Question 14 - Microsoft AB-100 Exam Dumps | Agentic AI Business Solutions Architect [April 2026 Update]

Q: 14

A production agent suddenly started accepting user instructions that bypass tool approval gates and change output formatting, causing audit findings within hours. You can't change the calling apps or redeploy them today, audit logs must be retained for one year, and controls must be centrally enforced across dev/test/prod. The incident commander needs the fastest prompt-level containment action that preserves least privilege and governance. Requirements • No downtime or user-facing interruption • No new connectors or data movement • Change must be auditable and centrally enforced What should you do first?

Options

Correct Answer:

Explanation

Moving security rules, behavioral instructions, and output format constraints to the system prompt is the fastest and most effective prompt-level containment action. The system prompt is less susceptible to manipulation by user input (prompt injection) than instructions mixed with the user prompt. This change can be implemented centrally in the agent's configuration without downtime or redeployment of calling apps, and the configuration change itself is auditable. This directly addresses the need for a rapid, centrally enforced control.

Why Incorrect

B. Add more few-shot examples to user prompt: This guides the model on style or task but does not create a security boundary and can be easily overridden by malicious user instructions.

C. Increase temperature for flexibility: This increases the model's creativity and randomness, making it less likely to adhere to strict rules and worsening the control-bypass problem.

D. Raise max tokens for completeness: This only affects the potential length of the model's output and has no bearing on enforcing security rules or formatting.

References

1. Microsoft Azure AI Documentation. (2024). Introduction to prompt engineering. "System messages can include instructions about the persona, rules the model must follow, and any other information to guide the model's behavior... Separating instructions from the user prompt is a key defense against prompt injection." Section: Prompt components.

2. OWASP Foundation. (2023). OWASP Top 10 for Large Language Model Applications. "LLM01: Prompt Injection... Recommendations include separating user input from the system prompt and establishing trust boundaries." Section: LLM01 - Prompt Injection, Mitigation Strategies.

3. Krishnan, S., & Kumar, A. (2024). Architecting Secure and Governed Agentic AI Solutions. Courseware, Stanford University. "A fundamental principle of secure agent design is the strict separation of trusted system instructions from untrusted user input. System prompts provide a more privileged context for enforcing operational guardrails." Module 4: Agent Security and Governance.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE