Skip to content
CompTIA SecAI+ · CY0-001

SecAI+ Domain 2: Securing AI Systems

Domain 2.0 — Securing AI Systems · 40% of the exam

The biggest domain on CompTIA's SecAI+ exam, made to actually click — all 6 objectives (2.1–2.6) across threat modeling, security controls, access controls, data security, monitoring, and attack analysis. Follow security engineer Maya Chen as she secures a live customer-facing AI agent end to end, with hand-built diagrams, worked scenarios, and 90 exam-style questions.

6 modules · 36 topics 116-page PDF 90 practice questions
Read a free sample By the author of 60+ Pluralsight courses · 4.6/5 from 2,000+ ratings
Best value
$19.95/ month

All study guides — current and every new one.

or own the whole exam
$24.95one-time · all 4 domains$39.80
or just this guide
$9.95one-time · lifetime access
  • Interactive online guide
  • Downloadable PDF
  • Lifetime updates
  • 30-day money-back guarantee

Secure checkout via Stripe · no account needed · instant access

40% of your exam score

Domain 2.0 is worth 40% of the CY0-001 exam. Walk in having mastered it — not hoping it doesn't come up.

Every objective, nothing extra

Built line by line from CompTIA's official objectives 2.1–2.6 — 36 in-depth topics with worked scenarios and exam tips, in a 116-page guide you'll actually finish.

90 exam-style questions

Every question comes with instant feedback and a full explanation, so a wrong answer teaches you as much as a right one.

A brand-new certification

SecAI+ is CompTIA's newest exam, at the intersection of the two hottest skills in tech. The people who certify early are the ones who stand out.

Read a real excerpt — free

This is the actual opening of Module 2.1, AI threat-modeling resources — not marketing copy. If you like how it teaches, the rest of the guide reads the same way.

Objective 2.1

Given a scenario, use AI threat-modeling resources

An AI application can pass every functional test and still be dangerously insecure. This module builds the skill the exam actually tests: looking at an AI-enabled system, choosing the right threat-modeling resource for the question in front of you, and turning what you find into controls you can test. The names — OWASP, MITRE ATLAS, the MIT AI Risk Repository, CVE — matter less than knowing which one answers which question.

Throughout Domain 2 we follow Maya Chen, a security engineer at the fictional Northstar Financial. Her team is preparing to launch Nova, a public, customer-facing AI support assistant. Maya has six weeks to decide whether Nova is safe enough to go live. Her job is not to run a vulnerability scanner and submit a few malicious prompts — it is to understand what the system is, what it can access, what it can do, and how it could fail. Threat modeling gives her a structured, repeatable way to answer those questions before an incident forces the answer.

Exam focus

2.1 is scenario-based. Expect a short description of an AI system and a question like “which resource should the analyst consult?” The winning move is always matching the question type to the resource: category of risk → OWASP; adversary behavior → ATLAS; a specific product flaw → CVE; broad/societal harm → MIT AI Risk Repository.

Nova: defining the use case

Before any framework comes out, Maya writes down what Nova is allowed to do. Nova answers questions about account policies, fees, transactions, and common service issues. It uses retrieval-augmented generation (RAG): when a customer asks something, the system searches an internal knowledge source and places the most relevant documents into the model’s context before it answers. Critically, Nova can also read limited customer account information and initiate certain fee-reversal requests through an API. That last capability changes everything. Nova is no longer producing text — it can influence a financial process.

The project team believes Nova is secure because customers must authenticate and the foundation model comes from a reputable provider. Maya recognizes neither fact is enough. An authenticated customer can still submit malicious input, and a reputable model can still be dropped into an insecure application.

Tricks of the trade

Write the system’s allowed actions as explicit verbs: read account information, search internal documents, recommend a fee reversal, submit a fee-reversal request. Verbs expose authority far more clearly than vague descriptions like “assist customers.”

Expanding the system boundary

The first warning sign appears when someone tells Maya, “It’s only a chatbot.” To the customer, Nova is a chat window. Behind that window are an identity provider, a web application, an AI gateway, a model endpoint, an embedding service, a vector database, an internal knowledge repository, a customer database, a refund API, and several logging systems. Each component is its own attack surface. Each connection is a trust boundary where data, identity, or authority moves from one component to another.

Nova is not a chatbot — it is an AI-enabled business process
CustomerPublic web portal
AI gatewayAuth, filtering, quotas, logging
Model endpointHosted LLM (vendor)
Vector DBEmbeddings + retrieval
Knowledge baseInternal policy docs
Refund APIReal financial impact
A secure model does not compensate for an exposed API, weak retrieval permissions, poisoned documents, or unsafe output handling.
The guide continues for 116 pagesKeep reading — unlock the full guide

Try 3 sample questions

Pulled straight from the guide's 90-question bank — tap an answer for instant feedback and the explanation.

