Exactprep CY0-001 Questions

Basic Concept: Different ML learning paradigms handle different data situations. The availability of labeled versus unlabeled data determines which learning approach is appropriate. Building clustering models specifically requires learning from data without predefined category labels. CompTIA SecAI+ Study Guide covers ML learning paradigms under basic AI concepts.

Why C is Correct: Unsupervised learning works with unlabeled data by discovering inherent patterns, structures, and groupings within the data without predefined categories. Clustering is the canonical unsupervised learning task, where algorithms like k-means, hierarchical clustering, or DBSCAN group similar data points together based on feature similarity. Since the data scientist has unlabeled data and wants to find natural groupings, unsupervised learning is the appropriate and correct technique.

Why A is Wrong: Supervised learning requires labeled training data where each example has a corresponding correct output label. The data scientist explicitly has unlabeled data, making supervised learning inapplicable without first completing the labor-intensive task of manually labeling all examples.

Why B is Wrong: Reinforcement learning trains agents to take actions in an environment to maximize cumulative rewards through trial and error. It is designed for sequential decision-making problems, not for finding groupings in static, unlabeled datasets.

Why D is Wrong: Semi-supervised learning combines a small amount of labeled data with a large amount of unlabeled data. It requires at least some labels to guide learning. The scenario specifies working with unlabeled data only, making unsupervised learning the pure fit.

Basic Concept: Prompt engineers are responsible for designing and refining the prompts and instructions that guide an LLM ' s behavior. When user experience is declining after an LLM launch, this signals that the model ' s outputs are not meeting quality standards. CompTIA SecAI+ addresses prompt engineering quality management under securing and optimizing AI systems.

Why C is Correct: Quality control should be the highest priority when user experience is declining. Prompt engineers must systematically evaluate model responses against quality benchmarks, identify failure patterns causing poor user experience, and iteratively refine prompts to produce accurate, relevant, and appropriately formatted responses. Quality control encompasses testing, evaluation, and continuous improvement of prompt performance.

Why A is Wrong: Customer success management is a business function focused on customer relationship management and retention. While related to user experience outcomes, it is not a technical priority that prompt engineers can directly address through their core competency of prompt design and refinement.

Why B is Wrong: Sales life cycle management is a business process for managing customer acquisition and revenue. It is entirely outside the scope of prompt engineering activities and does not address declining LLM user experience.

Why D is Wrong: Business objectives define what the organization aims to achieve with the LLM deployment. These are set at the strategic level and inform the direction for prompt engineering. They are inputs to the quality control process rather than the priority action prompt engineers should take when experience is declining.

Basic Concept: Dynamic Application Security Testing (DAST) tests running applications by sending various inputs to discover vulnerabilities. AI can significantly enhance DAST by intelligently generating diverse, targeted test payloads that traditional tools might miss. CompTIA SecAI+ covers AI augmentation of security testing methodologies.

Why C is Correct: Payload creation is highly suitable for AI automation during DAST. AI can generate diverse, contextually appropriate attack payloads such as SQL injection strings, XSS vectors, command injection attempts, and format string exploits tailored to the specific application ' s behavior observed during testing. AI can learn from the application ' s responses to previous payloads and generate increasingly targeted inputs, discovering vulnerabilities more efficiently than static payload databases.

Why A is Wrong: DDoS attacks are volume-based attacks designed to overwhelm network or application infrastructure. Automating DDoS during DAST is inappropriate as it would disrupt service availability rather than discover application security vulnerabilities, and it is harmful to legitimate operations.

Why B is Wrong: Data poisoning is an attack targeting AI/ML model training data integrity. It is relevant to securing AI systems but is not a DAST technique for testing web or software application security vulnerabilities during dynamic testing.

Why D is Wrong: Threat modeling is a structured analysis process performed before development or testing to identify potential threats and design appropriate countermeasures. It is a planning activity, not an attack technique that can be automated during dynamic application security testing.

Basic Concept: Responsible AI is a governance framework addressing risks that arise from AI systems producing outcomes that are unfair, harmful, or contrary to human values. Different risk types fall under different governance domains — some under responsible AI, others under security or operational management. CompTIA SecAI+ Study Guide covers responsible AI risk categories under Domain 4.

Why C is Correct: Response bias occurs when an AI system ' s outputs are systematically skewed against certain groups, topics, or perspectives, reflecting biases embedded in training data or model design. This is a core risk addressed by responsible AI principles including fairness, non-discrimination, and explainability. Responsible AI frameworks mandate bias detection, assessment, and mitigation to ensure AI responses treat all users and groups equitably.

Why A is Wrong: Model drift describes the degradation of model performance over time as the distribution of real-world data diverges from the training data distribution. While an important operational concern, model drift is primarily a technical performance risk managed through MLOps and monitoring practices, not a core responsible AI governance concern.

Why B is Wrong: Reputational loss is a business risk consequence that may result from various AI failures including biased outputs or privacy violations. It is an outcome or impact rather than a specific risk category that responsible AI frameworks directly address.

Why D is Wrong: Data poisoning is a security attack where adversaries corrupt AI training data to manipulate model behavior. This is a cybersecurity threat managed through security controls and data integrity protections rather than responsible AI ethical governance frameworks focused on fairness and accountability.