the AI lifecycle. STRIDE addresses architectural threats including spoofing, tampering, repudiation, information disclosure, DoS, and elevation of privilege.

Why This Matters: Agentic AI systems have a unique threat landscape combining traditional software vulnerabilities with AI-specific attacks. Correctly mapping threat categories to frameworks is essential for comprehensive threat modeling of systems that autonomously execute multi-step tasks with tool access and real-world consequences.