Isaca Advanced in AI Security Management AAISM Exam Questions

Page: 1 / 14
Total 255 questions
Question 1

Which of the following is the MOST effective defense against cyberattacks that alter input data to avoid detection by the model?



Answer : B

Evasion attacks manipulate inputs to induce misclassification while leaving the model unchanged. AAISM prescribes adversarial robustness controls, with adversarial training as a primary measure: incorporate adversarially perturbed examples into training/validation to harden decision boundaries and improve resilience across threat models (e.g., Lp-bounded perturbations). Monitoring (A) is detective, not preventive. Restricting parameter access (C) protects confidentiality but does not mitigate input-space attacks. Differential privacy (D) addresses training data leakage, not robustness to adversarial inputs.


===========

Question 2

A security assessment revealed that attackers could access sensitive company data through chat interface injection. What is the BEST mitigation?



Answer : C

AAISM explains that prompt injection attacks are best mitigated by:

* strict input validation

* templated prompts

* controlled context windows

* guardrail enforcement

These prevent malicious instructions from overriding system prompts.

Audits (A) are periodic, not preventive. Manual review (B) is not scalable. Monitoring (D) detects issues but does not block injection.


============================================

Question 3

A PRIMARY objective of responsibly providing AI services is to:



Answer : C

AAISM emphasizes that the primary objective of responsible AI is to establish and maintain trust in AI-driven decisions and predictions. Trust is achieved through transparency, accountability, fairness, and governance. While confidentiality and integrity are critical technical objectives, they are not the overarching purpose of responsible AI service provision. Autonomy and learning ability are features of AI, but without trust, adoption and compliance falter. The correct answer is that responsible AI services must focus on building trust in AI outcomes.


AAISM Exam Content Outline -- AI Governance and Program Management (Responsible AI Principles)

AI Security Management Study Guide -- Trust and Ethical AI Adoption

Question 4

From a risk perspective, which of the following is the MOST important step when implementing an adoption strategy for AI systems?



Answer : C

AAISM guidance states that when adopting AI, the most important step is to conduct a risk assessment and update the enterprise risk register. This ensures AI-specific risks are identified, documented, and integrated into the organization's existing governance structures. Benchmarking peers provides context but does not address internal risk. Implementing methodologies and frameworks are important, but they precede or follow the assessment process. The decisive step that connects adoption to enterprise risk governance is updating the risk register with AI-specific risks.


AAISM Study Guide -- AI Risk Management (Integration with Enterprise Risk Management)

ISACA AI Security Management -- Risk Assessment and Register Updates

Question 5

A programmer suspects an AI system is inferring sensitive user information. What is the BEST action?



Answer : A

AAISM directs that potential privacy, ethical, or compliance risks must be escalated to the AI Governance Panel, the body responsible for oversight, risk approval, and corrective action.

Fine-tuning (B) is premature and may worsen risk. Code review (C) does not address model-level inference issues. Escalating directly to the CIO (D) bypasses the required governance process.


============================================

Question 6

Within an incident handling process, which of the following would BEST help restore end-user trust in an AI system?



Answer : A

AAISM highlights that post-incident remediation and demonstrating lessons learned is essential to restoring trust. Governance guidance specifies that stakeholders regain confidence only when organizations show clear corrective actions, transparency, and improvements to prevent recurrence.

Validating outputs (B) supports accuracy but is not trust-restoring. Monitoring (C) and prioritization (D) relate to operations, not trust rebuilding.


=============================================

Question 7

What BEST protects trade secrets related to AI technologies during their life cycle?



Answer : B

AAISM emphasizes access control and data security as the strongest mechanisms to protect trade secrets, including:

* proprietary algorithms

* training datasets

* model weights

* internal design documentation

Trademarks (A) protect brand, not trade secrets. Patents (C) require public disclosure. Watermarks (D) protect generated content, not internal trade secrets.


Page:    1 / 14   
Total 255 questions