Isaca AAISM Exam Questions Instant Access

Question 1

Which of the following strategies is the MOST effective way to protect against AI data poisoning?

AEnsuring the model is trained on diverse data sources

BIncreasing model complexity

CUsing robust data validation techniques and anomaly detection

DIncorporating more features and data into model training

Answer : C

AAISM identifies robust data validation and anomaly detection on incoming training data as the primary defense against data poisoning. These controls detect corrupted, manipulated, or adversarial samples before they enter the training pipeline.

Diverse data (A) is helpful but not protective against poisoning. More complexity (B) does not mitigate poisoning and can worsen vulnerability. More features (D) increases attack surface.

============================================

Question 2

When deriving statistical information from AI systems, which source of risk is MOST important to address?

APresence of hallucinations

BIncomplete outputs

CLack of data normalization

DSystemic bias in data sets

Answer : D

AAISM emphasizes systemic or structural bias as a high-impact risk because biased data leads directly to discriminatory insights or decisions when used for analytics or reporting. This risk affects fairness, compliance, and organizational reputation.

Hallucinations (A) relate more to generative AI. Incomplete outputs (B) affect accuracy but not structural fairness. Lack of normalization (C) affects performance but is not the dominant risk.

=============================================

Question 3

Which of the following BEST describes the role of model cards in AI solutions?

AThey are primarily used to visualize the performance of AI models

BThey are used to automatically fine-tune AI models by adjusting hyperparameters based on user feedback

CThey provide a standardized way to document the training data and AI model use cases

DThey help developers create synthetic data and train AI models

Answer : C

AAISM positions model cards as standardized documentation artifacts that record intended use and out-of-scope use, training/evaluation data characteristics, performance metrics across groups, limitations/risks, and governance controls/owners. Their purpose is transparency and assurance, not automated tuning or synthetic data generation. Visualization (A) may appear within a card, but the core role is structured documentation for governance, risk, and compliance.

===========

Question 4

After deployment, an AI model's output begins to drift outside of the expected range. Which of the following is the development team's BEST course of action?

ATake the AI model offline

BAdjust the hyperparameters of the AI model

CCreate an emergency change request to correct the issue

DReturn to an earlier phase in the AI life cycle

Answer : D

AAISM emphasizes that when model drift occurs, the best response is not a quick fix but rather to revisit an earlier phase of the AI life cycle to address data quality, retraining, or evaluation processes. Simply taking the model offline halts functionality without resolution, while adjusting hyperparameters or issuing emergency changes treats the symptom rather than the root cause. Proper governance requires returning to the design or training phases to re-establish stability, accuracy, and compliance of the model. Thus, the correct approach is to return to an earlier AI lifecycle phase.

AAISM Exam Content Outline -- AI Risk Management (Model Drift and Lifecycle Responses)

AI Security Management Study Guide -- Continuous Improvement in AI Lifecycle

Question 5

Which AI data management technique involves creating validation and test data?

ALearning

BSplitting

CTraining

DAnnotating

Answer : B

AAISM describes data splitting as the process of dividing datasets into:

* training

* validation

* test sets

This is essential for reducing overfitting and ensuring robust evaluation.

Learning (A) refers to model training. Annotating (D) labels data. Training (C) does not create validation/test data.

============================================

Question 6

Which of the following controls would BEST help to prevent data poisoning in AI models?

AIncreasing the size of the training data set

BImplementing a strict data validation mechanism

CEstablishing continuous monitoring

DRegularly updating the foundational model

Answer : B

The most direct preventative control against data poisoning is robust data validation/ingestion gating: provenance checks, schema and constraint validation, anomaly/outlier screening, label consistency tests, and whitelist/blacklist source controls before data reaches training pipelines. Larger datasets (A) don't inherently prevent poisoning; monitoring (C) is detective; updating a foundation model (D) does not address tainted inputs entering the pipeline.

Question 7

An organization is planning to commission a third-party AI system to make decisions using sensitive data. Which of the following metrics is MOST important for the organization to consider?

AModel response time

BService availability

CAccessibility rating

DAccuracy thresholds

Answer : D

When AI systems make consequential decisions over sensitive data, AAISM requires explicit performance thresholds tied to decision quality---i.e., accuracy (and related error/false-rate limits) aligned to business risk appetite and regulatory expectations. Availability and latency are important service metrics, but decision integrity and error bounds are primary risk drivers in sensitive contexts. Establishing, monitoring, and enforcing minimum accuracy thresholds (with subgroup performance checks) is essential to reduce harm, ensure fairness/compliance, and support auditability.

Isaca Advanced in AI Security Management AAISM Exam Questions