CompTIA SecAI+ Study Guide : Exam CY0-001.

Format:

Book

Author/Creator:

Chapple, Mike.

Series:

Sybex Study Guide Series

Language:

English

Physical Description:

1 online resource (303 pages)

Edition:

1st ed.

Place of Publication:

Newark : John Wiley & Sons, Incorporated, 2026.

Summary:

Master every exam objective and AI cybersecurity concept for the CompTIA SecAI+ CY0-001 exam, complete with an online test bank, hundreds of practice questions, and digital flashcards In CompTIA SecAI+ Study Guide: Exam CY0-001 , veteran cybersecurity and AI professionals Mike Chapple and Fred Nwanganga deliver easy-to-follow coverage.

Contents:

Cover

Half Title Page

Title Page

Copyright

Acknowledgments

About the Authors

About the Technical Editor

Contents at a Glance

Contents

Introduction

Assessment Test

Answers to Assessment Test

Chapter 1: AI in Cybersecurity

AI Fundamentals

Artificial Intelligence

Machine Learning

Statistical Learning

Deep Learning

Natural Language Processing

Large Language Models

Small Language Models

Choosing the Right Language Model

Generative AI

Data Augmentation and Simulation (Defensive Use)

Malicious Content Generation (Offensive Use)

Model Training Techniques

Supervised Learning

Unsupervised Learning

Reinforcement Learning

Federated Learning

Model Validation

Fine-Tuning

Prompt Engineering

Prompt Roles

System Role (System Prompt)

User Role (User Prompt)

Assistant Role

Prompt Strategies

Zero-Shot Prompting

One-Shot Prompting

Few-Shot Prompting

Summary

Exam Essentials

Review Questions

Chapter 2: Security and the AI Life Cycle

Data Security in AI

Data Types in AI Systems

Structured Data

Unstructured Data

Semi-Structured Data

Ensuring Data Quality and Integrity

Data Cleansing

Data Verification

Data Integrity

Data Lineage and Provenance

Data Augmentation

Data Balancing

Retrieval-Augmented Generation

Securing the Knowledge Store

Integrity of Retrieved Data

Privacy Considerations

Security Throughout the AI Life Cycle

Planning and Business Alignment

Data Collection

Trustworthiness of Sources

Authenticity and Integrity Checks

Consent and Legality

Data Minimization

Diversity of Data

Data Preparation

Controlled Environment

Versioning and Lineage

Data Sanitization

Model Selection and Development

Model Evaluation and Validation.

Model Deployment and Integration

Secure Infrastructure

Authentication and Authorization

Model Protection

Secure Integration

Audit Logging

Monitoring and Maintenance

Performance Monitoring

Error and Incident Monitoring

Security Patching

Model Retraining and Tuning

Feedback and Iteration

Human-Centric AI Design Principles: The Role of People

Human-in-the-Loop

Human Oversight

Human Validation

Chapter 3: AI Threats and Attacks

AI Attacks

Prompt Injection

Data Poisoning

Model Poisoning

Backdoor and Trojan Attacks

Circumventing AI Guardrails

Jailbreaking

Hallucinations

Input Manipulation

Introducing Biases

Manipulating Application Integrations

Model Inversion

Model Theft

AI Supply Chain Attacks

Transfer Learning Attacks

Model Skewing

Output Integrity Attacks

Membership Inference

Insecure Output Handling

Model Denial of Service

Sensitive Information Disclosure

Insecure Plug-in Design

Excessive Agency

Overreliance

Compensating Controls

Prompt Firewalls

Model Guardrails

Access Controls

Data Integrity Controls

Encryption

Prompt Templates

Rate Limiting

Threat Modeling

OWASP Models

OWASP Large Language Models (LLM) Top Ten

OWASP Machine Learning Security Top Ten

MIT AI Risk Repository

MITRE ATLAS

CVE AI Working Group

Chapter 4: AI Security Controls

Security Controls for AI Models and Applications

Model-Level Controls

Model Evaluation and Risk Assessment

Gateway and Interface Controls

Limits and Quotas

Endpoint and Network Access Controls

Testing and Validation of Security Controls

Jailbreak Testing

Output Validation

Log Monitoring.

