Which of the following is the GREATEST risk when an organization relies only on adversarial training to protect a private AI model in a testing environment?
Answer : B
Adversarial training improves model robustness against known attack patterns by incorporating adversarial examples into the training process. However, no single security technique provides comprehensive protection---adversarial training addresses only the attack vectors it was designed for, leaving other vulnerabilities unaddressed.
Why B is Correct: The ISACA AAIR security defense-in-depth guidance identifies residual system vulnerabilities as the greatest risk when adversarial training is the sole security measure. Adversarial training protects against specific attack types (evasion, perturbation) but does not address infrastructure vulnerabilities, API security weaknesses, model inversion attacks, membership inference, or other security risks present in a testing environment. A defense-in-depth approach is required for comprehensive protection.
Why A is Wrong: Adversarial training does increase computational requirements and may extend training cycles, but inefficiency is an operational concern rather than a security risk. The security risk of unprotected vulnerabilities significantly outweighs training cycle efficiency.
Why C is Wrong: Overfitting to adversarial training examples is a model quality concern that can be managed through standard regularization techniques. It represents a model performance trade-off, not the greatest security risk from relying solely on adversarial training.
Why D is Wrong: Exposure of proprietary algorithms is an intellectual property risk that is not specifically increased by relying on adversarial training. Algorithm confidentiality is protected through access controls and encryption, which are separate from the adversarial training approach.
An organization adopts a third-party AI service under a shared responsibility model. Which of the following is the MOST important area of focus for the risk practitioner?
Answer : D
The shared responsibility model creates complexity in AI governance because control obligations are distributed between the organization and the vendor. The most critical risk is ambiguity about who owns specific controls and who makes decisions when issues arise.
Why D is Correct: The ISACA AAIR framework identifies documented assignment of control ownership as the cornerstone of shared responsibility governance. Without explicit documentation of which controls the organization owns versus which the vendor owns, and who has decision authority in each scenario, gaps and overlaps emerge that allow risks to go unmanaged. Named ownership ensures accountability persists across the shared boundary.
Why A is Wrong: Staff training on procedures is important but addresses operational readiness rather than the fundamental governance challenge of shared responsibility. Training supports a well-structured model but cannot substitute for defined ownership.
Why B is Wrong: Contractual liability clauses are legal protections that determine financial recourse after incidents. While essential, they do not prevent governance gaps from forming during normal operations.
Why C is Wrong: Data pathway testing is a security assurance activity addressing technical controls. It verifies control function but does not establish who owns those controls or what authority they have in the shared model.
A risk practitioner is evaluating AI model cards and documentation prior to deployment. Which of the following represents the GREATEST risk to enterprise AI governance?
Answer : B
AI governance depends on the ability of stakeholders to understand, audit, and oversee AI model decisions. Explainability is the technical and documentation property that enables this oversight. When model cards fail to adequately document explainability, the entire governance chain is compromised.
Why B is Correct: According to ISACA AAIR, inadequate explainability in model documentation is the greatest governance risk because it prevents risk practitioners, auditors, regulators, and business owners from understanding why a model produces its outputs. Without explainability, discriminatory or erroneous decisions cannot be identified, challenged, or corrected. This undermines accountability, compliance, and responsible AI governance at the enterprise level.
Why A is Wrong: Regulatory filing delays represent a compliance timing issue that can be remediated. While risky, they do not fundamentally compromise the governance capability of understanding and overseeing AI behavior.
Why C is Wrong: Decentralized version control creates configuration management challenges and audit trail gaps. These are significant but can be remediated through governance process improvements. Explainability gaps affect the underlying ability to govern the model itself.
Why D is Wrong: Overly detailed technical specifications represent a documentation quality issue that may reduce usability but does not create a governance risk. Excessive detail is easily distilled; absent explainability cannot be reconstructed after the fact.
Which of the following AI capabilities would BEST enable a forecasting system to accurately predict the point at which specific equipment components are likely to fail?
Answer : D
Predictive maintenance for equipment components requires continuous analysis of operational data---vibration, temperature, pressure, electrical signatures---that indicate component health over time. AI systems performing this function must process high-frequency sensor data to detect patterns that precede failure.
Why D is Correct: According to ISACA AAIR AI application guidance, real-time sensor monitoring data analysis is the core capability enabling accurate failure point prediction. By continuously analyzing sensor readings against learned patterns of pre-failure behavior, AI systems can detect early-stage degradation signals and forecast time-to-failure with precision unavailable through periodic inspection or rule-based thresholds.
