Free CompTIA SecurityX / CASP+ CAS-005 Actual Exam Questions - Question 13 Discussion

Option B stands out for me because if credentials get stolen, attackers could access sensitive client data or even manipulate the AI system itself. That poses a direct privacy risk, exposing personal info or changing loan rates unfairly. While explainability is important for fairness, unauthorized access is a more immediate privacy breach threat. Prompt injections and social engineering are concerns but feel less directly tied to privacy compared to credential theft in this context.

A. Model explainability is crucial because if the AI is making loan decisions, clients have a right to understand why they got a certain rate. Without transparency, it’s hard to ensure there’s no bias or discrimination, which is a big privacy and fairness risk. B and D are valid security concerns but less about privacy specifically, and C (prompt injections) seems more about system integrity than directly about client privacy.

A/C? Explaining the model is definitely important to avoid unfair loan decisions, but if the AI system can be manipulated through prompt injections, that might lead to incorrect or biased outputs, which could harm client privacy indirectly. Prompt injection could mess with how client data is handled or exposed. So even though credential theft is a classic risk, here the focus seems more on how the AI processes and protects sensitive info during decision-making.

Model explainability matters here to ensure fair treatment of clients, so A.

A/B? Model explainability matters for transparency, but credential theft directly risks clients’ private info. Since it’s financial data, keeping credentials safe feels like a bigger privacy threat.

A. Does the question specify if the AI model uses personal data that requires explainability for compliance? That might clarify why model explainability could be a bigger privacy concern here.