The latest changes and updates from the administration for this exam.
Latest Update: Jun 20 2026
All questions are working fine.
Correct AnswerB
A is incorrect: Backing up alert records into a data lake supports long-term forensic analysis and data retention requirements but does not address the immediate operational problem of analysts being overwhelmed by alert volume. Data archival does not reduce the active workload or help analysts prioritize which incidents require urgent investigation.
B is correct: Automated event triage is the correct first priority for AI-powered SOAR playbook design when addressing alert overload. AI-driven triage automatically assesses incoming alerts, assigns risk scores based on severity and business context, and presents analysts with a prioritized queue. This directly addresses alert fatigue by ensuring the most critical incidents receive immediate attention, while lower-priority events are appropriately categorized for later review or automated handling.
C is incorrect: Deploying firewall rules automatically for every incoming alert is not an appropriate first priority. Executing remediation actions for all alerts without proper triage introduces significant risk of disrupting legitimate business operations, especially when many alerts may be false positives. SOAR best practices recommend establishing reliable triage before enabling automated response actions.
D is incorrect: Generating compliance reports is a secondary benefit of SOAR platforms, not the primary capability for addressing the alert fatigue problem described in the scenario. While reporting is valuable for governance purposes, it does not help analysts identify and respond to the most critical threats faster, which is the core operational challenge presented.
Correct AnswerD
A is incorrect: Encrypting model weight files at rest protects the confidentiality of the model data but does not prevent an attacker with storage access from replacing the encrypted file with a different one before signing occurs. Encryption addresses unauthorized reading of data rather than unauthorized replacement, and the substituted file would still be signed as if it were authentic. Reference: https://csrc.nist.gov/pubs/ai/100/2/e2025/final
B is incorrect: Adding a second digital signature from another certificate authority increases the number of trust anchors but does not address the core timing vulnerability. If an attacker replaces the model weights before any signing occurs, both signatures will authenticate the attacker's substituted artifact rather than the legitimate one, as the tampered file is what both authorities would sign. Reference: https://learn.microsoft.com/en-us/security/engineering/threat-modeling-aiml
C is incorrect: Adversarial training is a technique that improves model robustness by exposing it to adversarial input examples during the training phase. It is designed to harden a model against evasion attacks at the inference layer, not to detect or prevent the unauthorized substitution of model weight files in the build and deployment pipeline. The vulnerability is in the signing process, not model inference. Reference: https://genai.owasp.org/llmrisk/llm03-training-data-poisoning/
D is correct: Integrating signing into the automated build pipeline at artifact creation is the correct answer. By embedding the cryptographic signing step directly within the automated build process, the model artifact is signed immediately upon creation, eliminating the time window between creation and signing that the attacker exploited. This ensures artifacts are never left unsigned and vulnerable to substitution. Reference: https://media.defense.gov/2024/apr/15/2003439257/-1/-1/0/csi-deploying-ai-systems-securely.pdf
Correct AnswerC
A is incorrect: Compliance reporting is a documentation and governance activity typically performed after incident handling, not the primary function of the enrichment step. Enrichment is designed to gather real-time threat intelligence that directly informs the playbook's automated response logic. Pausing response actions to generate compliance reports before taking action would introduce unnecessary delays in the incident response process.
B is incorrect: Enrichment occurs within the SOAR playbook to inform its own automated decision-making process, not to create new SIEM detection rules. While insights from enrichment may eventually inform detection engineering improvements, the primary purpose of this playbook step is to support immediate, accurate triage and response decisions within the current workflow rather than to feed data back to the SIEM for future rule creation.
C is correct: Enrichment adds contextual intelligence to alert indicators by querying external sources for information such as IP reputation scores, threat actor associations, malware family linkages, and risk ratings. This contextual data is essential for AI decision nodes and conditional logic within the playbook because it provides the evidence needed to classify alerts accurately and determine whether to initiate automated containment or escalate to an analyst.
D is incorrect: Alert deduplication is a separate triage function that consolidates redundant alerts before processing, typically handled earlier in the SOAR pipeline during ingestion and grouping. Enrichment is a distinct step that adds external threat intelligence context to existing alert artifacts rather than reducing alert volume. Both functions are important but serve fundamentally different purposes within a SOAR playbook workflow.
