Exam CY0-001 Topic 1 Question 108 Discussion
Actual exam question for CompTIA's CY0-001 exam
Question #: 108
Topic #: 1
Question #: 108
Topic #: 1
A security consultant must summarize the impact of posture management on a machine learning (ML) use case.
Which of the following is the most appropriate reference for this purpose?
Which of the following is the most appropriate reference for this purpose?
Suggested Answer: B Vote an answer
Basic Concept: Security posture management for AI systems involves assessing and improving the overall security state of AI deployments, including identifying risks, implementing controls, and maintaining ongoing compliance. Appropriate frameworks provide structure for this assessment. CompTIA SecAI+ Study Guide identifies NIST AI RMF as the primary framework for AI risk and posture management.
Why B is Correct: The NIST AI Risk Management Framework provides comprehensive, actionable guidance for managing and improving AI security and risk posture across the entire AI lifecycle. It includes the GOVERN, MAP, MEASURE, and MANAGE functions that directly address posture management activities including risk identification, assessment, and control implementation for ML use cases. Its technical depth and ML-specific guidance make it ideal for this summarization task.
Why A is Wrong: OECD standards provide high-level policy principles for AI governance at an international level. They lack the technical specificity and operational guidance needed to summarize posture management impact on a specific ML use case.
Why C is Wrong: The EU AI Act is a regulatory compliance framework establishing legal requirements for AI systems. While it addresses risk management, its focus is on legal compliance rather than technical posture management guidance for ML systems.
Why D is Wrong: A Generative Adversarial Network is an AI architecture for generating synthetic data, not a framework or standard. It has no relevance as a reference for AI security posture management.
Why B is Correct: The NIST AI Risk Management Framework provides comprehensive, actionable guidance for managing and improving AI security and risk posture across the entire AI lifecycle. It includes the GOVERN, MAP, MEASURE, and MANAGE functions that directly address posture management activities including risk identification, assessment, and control implementation for ML use cases. Its technical depth and ML-specific guidance make it ideal for this summarization task.
Why A is Wrong: OECD standards provide high-level policy principles for AI governance at an international level. They lack the technical specificity and operational guidance needed to summarize posture management impact on a specific ML use case.
Why C is Wrong: The EU AI Act is a regulatory compliance framework establishing legal requirements for AI systems. While it addresses risk management, its focus is on legal compliance rather than technical posture management guidance for ML systems.
Why D is Wrong: A Generative Adversarial Network is an AI architecture for generating synthetic data, not a framework or standard. It has no relevance as a reference for AI security posture management.
by Haley at Jun 28, 2026, 04:47 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).