The latest changes and updates from the administration for this exam.
Latest Update: Jun 20 2026
All questions are working fine.
Correct AnswerC
A is incorrect: Generating static reports for manual analyst review describes a basic alerting and reporting function, not a distinguishing characteristic of agentic AI. Agentic AI goes beyond passive reporting by actively investigating alerts, reasoning through evidence, and taking adaptive actions autonomously. Simply generating static reports does not leverage the autonomous decision-making and contextual reasoning capabilities that define agentic AI.
B is incorrect: Executing predefined response actions in a fixed sequential order based on signature matching describes traditional rule-based automation, not agentic AI. Rule-based SOAR playbooks follow this deterministic approach where every step and outcome is fixed during the playbook design phase. This static pattern is the opposite of the adaptive, context-aware reasoning behavior that characterizes agentic AI systems in modern security operations.
C is correct: Agentic AI is distinguished from rule-based automation by its ability to dynamically reason through novel situations and adapt in real time. Unlike deterministic automation that follows hard-coded logic where every step and outcome is fixed and predefined, agentic AI assesses context, connects patterns across disconnected data, and determines the best investigation or response path adaptively. This capability allows security operations teams to handle unplanned variables and emerging threats that rigid, pre-scripted playbooks cannot address on their own.
D is incorrect: Processing events through hard-coded sequential steps with identical outcomes describes deterministic or rule-based automation, not agentic AI. While this approach offers predictability and control in well-understood scenarios, it lacks the adaptability and reasoning capabilities of agentic AI. Agentic AI dynamically adjusts its approach when faced with new or unexpected scenarios rather than following a fixed path.
Correct AnswerD
A is incorrect: Explanation is the foundational NIST XAI principle that requires AI systems to deliver accompanying evidence or reasons for all their outputs. While this principle establishes the baseline requirement that an AI system must be capable of providing some form of explanation, it does not specifically address the system's ability to identify and communicate when it encounters conditions outside its designed operational scope or training boundaries. Reference: https://doi.org/10.6028/NIST.IR.8312
B is incorrect: Meaningful is one of NIST's four XAI principles, but it focuses on the quality and comprehensibility of explanations rather than operational boundaries. This principle requires that systems provide explanations that are understandable and useful to the intended audience, recognizing that different users require different explanation types. While important for policy documentation, it does not specifically address the requirement for AI systems to flag when inputs are beyond their training scope. Reference: https://doi.org/10.6028/NIST.IR.8312
C is incorrect: Explanation accuracy is one of NIST's four XAI principles, but it addresses a different requirement. This principle states that the explanation provided must correctly reflect the system's actual process for generating its output. While explanation accuracy ensures that explanations faithfully represent how the model reached its decision, it does not address the system's ability to recognize and communicate when it is operating outside its trained parameters or design scope. Reference: https://doi.org/10.6028/NIST.IR.8312
D is correct: Knowledge limits is the correct answer. NIST's four principles of explainable AI (NISTIR 8312) are Explanation, Meaningful, Explanation Accuracy, and Knowledge Limits. The Knowledge Limits principle requires that an AI system identify conditions where it was not designed to operate or where its outputs may be unreliable and communicate this to users. When documenting XAI requirements in an AI Acceptable Use Policy, this principle ensures systems self-report when inputs fall outside their training scope, preventing unreliable outputs in unfamiliar conditions. Reference: https://doi.org/10.6028/NIST.IR.8312
Correct AnswerA
A is correct: Orchestration connects internal and external tools so that they can be accessed from one central place and respond to incidents as a coordinated group. In this scenario, the SOAR platform orchestrates the SIEM, EDR, firewall, and ticketing system to execute a unified automated response when a suspicious login is detected. Each tool performs its designated role within the playbook workflow while the orchestration layer ensures they act together cohesively.
B is incorrect: Centralized log aggregation and long-term data retention is a primary function of SIEM systems, not the core role of SOAR orchestration. While SOAR platforms consolidate data for the purpose of driving automated workflows, their primary orchestration function is coordinating actions across integrated tools through playbook-driven responses, not serving as a centralized log storage repository for compliance or analysis.
C is incorrect: SOAR platforms do not replace the detection capabilities of integrated security tools. Orchestration coordinates the existing capabilities of each tool into unified workflows while each tool retains its native functions. The SIEM continues detecting threats, the EDR provides endpoint visibility, and the firewall enforces access controls. Orchestration unifies these capabilities rather than replacing them with a single centralized engine.
D is incorrect: Monitoring individual security tools for operational anomalies is not the function of SOAR orchestration. Orchestration coordinates response actions across multiple tools through centralized playbook-driven workflows rather than monitoring the health, performance, or operational status of each individual security product in the environment. Tool monitoring is typically handled by dedicated infrastructure monitoring solutions.