From module 2.1 · AI threat-modeling resources

  1. 1. An AI application passes all functional tests before launch. Why is that insufficient to conclude it is secure?

From module 2.2 · Security controls for AI

  1. 1. What is the key difference between gateway controls and model guardrails?

From module 2.3 · Access controls for AI

  1. 1. Which principle is the through-line for all four AI access surfaces in objective 2.3?

87 more questions like these are waiting inside.

What's inside

  • 36 in-depth topics across 6 modules, mapped to objectives 2.1–2.6
  • 90 exam-style practice questions with instant feedback
  • Full answer key with explanations for every question
  • A single running scenario that ties all six objectives together
  • Complete SecAI+ acronym & key-term reference
  • 116-page downloadable PDF for offline study and printing
  • Lifetime updates as the exam evolves

The modules, mapped to the objectives

  1. 2.1

    AI threat-modeling resources

    Given a scenario, use AI threat-modeling resources

    15 Qs
    OWASP LLM & ML Security Top 10MITRE ATLAS (adversary TTPs)MIT AI Risk RepositoryCVE AI Working GroupTrust boundaries & data-flow diagramsSTRIDE & attack trees
  2. 2.2

    Security controls for AI

    Given a set of requirements, implement security controls for AI systems

    15 Qs
    Model evaluation & guardrailsPrompt templatesPrompt firewallsRate / token limits & input quotasModality & endpoint access limitsGuardrail testing & validation
  3. 2.3

    Access controls for AI

    Given a scenario, implement appropriate access controls for AI systems

    15 Qs
    Model access & the model registryData access & RAG retrieval scopingAgent access & excessive agencyNetwork / API accessLeast privilege & distinct identitiesIngestion vs. query plane
  4. 2.4

    Data security controls

    Given a scenario, implement data security controls for AI systems

    15 Qs
    Encryption: in transit / at rest / in useTEE & confidential computingAnonymization vs. minimizationRedaction vs. maskingData classification labelsLabel-driven data-safety policy
  5. 2.5

    Monitoring & auditing

    Given a scenario, implement monitoring and auditing for AI systems

    15 Qs
    Prompt monitoring (query & response)Log monitoring, sanitization & protectionResponse confidence levelRate & AI cost monitoringHallucinations & accuracy auditingBias, fairness & access auditing
  6. 2.6

    Attacks & compensating controls

    Given a scenario, analyze the evidence of an attack and suggest compensating controls for AI systems

    15 Qs
    Prompt injection, jailbreaking & input manipulationData / model poisoning, backdoors & trojansModel inversion, membership inference & theftExcessive agency & insecure output handlingAI supply-chain attacks & model DoSThe compensating-control toolkit
Chris Rees

About the author

Chris Rees

Professional information technologist with 25+ years in IT and the author of 60+ certification training courses — 50+ live on Pluralsight, rated 4.6/5 across more than 2,000 reviews. This guide is that same exam-focused teaching, in a format you can finish.

More about Chris
Save 37%

Sitting the whole exam? Get the Complete SecAI+ Collection.

All 4 CY0-001 domains — including this guide — for $24.95 instead of $39.80.

See everything inside

Questions, answered

Do I need an account to buy?

No. Checkout is a single Stripe form — email and card, about 30 seconds. We create your access from your checkout email automatically and sign you in the moment payment completes.

Is this up to date with the real CY0-001 exam?

Yes — the guide is mapped module-by-module to CompTIA's official SecAI+ objectives (2.1–2.6), and lifetime updates are included, so as the exam evolves your guide does too.

What exactly do I get?

Instant access to the interactive online guide with all 90 practice questions, plus a 116-page PDF you can download, print, and keep forever.

Do I need the other domains too?

This guide covers Domain 2.0 (40% of the exam). To prepare for the whole exam, the Complete SecAI+ Collection bundles all 4 domains for $24.95 — less than the price of three guides.

What if it isn't for me?

Every purchase comes with a 30-day money-back guarantee — email us and we'll refund you, no hoops.

Who wrote it?

Chris Rees — a professional information technologist with 25+ years in IT and the author of 60+ certification courses, rated 4.6/5 across 2,000+ reviews on Pluralsight.

Be ready for 40% of the exam — for $9.95

Instant access, lifetime updates, and a 30-day money-back guarantee. The only risk is walking into the exam without it.

Get the guide

Share this guide