Correct AnswerA
A is correct: Under Article 26 of the EU AI Act, deployers of high-risk AI systems carry their own statutory obligations that are independent of the provider's compliance status. Deployers must ensure human oversight mechanisms are functional, retain automatically generated logs for at least six months, and maintain incident reporting procedures. These obligations apply even when deploying off-the-shelf third-party AI systems and cannot be deferred pending the provider's conformity activities. Reference: https://eur-lex.europa.eu/eli/reg/2024/1689/oj
B is incorrect: Deployer obligations under the EU AI Act are not contingent on the provider's conformity assessment status. Article 26 establishes independent obligations for deployers including implementing human oversight, retaining automated logs, and maintaining incident reporting procedures. Waiting for the provider's conformity completion before addressing deployer obligations creates critical governance gaps and exposes the organization to regulatory non-compliance and potential patient safety risks. Reference: https://eur-lex.europa.eu/eli/reg/2024/1689/oj
C is incorrect: EU database registration under Article 49 is primarily a provider obligation to be completed before market placement. Deployers do not register systems as a substitute for provider obligations. Deployer obligations focus on operational responsibilities such as ensuring human oversight mechanisms are functional, maintaining log retention for at least six months, and having incident reporting procedures in place during system operation. Reference: https://eur-lex.europa.eu/eli/reg/2024/1689/oj
D is incorrect: The conformity assessment is a provider obligation under the EU AI Act, not a deployer obligation. While deployers have their own set of statutory duties under Article 26, performing the provider's conformity assessment is not among them. The deployer should assess whether deploying a system whose provider has not completed conformity activities creates compliance risk, but the conformity assessment responsibility remains with the provider. Reference: https://eur-lex.europa.eu/eli/reg/2024/1689/oj
Correct AnswerA
A is correct: User and entity behavior analytics (UEBA) is the correct answer. UEBA uses machine learning to build dynamic behavioral profiles for entities including users, service accounts, hosts, and IP addresses, then detects anomalies by comparing current activity to established baselines. This enables the SIEM to automatically identify when service accounts begin accessing the AI inference API with unusual frequencies or from unexpected locations without requiring predefined rules for every scenario.
B is incorrect: Static correlation rules with fixed thresholds rely on predefined values that do not adapt to evolving behavior patterns. While useful for known attack scenarios, they cannot dynamically learn normal access patterns for service accounts or adjust baselines over time. This approach is likely to miss subtle anomalies in AI inference API access or generate excessive false positives as usage patterns shift.
C is incorrect: Scheduled vulnerability scanning identifies security weaknesses in the inference endpoint software and configuration but does not monitor runtime behavioral patterns. Vulnerability scanning is a preventive control that assesses known software flaws and misconfigurations, making it unable to detect anomalous query frequencies or unusual access locations during active AI system operation.
D is incorrect: Signature-based detection compares observed activities against known attack signatures and is effective for identifying previously documented threats. However, it cannot detect novel anomalous behaviors that do not match existing signatures, making it insufficient for identifying unusual service account access patterns that deviate from normal behavioral baselines at the inference layer.
Correct AnswerB
A is incorrect: The GAN's discriminator is an internal neural network component that evaluates whether generated samples appear real or fake during the training process. It does not interact with or disable external EDR systems. In malware evasion scenarios, the discriminator simulates the target detection model within the GAN's architecture to provide training feedback to the generator, not to attack deployed security infrastructure.
B is correct: This is the correct description. In a GAN-based malware evasion attack, the generator component learns to create malware variants whose feature profiles closely resemble those of benign software. The discriminator, which simulates the target ML-based detection model, provides feedback that guides the generator to progressively improve its output. This adversarial training loop produces malware variants that can bypass ML-based EDR detection by mimicking benign software characteristics.
C is incorrect: GANs do not perform brute-force decryption or directly extract detection signatures from EDR systems. A GAN operates through the adversarial interplay between a generator and a discriminator. The generator creates samples intended to appear benign, while the discriminator evaluates them against a detection standard. This process does not involve decrypting or extracting any proprietary EDR components.
D is incorrect: Encryption of malware payloads is a traditional obfuscation technique used independently of GANs. GANs do not generate encryption schemes but instead learn to produce outputs that match a target data distribution. The GAN's role in malware evasion is to manipulate the feature representation of malware samples so they appear legitimate to detection models, not to encrypt payloads to block behavioral analysis of runtime actions.
Correct AnswerD
A is incorrect: ISO/IEC 42001 does not require full recertification audits every year. Annual surveillance audits are abbreviated reviews that verify continued operational effectiveness, while a comprehensive recertification audit is only required at the end of the three-year cycle to renew the certification for an additional period. Reference: https://www.iso.org/standard/81230.html
B is incorrect: While ISO/IEC 42001 Clause 9 requires regular management reviews as an internal governance activity, these reviews are not filed with national accreditation bodies. Maintaining certification requires annual surveillance audits conducted by the external certification body, not the submission of internal management review documents to accreditation authorities. Reference: https://www.iso.org/standard/81230.html
C is incorrect: ISO does not certify organizations directly or accept self-assessment reports for compliance verification purposes. Certification is carried out by independent accredited certification bodies, and maintaining certification requires formal surveillance audits performed by those external auditors rather than organizational self-reporting. Reference: https://www.iso.org/standard/81230.html
D is correct: ISO/IEC 42001 certification follows a three-year cycle. At twelve-month intervals in years two and three, organizations must undergo surveillance audits conducted by the external certification body. These abbreviated reviews reassess AIMS operational effectiveness with emphasis on clauses 8 through 10 and a sample of Annex A controls. Reference: https://www.iso.org/standard/81230.html
Correct AnswerA
A is correct: When adding automated mitigation actions such as email deletion to a SOAR phishing playbook, the most important best practice is to implement them as the last step in the workflow after the false positive rate has been confirmed to be consistently low. Automated deletion is an impacting action that cannot be easily reversed, so it should only be activated after earlier analysis, enrichment, and verdict steps have been validated to produce reliable results through iterative refinement over time.
