Free ISACA AAISM Practice Test & Real Exam Questions, Page 1

Question #1

Which of the following AI incidents would be BEST contained via a kill switch?

A. Graphics processing unit utilization decreases.

B. A model version update fails.

C. The agent attempts self-replication.

D. The query takes too long to complete.

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).

Question #2

What BEST protects trade secrets related to AI technologies during their life cycle?

A. Patenting AI algorithms and data

B. Restricting access to sensitive data

C. Enforcing trademark rights

D. Watermarking AI output

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).

Question #3

An organization plans to apply an AI system to its business, but developers find it difficult to predict system results due to lack of visibility to the inner workings of the AI model. Which of the following is the GREATEST challenge associated with this situation?

A. Gaining the trust of end users through explainability and transparency

B. Determining average turnaround time for AI transaction completion

C. Continuing operations to meet expected AI security requirements

D. Assigning a risk owner who is responsible for system uptime and performance

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).

Question #4

An organization plans to use AI to analyze the shopping patterns of its customers to predict interests and send targeted, customized marketing emails. Which of the following should be done FIRST?

A. Obtain customer consent

B. Train the marketing department

C. Verify customer email addresses

D. Update the terms of service

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).

Question #5

Which of the following should be done FIRST when identifying and analyzing entry points, interfaces, and components of AI systems that malicious actors could exploit?

A. Configure access controls.

B. Determine performance metrics.

C. Examine data flow diagrams.

D. Mitigate potential attack vectors.

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).

Question #6

A military contractor discovered that its large language model (LLM) is at high risk of being targeted by advanced persistent threat (APT) actors seeking to exploit the model to access confidential information. Which of the following attacks is the HIGHEST priority to protect against?

A. Unauthorized tuning

B. Model distillation

C. Model inversion

D. Data poisoning

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).

Question #7

A financial organization is concerned about the risk of prompt injection attacks on its customer service chatbot. Which of the following controls BEST addresses this concern?

A. Continuous monitoring

B. Increasing model parameters

C. Input validation

D. Human-in-the-loop

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).

Question #8

Within which stage of the AI development life cycle should effective feature engineering be conducted?

A. Design

B. Testing

C. Define

D. Development

Discussion 0

Correct Answer: D Vote an answer

Question #9

Which of the following is the BEST way to ensure role clarity and staff effectiveness when implementing AI-assisted security monitoring tools?

A. Increase training budgets for business staff to obtain vendor-neutral AI certifications.

B. Update the security program to include cross-functional AI-specific responsibilities.

C. Defer implementation until the security team can be expanded with data scientists.

D. Transition responsibilities for AI tools to external consultants for improved scalability.

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).

Question #10

Which of the following is the MOST effective and secure way to prevent model attribute attacks against an organization's centralized AI system training data that includes sensitive information about individuals?

A. Removing private data from AI training datasets

B. Monitoring the output of AI learning models continuously

C. Implementing a cross-validation AI learning model

D. Using federated learning to train AI algorithms

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).

Question #11

After an organization deploys an AI-based system, a regulator warns of increased risk related to AI re-identification attacks on anonymized datasets. Which of the following should the information security manager do FIRST?

A. Immediately delete all anonymized datasets and suspend AI services.

B. Implement a continuous monitoring program for re-identification risk, including privacy audits and adversarial testing.

C. Require staff to sign nondisclosure agreements (NDAs) and implement strong access controls for services using anonymized data.

D. Assume anonymization is permanent and maintain business as usual.

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).

Question #12

Which of the following BEST enables an organization to maintain visibility to its AI usage?

A. Ensuring the board approves the policies and standards that define corporate AI strategy

B. Maintaining a comprehensive inventory of AI systems and business units that leverage them

C. Maintaining a monthly dashboard that captures all AI vendors

D. Measuring the impact of AI implementation using key performance indicators (KPIs)

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).

Question #13

A retailer's third-party large language model (LLM) for customer queries has a high likelihood of prompt injection with critical impact if personally identifiable information (PII) is leaked, exceeding the organization's risk tolerance. Which of the following would BEST reduce this risk to an acceptable level?

A. Deploy a private LLM instance with reduced external exposure.

B. Require third-party security testing and reporting of findings.

C. Apply data minimization and filtering controls on model inputs.

D. Enable continuous monitoring to detect malicious activity.

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).

Question #14

Which of the following is the GREATEST concern when a vendor enables generative AI features for an organization's critical system?

A. Bias and ethical practices

B. Security monitoring and alerting

C. Access to the model

D. Proposed regulatory enhancements

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).

Question #15

A healthcare organization has initiated the design of an AI-supported advisory system. Which of the following BEST mitigates the risk of AI generating recommendations that adversely impact patients?

A. Ensure the AI framework fulfills compliance requirements mandated by regulatory authorities.

B. Review outputs and compare against thresholds to ensure volatility remains within the acceptable range.

C. Advise patients in advance that AI is utilized to provide services at an optimal level.

D. Introduce a means by which patients can opt out of AI-based services and recommendations.

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).

Free ISACA AAISM Practice Test & Real Exam Questions

Download Free ISACA AAISM Demo