A post-incident investigation finds that an AI-powered anti-money laundering system inadvertently allowed suspicious transactions because certain risk signals were disabled to reduce false positives. Which of the following governance failures does this BEST demonstrate?
A. Lack of sufficient computing resources for the AI system
B. Insufficient model validation and change control processes
C. Excessive reliance on external consultants for model design
D. Absence of metrics and dashboard for analysts
When evaluating a third-party AI service provider, which of the following master services agreement provisions is MOST critical for managing security risk?
A. Prohibiting the use of customer data for model training
B. Restricting query volume thresholds
C. Sharing real-time log information
D. Guaranteeing unlimited model retraining requests
An organization deploying an LLM is concerned input manipulations could compromise security. What is the MOST effective way to determine an acceptable risk threshold?
A. Deploy real-time logging and monitoring
B. Restrict all inputs containing special characters
C. Assess the business impact of known threats
D. Implement a static threshold limiting LLM outputs
The PRIMARY goal of data poisoning attacks is to:
A. compromise the confidentiality of output data from the model
B. compromise the confidentiality of model input data
C. manipulate the behavior of the model during development
D. undermine the integrity of the AI system’s outputs
An organization is updating its vendor arrangements to facilitate the safe adoption of AI technologies. Which of the following would be the PRIMARY challenge in delivering this initiative?
A. Failure to adequately assess AI risk
B. Inability to sufficiently identify shadow AI within the organization
C. Unwillingness of large AI companies to accept updated terms
D. Insufficient legal team experience with AI
Which of the following employee awareness topics would MOST likely be revised to account for AI-enabled cyber risk?
A. Clean desk policy
B. Social engineering
C. Malicious insider threats
D. Authentication controls
Which of the following is the MOST serious consequence of an AI system correctly guessing the personal information of individuals and drawing conclusions based on that information?
A. The exposure of personal information may result in litigation
B. The publicly available output of the model may include false or defamatory statements about individuals
C. The output may reveal information about individuals or groups without their knowledge
The PRIMARY purpose of adopting and implementing AI architecture within an organizational AI program is to:
A. Deploy fast and cost-efficient AI systems
B. Provide a basis for identifying threats and vulnerabilities
C. Align AI system components with business goals
D. Ensure powerful and scalable AI systems
Which of the following is the MOST important consideration when deciding how to compose an AI red team?
A. Resource availability
B. AI use cases
C. Time-to-market constraints
D. Compliance requirements
A global organization experienced multiple incidents of staff pasting confidential data into public chatbots. Which action is MOST important to reduce short-term risk?
A. Deliver role-based, scenario-driven AI security training mapped to job functions
B. Require employees to complete an annual generic phishing and deepfake module
C. Publish an AI acceptable use policy and collect signatures
D. Block access to public LLMs at the network perimeter
Which of the following MOST effectively secures ongoing stakeholder support for AI initiatives?
A. Quantifying and communicating the value of AI solutions
B. Conducting periodic staff training
C. Addressing and optimizing AI-related risk
D. Developing and monitoring an AI strategic roadmap
Which of the following strategies is the MOST effective way to protect against AI data poisoning?
A. Ensuring the model is trained on diverse data sources
B. Increasing model complexity
C. Using robust data validation techniques and anomaly detection
D. Incorporating more features and data into model training
| Page 2 out of 21 Pages |
| 1234567 |
| AAISM Practice Test Home |
Real-World Scenario Mastery: Our AAISM practice exam don't just test definitions. They present you with the same complex, scenario-based problems you'll encounter on the actual exam.
Strategic Weakness Identification: Each practice session reveals exactly where you stand. Discover which domains need more attention, before ISACA Advanced in AI Security Management (AAISM) Exam exam day arrives.
Confidence Through Familiarity: There's no substitute for knowing what to expect. When you've worked through our comprehensive AAISM practice exam questions pool covering all topics, the real exam feels like just another practice session.
Copyright © All Rights Reserved