B is incorrect: Triggering immediate email deletion based solely on an initial AI verdict, even with high confidence, skips critical validation steps and introduces risk of deleting legitimate emails. AI models can misclassify emails, especially when encountering novel formats or unfamiliar senders. The recommended approach is to complete the full analysis pipeline and validate accuracy over time before enabling any automated deletion actions within the response playbook.
C is incorrect: Restricting automated deletion to only emails matching known threat intelligence indicators significantly limits the playbook effectiveness against novel phishing attacks. While threat intelligence enrichment is valuable, many phishing emails use new domains, IP addresses, and payloads that are not yet cataloged in intelligence feeds. The AI-driven analysis should evaluate multiple factors beyond indicator matching before determining a deletion verdict.
D is incorrect: Requiring analysts to manually configure deletion thresholds for each new phishing campaign introduces inconsistency and delays that do not scale with attack volume. This approach defeats the purpose of AI-driven automation within the SOAR platform. The best practice is to establish validated, consistent thresholds within the playbook that are refined over time based on measured accuracy, rather than relying on per-campaign manual configuration by analysts.
Correct AnswerD
A is incorrect: Granting full administrative access to a single team lead creates a single point of failure and violates the principle of least privilege. This approach concentrates excessive permissions in one account, increasing the blast radius if the account is compromised. RBAC distributes permissions systematically through defined roles mapped to job functions, not by centralizing all access decisions in a single administrator who manually delegates permissions.
B is incorrect: Network-level access controls restrict where the registry can be accessed from geographically or by network segment. However, they do not control what actions users can perform within the registry once connected. Network controls are complementary security measures but do not implement RBAC, which specifically governs user permissions and authorized operations based on assigned roles. Users connecting from approved networks would still have identical unrestricted permissions.
C is incorrect: Creating individual access policies per user and per model does not align with RBAC principles. This approach describes identity-specific or attribute-based access control, which is significantly more complex to manage and scale. RBAC simplifies administration by grouping permissions into standardized roles rather than managing unique policies for every user-resource combination, which becomes unmanageable as the number of data scientists and registered models grows within the organization.
D is correct: Defining distinct roles aligned with job functions is the correct implementation of RBAC for a model registry. RBAC operates by assigning permissions to defined roles rather than to individual users, and then mapping users to those roles. In an MLOps model registry, roles such as model contributor for registering models, model approver for promoting models to production, and model viewer for auditing personnel ensure each persona receives only the permissions necessary for their responsibilities while simplifying access administration.
Correct AnswerA
A is correct: Implementing RBAC with differentiated access levels is the best strategy for protecting the feature store. Data engineers who create and maintain features require write access, while training pipelines only need to consume features and should be restricted to read-only access. This approach follows the principle of least privilege by ensuring each identity has only the permissions necessary for its function, preventing training pipelines from accidentally or maliciously modifying shared feature data. Reference: https://cheatsheetseries.owasp.org/cheatsheets/Secure_AI_Model_Ops_Cheat_Sheet.html
B is incorrect: Network-level controls such as firewall rules restrict access based on network location but do not provide granular identity-based access control. All traffic from the allowed IP range would be permitted regardless of the specific user or service account, and data engineers outside the allowed range may be blocked from performing necessary maintenance tasks. RBAC provides the identity-based, role-specific access control that network firewalls cannot deliver. Reference: https://cheatsheetseries.owasp.org/cheatsheets/Secure_AI_Model_Ops_Cheat_Sheet.html
C is incorrect: Audit logging is an important detective control that supports monitoring and forensic investigation, but it does not prevent unauthorized access from occurring. Logging alone records events after they happen without enforcing access restrictions. Effective feature store security requires preventive controls such as RBAC to restrict access before unauthorized actions occur, with audit logging serving as a complementary layer in a defense-in-depth strategy. Reference: https://cheatsheetseries.owasp.org/cheatsheets/Secure_AI_Model_Ops_Cheat_Sheet.html
D is incorrect: Encrypting feature data addresses confidentiality but does not enforce access control over who can read versus who can write features. All service accounts with decryption keys would have equivalent access regardless of their role, failing to differentiate between data engineers who need write access and training pipelines that only need read access. Encryption alone is not a substitute for role-based access control when managing feature store permissions. Reference: https://cheatsheetseries.owasp.org/cheatsheets/Secure_AI_Model_Ops_Cheat_Sheet.html
