Free AAISM Practice Test Questions 2026

How can an organization BEST protect itself from payment diversions caused by deepfake attacks impersonating management?

A. Require mandatory deepfake detection training for all employees

B. Mandate that payments be sent only once per week

C. Issue a security policy on deepfakes

D. Implement resilient payment approval processes

A financial services firm received a regulatory fine after a vendor switched its chatbot’s AI model without due diligence, resulting in unethical investment advice to the firm’s clients. Which of the following controls should be implemented by the firm to BEST prevent recurrence of this scenario?

A. Master services agreement

B. Shared responsibility model

C. Data minimization

D. Change management

When robust input controls are not practical on a large language model (LLM) to prevent prompt injection attacks from external threats, which of the following would be the BEST compensating control to address the risk?

A. Review and annotate the AI system's outputs

B. Implement identity and access management (IAM)

C. Conduct human reviews of the AI system's inputs

D. Fine-tune the system to validate the AI system's inputs

A CISO must provide KPIs for the organization’s newly deployed AI chatbot. Which metrics are BEST?

A. Response time and throughput

B. Error rate and bias detection

C. Customer effort score and user retention

D. Explainability and F1 score

Which of the following BEST ensures AI components are validated as part of disaster recovery testing?

A. Disconnecting primary model training clusters to test retraining workflow during extended outages

B. Simulating denial of service (DoS) attacks against AI APIs to evaluate detection capabilities

C. Running simulated data loss scenarios by erasing test records from the AI system’s feature store

D. Monitoring model performance metrics during failover and recovery to assess system stability

Personal data used to train AI systems can BEST be protected by:

A. Erasing personal data after training

B. Ensuring the quality of personal data

C. Anonymizing personal data

D. Hashing personal data

An organization concerned about the ethical and responsible use of a newly developed AI product should consider implementing:

A. Model cards

B. Vendor monitoring

C. An accountability model

D. Security by design

Which of the following is the MOST important course of action when implementing continuous monitoring and reporting for AI-based systems?

B. Develop standardized risk reporting templates for different stakeholder groups

C. Implement real-time monitoring of key risk indicators (KRIs) for AI systems

D. Implement a risk dashboard for visualizing and tracking AI-related risk over time

Which of the following should be included in an AI acceptable use policy?

A. AI training data requirements

B. Data collection and storage processes

C. Ethical and legal compliance standards

D. AI monitoring requirements

Which of the following is the GREATEST benefit of implementing an AI tool to safeguard sensitive data and prevent unauthorized access?

A. Timely analysis of endpoint activities

B. Timely initiation of incident response

C. Reduced number of false positives

D. Reduced need for data classification

Which of the following security framework elements BEST helps to safeguard the integrity of outputs generated by AI algorithms?

A. Risk exposure due to bias in AI outputs is kept within an acceptable range

B. Ethical standards are incorporated into security awareness programs

C. Management is prepared to disclose AI system architecture to stakeholders

D. Responsibility is defined for legal actions related to AI regulatory requirements

Who is responsible for implementing recommendations in a final report after an external AI compliance audit?

A. System architects

B. Internal auditors

C. End users

D. Model owners