🔥 3-day streak
CompTIA SecurityX (CAS-005)54 / 120
Question 54 of 120
A company is deploying an internal LLM-based assistant that uses a tool/function-calling framework, allowing the model to invoke backend APIs (ticketing, HR lookups, database queries) on behalf of employees. Security testing shows that a crafted prompt can coax the model into chaining tool calls to retrieve data the requesting user is not authorized to see. Which control most directly reduces the impact of this attack?
Reviewed for accuracy · Report an issueNext question