User Feedback

Access Controls for AI Systems

Controlling Model Access

Require Authentication

Enforce Role-Based Access

Protect Model Artifacts

Manage Usage Limits

Controlling Data Access

Training Data

Inference and Output Data

Underlying Data Sources

Controlling Agent and Tool Access

Rate Limiting and Monitoring

Principle of Least Privilege

Review and Approval Mechanisms

Controlling API and Network Access

Data Security Controls for AI Systems

Data Encryption

Encryption at Rest

Encryption in Transit

Encryption in Use

Data Safety and Privacy Techniques

Data Anonymization and Pseudonymization

Data Classification and Labeling

Data Redaction

Data Masking

Chapter 5: AI Monitoring and Auditing

Monitoring AI System Activity

Monitoring Prompts and Responses

Log Monitoring

Log Sanitization

Log Protection and Retention

Limit Log Access

Monitor Log Access

Protect Log Integrity

Establish Log Retention Policies

Monitoring Model Confidence Levels

Rate Monitoring

Monitoring AI Usage Costs

Prompt and Response Costs (Token Usage)

Compute and Storage Costs

Third-Party API Costs

Overall Budget and Alerts

Auditing AI Systems for Quality and Compliance

Auditing for AI Hallucinations

Citation Requirements

Automated Detection Tools

Auditing for Accuracy

Establish a Metric for Accuracy

Evaluate Against Current Data

Validate Facts and Sources

Ensure Consistency and Completeness

Incorporate User Feedback

Auditing for Bias and Fairness

Establish Clear Criteria

Test Across Subgroups

Test Across Modalities

Implement Proactive Fairness Measures

Engage Diverse Perspectives.

Document Findings and Mitigations

Schedule Regular Audits

Auditing Access and Security Compliance

Establish Clear Access Standards and Governance

Audit Access Controls

Maintain and Review Audit Trails

Verify Compliance with Regulations

Evaluate Data Protection Measures

Monitor Third-Party Access

Establish an Audit Schedule

Chapter 6: AI-Enhanced Attacks

AI-Generated Content (Deepfake)

Impersonation

Misinformation

Disinformation

Adversarial Networks

Reconnaissance

Social Engineering

Obfuscation

Automated Data Correlation

Automated Attack Generation

Attack Vector Discovery

Payloads

Malware

Honeypot

Honeypot Detection

Malicious Honeypots

Honeypot Data Analysis

Distributed Denial of Service

Chapter 7: Enabling Security With AI

AI-Enabled Security Tools

Integrated Development Environment Plug-ins

Browser Plug-ins

Command-Line Interface Plug-ins

Chatbots and Personal Assistants

MCP Servers

Use Cases

Signature Matching

Code Quality and Linting

Vulnerability Analysis

Automated Penetration Testing

Anomaly Detection

Pattern Recognition

Incident Management

Fraud Detection

Translation

Summarization

AI-Enabled Automation

Scripting Tools

Document Synthesis and Summarization

Incident Response Ticket Management

Change Management

AI Agents

AI in the CI/CD Pipeline

Code Scanning

Software Composition Analysis

Unit Testing

Regression Testing

Model Testing

Automated Deployment/Rollback

Chapter 8: AI Governance, Risk, and Compliance

Governing AI

Organizing for AI

AI Policies and Procedures

AI-Related Roles.

Data and Modeling Roles

Architecture and Platform Roles

Security, Risk, and Assurance Roles

Responsible AI

Fairness

Reliability and Safety

Transparency

Privacy and Security

Differential Privacy

Explainability

Inclusiveness

Accountability

Consistency

Awareness Training

Risks

Introduction of Bias

Accidental Data Leakage

Reputational Loss

Accuracy and Performance of the Model

IP-Related Risks

Autonomous Systems

Shadow IT and Shadow AI

Compliance

EU AI Act

OECD Standards

ISO Standards

NIST AI Risk Management Framework

Corporate Policies

Sanctioned vs. Unsanctioned Tools

Private vs. Public Models

Sensitive Data Governance

Third-Party Compliance Evaluations

Data Sovereignty

Appendix: Answers to the Review Questions

Index

EULA.

Notes:

Description based on publisher supplied metadata and other sources.

ISBN:

1-394-40645-2

1-394-36808-9

9781394368082

OCLC:

1581801821