Correct AnswerC
A is incorrect: Encrypting model weights with hardware security modules protects model intellectual property and prevents unauthorized extraction or tampering with model parameters. However, encryption does not enforce review and approval governance. A model could be encrypted and deployed to production without ever undergoing a formal governance approval workflow or review process.
B is incorrect: Network segmentation between training and production environments provides infrastructure isolation that limits lateral movement and unauthorized access between environments. While segmentation strengthens security boundaries, it does not enforce the model review and approval governance required. Models could still be deployed without formal review if no approval workflow exists.
C is correct: A model registry with mandatory approval workflows is the correct answer. The model registry provides a centralized governance mechanism that requires formal review and sign-off before models can be promoted to production. Combined with version tracking, it maintains a complete audit trail of all approvals and rejections, ensuring that only authorized models are deployed while supporting accountability and compliance requirements.
D is incorrect: Restricting development to a single ML framework limits tooling choices but does not enforce governance over which specific models are approved for production deployment. Even within a standardized framework, models could bypass review processes and be deployed without authorization. The governance gap concerns approval workflows and oversight, not framework standardization.
Correct AnswerB
A is incorrect: These terms describe the four core functions and activities within the NIST AI RMF, not the risk response options available under the Manage function. While Govern, Map, Measure, and Manage are the framework's operational functions, the specific risk response options within the Manage function are to mitigate, transfer, avoid, or accept identified risks. Reference: https://airc.nist.gov/airmf-resources/playbook/manage/
B is correct: This is correct. According to the NIST AI RMF Manage function, responses to AI risks deemed high priority are developed, planned, and documented, and risk response options can include mitigating, transferring, avoiding, or accepting. These response options align with established enterprise risk management practices and allow organizations to address identified risks based on their documented risk tolerances. Reference: https://airc.nist.gov/airmf-resources/playbook/manage/
C is incorrect: These activities are associated with the Measure function and testing, evaluation, verification, and validation (TEVV) processes, not the risk response options of the Manage function. The Measure function employs these methods to assess and monitor AI risk, while the Manage function acts on those results through risk response options. Reference: https://airc.nist.gov/airmf-resources/playbook/manage/
D is incorrect: These are specific technical security controls, not the risk response categories defined in the NIST AI RMF Manage function. While such controls may be part of a mitigation strategy, the framework defines risk response options at a higher governance level as mitigating, transferring, avoiding, or accepting risks based on organizational risk tolerances. Reference: https://airc.nist.gov/airmf-resources/playbook/manage/
Correct AnswerB
A is incorrect: Centralizing data into a dashboard for manual review describes a data aggregation and visualization function typically associated with SIEM capabilities rather than AI-driven automation. This approach still relies entirely on human analysts to process the new attack technique manually and does not address the core limitation of automated response capabilities for unseen threats.
B is correct: Unlike rule-based automation that follows rigid, pre-scripted playbooks, AI-driven automation uses agents that can reason through unplanned variables. When no matching playbook exists for a new attack technique, AI-driven automation can assess the available context, connect patterns across data sources, and dynamically determine the best investigation path by adapting its approach in real time rather than depending on predefined logic.
C is incorrect: Increasing the speed of existing playbooks does not address the fundamental limitation of having no matching workflow for an unseen attack technique. If no predefined playbook covers the new threat, executing existing playbooks faster provides no benefit. The advantage of AI-driven automation is its ability to reason and adapt beyond predefined logic, not to run existing logic more quickly.
D is incorrect: Duplicating existing static playbook configurations would only replicate the same predefined logic that already failed to address the new attack technique. AI-driven automation does not simply create more static templates. It fundamentally changes the approach by enabling dynamic reasoning and adaptive investigation, allowing the system to respond to novel scenarios without requiring predefined workflows.