Why A is Wrong: Root cause identification occurs after a defect has already manifested. For predictive maintenance---predicting failure before it occurs---post-defect analysis provides no forward-looking capability.
Why B is Wrong: Replacement product recommendation is a procurement and inventory support function. It assists in planning responses to predicted failures but is not the capability that enables the prediction itself.
Why C is Wrong: Dynamic inventory management of spare parts supports maintenance operations but is a supply chain function dependent on failure predictions, not a capability that generates those predictions.
Which of the following is the PRIMARY benefit of aligning AI risk management with existing organizational governance frameworks?
Answer : C
Organizational governance frameworks provide the structures, processes, and oversight mechanisms through which enterprises manage their activities and risks. Aligning AI risk management with these frameworks ensures AI activities receive the same level of strategic oversight as other organizational functions.
Why C is Correct: The ISACA AAIR curriculum identifies enterprise-level oversight and strategic alignment as the primary benefit of governance framework integration. When AI risk management operates within established governance structures, AI decisions are subject to the same approval authorities, risk escalation pathways, and strategic alignment checks that govern all major organizational decisions. This produces coherent, enterprise-aware AI governance.
Why A is Wrong: Role development and responsibility clarification are governance activities that may result from alignment, but they represent structural outputs rather than the primary benefit. The benefit is the oversight quality, not the organizational structure itself.
Why B is Wrong: Expediting compliance approvals is an efficiency benefit that may arise from better-organized governance. However, speed of approval is not the primary purpose of framework alignment---the purpose is quality and consistency of oversight.
Why D is Wrong: Standardizing acquisition processes is a procurement function benefit. While governance alignment may improve procurement consistency, standardization is a narrow operational benefit compared to the strategic oversight value of full governance integration.
Risk practitioners use automated tools to generate potential AI risk scenarios. Which of the following represents the GREATEST risk from that approach?
Answer : D
Automated risk scenario generation tools operate based on programmed logic, historical data, and pattern recognition. They may excel at generating scenarios based on known risks and documented processes but struggle to account for complex organizational interdependencies that are not fully captured in their data inputs.
Why D is Correct: The ISACA AAIR risk scenario development guidance identifies the failure to account for process interdependencies as the greatest risk from automated scenario generation. AI systems do not operate in isolation---they are embedded in complex organizational ecosystems where failures cascade through interconnected processes, systems, and stakeholders. Automated tools may miss these interdependencies, producing scenarios that are technically accurate in isolation but miss the most consequential cascade effects.
Why A is Wrong: Complexity in likelihood and impact scoring is a risk quantification challenge that affects scenario prioritization but does not result in missing scenarios entirely. Complex scoring can be managed through additional analytical methods.
Why B is Wrong: Emerging adversarial attack vectors are a potential blind spot for any tool or analyst working from historical data, but this is a known limitation of retrospective approaches that can be supplemented with threat intelligence. It does not represent the distinctive risk of automated scenario generation.
Why C is Wrong: Underestimating model change impacts is a scenario calibration issue that represents a less severe risk than missing entire categories of scenarios arising from unmodeled interdependencies.
Which of the following BEST mitigates risk associated with evasion attacks on AI models?
Answer : B
Evasion attacks involve adversaries crafting inputs specifically designed to fool AI models into producing incorrect outputs---for example, manipulating images to evade object detection or modifying text to bypass content classifiers. Detecting these attacks requires identifying inputs that are statistically unusual or inconsistent with legitimate use patterns.
Why B is Correct: The ISACA AAIR adversarial AI security guidance identifies anomaly detection as the most effective mitigation for evasion attacks. Anomaly detection systems monitor input distributions, model query patterns, and output characteristics for statistical deviations that indicate adversarial manipulation. By identifying inputs that fall outside expected distributions or trigger unusual model responses, anomaly detection catches evasion attempts before they produce harmful outputs.
Why A is Wrong: API rate limiting controls query frequency to prevent brute-force model probing but does not detect or prevent crafted adversarial inputs sent at normal rates. An attacker can evade rate limits by spacing requests or distributing queries.
Why C is Wrong: Predictive analytics uses historical patterns to forecast future outcomes. It does not specifically detect real-time adversarial manipulation of model inputs.
Why D is Wrong: Feature importance weighting adjusts how much different input features influence model predictions. While it can improve robustness to irrelevant features, it does not detect adversarial inputs specifically crafted to exploit important features.