A company is deploying an LLM-based system that can execute API calls on behalf of users. Which TWO measures should they implement to prevent excessive agency?
Limiting the scope of actions reduces the risk of unintended actions.
Why this answer
Option B is correct because restricting the LLM to read-only or low-risk actions directly limits the scope of actions the model can execute, preventing it from performing unauthorized or destructive operations. This is a fundamental principle of least privilege applied to LLM-based systems, ensuring that even if the model is compromised or misused, it cannot escalate its agency to high-impact actions.
Exam trap
Cisco often tests the distinction between input/output security measures (like filtering and validation) and agency control measures (like action restrictions and human oversight), leading candidates to confuse defensive coding with permission scoping.