Correct AnswerB
A is incorrect: The privileged level is defined by the absence of restrictions, allowing containers to bypass typical container isolation mechanisms including running as root and mounting host paths. Audit mode only records violations to the audit log without preventing pod creation. This combination provides neither the security controls nor the enforcement needed to protect AI training workloads from container breakout risks. Reference: https://kubernetes.io/docs/concepts/security/pod-security-standards/
B is correct: Pod Security Admission with the restricted level in enforce mode is the correct configuration. The restricted Pod Security Standard is the most stringent level, requiring containers to run as non-root, blocking privilege escalation, and restricting volume types including host-path mounts. The enforce mode actively rejects any pods that violate the policy, ensuring only compliant AI training workloads can run in the namespace. This aligns with Kubernetes best practices for security-critical workloads processing sensitive training data. Reference: https://kubernetes.io/docs/concepts/security/pod-security-standards/
C is incorrect: The baseline level prevents some known privilege escalations but does not enforce all the stated requirements, such as mandating containers run as non-root or restricting all host-path volume types. Additionally, warn mode only generates user-facing warnings without blocking non-compliant pods from being created. This combination provides insufficient control for the organization's stringent security requirements around AI training workloads. Reference: https://kubernetes.io/docs/concepts/security/pod-security-standards/
D is incorrect: While enforce mode correctly blocks non-compliant pods from being created, the baseline level only prevents known privilege escalations and does not meet all the stated requirements. The baseline level does not mandate containers run as non-root or restrict host-path volume mounts as comprehensively as the restricted level. For security-critical AI workloads, the restricted level is required. Reference: https://kubernetes.io/docs/concepts/security/pod-security-standards/
Correct AnswerC
A is incorrect: Default is not a valid Pod Security Standards level in Kubernetes. The three defined levels are privileged, baseline, and restricted. Each namespace must be explicitly labeled with one of these three levels to enforce pod security admission. Without a valid level label, the namespace will not have Pod Security Standards enforcement applied by the admission controller. Reference: https://kubernetes.io/docs/concepts/security/pod-security-admission/
B is incorrect: The baseline Pod Security Standards level is aimed at preventing known privilege escalations and provides a minimally restrictive policy for common containerized workloads. While baseline prevents obvious security risks, it does not enforce the full set of hardening best practices required for security-critical AI inference environments. The restricted level provides significantly stronger protections against container breakout and privilege escalation attacks. Reference: https://kubernetes.io/docs/concepts/security/pod-security-standards/
C is correct: The restricted Pod Security Standards level is the correct choice for enforcing the strictest pod hardening controls. The restricted policy enforces current pod hardening best practices, including requiring containers to run as non-root, dropping all capabilities, and preventing privilege escalation. For AI inference workloads that handle sensitive model data, applying the restricted level ensures maximum security by limiting the container's ability to access host resources or escalate privileges. Reference: https://kubernetes.io/docs/concepts/security/pod-security-standards/
D is incorrect: The privileged Pod Security Standards level is defined by an absence of restrictions and allows containers to bypass typical container isolation mechanisms. Applying the privileged level to AI inference workloads would expose the namespace to significant security risks, including host network access and privilege escalation, making it entirely inappropriate for environments requiring strict security hardening. Reference: https://kubernetes.io/docs/concepts/security/pod-security-standards/
Correct AnswerC
A is incorrect: A volumetric DDoS attack involves overwhelming a target with high traffic volumes from external sources, primarily targeting north-south traffic at the network perimeter. The scenario describes internal east-west traffic between hosts within the data center rather than inbound flooding from external origins. DDoS attacks would typically be detected at perimeter defenses rather than through internal east-west traffic monitoring.
B is incorrect: Brute-force credential attacks against public-facing servers involve repeated authentication attempts from external attackers targeting internet-exposed services at the network perimeter. The scenario describes unusual internal host communications within the data center, not inbound external attack attempts. Brute-force attacks also generate distinctive repeated authentication patterns rather than multi-server protocol anomalies.
C is correct: Lateral movement from a compromised internal host is the most likely threat being identified. AI-driven NDR solutions monitor east-west traffic to detect internal threats that perimeter defenses miss. An internal host communicating with multiple servers using unusual protocols at abnormal times indicates an attacker moving laterally through the network after initial compromise, which is a key behavior NDR is designed to detect.
D is incorrect: DNS tunneling involves encoding data within DNS queries to communicate with external command-and-control infrastructure, representing outbound north-south traffic. The scenario specifically describes east-west communication between internal hosts using atypical protocols, not DNS-based communication to external endpoints. While NDR can detect DNS tunneling, the described behavioral pattern does not match this attack type.
Correct AnswerA
A is correct: Implementing an admission controller with image signature verification intercepts pod creation requests and validates that container image signatures match trusted signing keys before allowing deployment. This operates at the Kubernetes API server level, automatically blocking any pod that references an unsigned or incorrectly signed container image. Tools like Kyverno with Cosign integration or the Sigstore policy-controller provide this capability for AI workload environments. Reference: https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/
B is incorrect: Resource quotas manage resource consumption within a namespace such as limiting CPU, memory, or the number of objects created. Quotas do not evaluate which specific container images are allowed to run or verify their origin and integrity. An unauthorized container image would not be blocked by a resource quota as long as the namespace has not exceeded its configured object count or resource limits. Reference: https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/
C is incorrect: A CronJob-based scanning approach is reactive rather than preventive, meaning unauthorized container images can still run in the cluster until the next scheduled scan detects and removes them. During the interval between scans, unverified AI containers could process sensitive model data or exfiltrate proprietary information before being terminated. Admission-time controls provide stronger preventive security than periodic detection. Reference: https://kubernetes.io/docs/concepts/security/
D is incorrect: Network policies control traffic flow between pods and external endpoints, but restricting registry access does not verify the integrity or authenticity of container images. An unauthorized image could be uploaded to an approved internal registry and would bypass network-level restrictions entirely. Image signature verification at the admission level provides stronger assurance of image provenance and integrity than network controls alone. Reference: https://kubernetes.io/docs/concepts/security/
