Which of the following would BEST help to prevent the compromise of a facial recognition AI system through the use of alterations in facial appearance?
Answer(s): A
AAISM materials note that adversaries may attempt to bypass facial recognition by disguising or altering appearance. The most effective mitigation is to enhance training data with a wide range of variances in facial features, lighting, and disguises so the system can robustly detect authentic users despite adversarial attempts. Monitoring and secondary confirmation are supportive controls but are reactive. Fine-tuning to reduce hallucinations is irrelevant in this context, as hallucinations apply more to generative AI. The best preventive measure is strengthening the model with diverse, variance-rich training data.
AAISM Study Guide AI Technologies and Controls (Robust Training Data Strategies)ISACA AI Security Management Biometric AI Security Risks
Which of the following information is MOST important to include in a centralized AI inventory?
AAISM governance practices identify ownership and accountability as the most critical element in any centralized AI inventory. An AI inventory provides oversight by cataloging all AI assets within an organization, and assigning responsibility ensures that each system has clear governance, monitoring, and compliance coverage. While use cases, training data, and registries are valuable metadata, they do not guarantee accountability. Without defined ownership, no party is responsible for addressing risk, bias, or incidents. Therefore, the most important information to include is ownership and accountability details for each AI system.
AAISM Exam Content Outline AI Governance and Program Management (AI Inventories and Oversight)AI Security Management Study Guide Ownership and Accountability Structures
An organization is facing a deepfake attack intended to manipulate stock prices. The organization's crisis communication plan has been activated. Which of the following is MOST important to include in the initial response?
Answer(s): B
AAISM guidance on crisis management and communication emphasizes that the initial priority in responding to a reputational or market manipulation attack is to provide accurate clarifying information to the public through a pre-approved statement. This ensures stakeholders and markets are given verified facts immediately, limiting the spread of misinformation. While forensic analysis, employee training, and monitoring activities are important, they occur after the immediate need for public trust and damage control is addressed. Pre-approved statements are a central control in AI- related incident response to ensure consistency, timeliness, and credibility in communications.
AAISM Study Guide AI Governance and Program Management (Incident Response and Crisis Communication)ISACA AI Security Management Public Communication and Trust Preservation
An organization has requested a developer to apply AI algorithms to existing modules in order to improve customer service quality. At this stage, which of the following should be considered FIRST?
According to AAISM governance principles, when AI functionality is added to existing services, the first consideration is contractual and service-level accountability. If AI outputs cannot be predefined, the existing service agreements may no longer reflect performance responsibilities or liability. Revising or updating the agreement ensures governance alignment, accountability, and risk management for AI-driven behavior. Phased approaches and performance explanations are valuable but occur later in project management. Developer accountability for customer inquiries is not a primary governance step. The most immediate consideration is revising service agreements when AI introduces new uncertainties.
AAISM Exam Content Outline AI Governance and Program Management (Policies and Service Agreements)AI Security Management Study Guide Accountability in AI Deployments
Which of the following is MOST important to monitor in order to ensure the effectiveness of an organization's AI vendor management program?
The AAISM framework specifies that the primary metric of effectiveness in vendor management is the vendor's compliance with AI-related requirements defined in contracts and governance frameworks. This provides measurable assurance that vendors adhere to agreed-upon privacy, security, and ethical standards. Reviews of threat reports, training results, or research participation are supplemental and may support continuous improvement, but they do not establish compliance accountability. Governance requires a direct focus on whether contractual and regulatory obligations are being fulfilled. Therefore, vendor compliance with AI requirements is the most important monitoring focus.
AAISM Study Guide AI Risk Management (Third-Party Risk Oversight)ISACA AI Security Management Vendor Compliance Monitoring
When an attacker uses synthetic data to reverse engineer an organization's AI model, it is an example of which of the following types of attack?
AAISM defines model inversion attacks as those where adversaries use queries or synthetic data to reconstruct sensitive information or approximate the inner workings of a model. By exploiting outputs, attackers attempt to reverse engineer training data or model functionality. Distillation refers to compressing models, not adversarial attacks. Prompt attacks relate to manipulating language model inputs, and poisoning occurs when adversaries corrupt training data rather than infer from outputs. The scenario describes attackers using synthetic data to reveal hidden characteristics, which aligns directly with inversion attacks.
AAISM Exam Content Outline AI Technologies and Controls (Attack Types and Mitigations)AI Security Management Study Guide Model Inversion Risks
Which of the following is MOST important for an organization to consider when implementing a preventive security safeguard into a new AI product?
AAISM materials emphasize that the most effective preventive safeguard is to ensure input sanitization. Preventive controls stop malicious or malformed inputs from reaching the model in the first place, thereby reducing the likelihood of prompt injection, evasion, or poisoning at inference time. Model output monitoring is a detective control, not preventive. Penetration testing is an assessment technique rather than a safeguard. Differential privacy protects data privacy but does not prevent adversarial input manipulation. Therefore, the most important preventive safeguard in a new AI product is robust input sanitization.
AAISM Study Guide AI Technologies and Controls (Preventive vs. Detective Safeguards)ISACA AI Security Management Input Validation in AI Systems
Which of the following BEST ensures the integrity of data sets used to train AI models?
AAISM defines cryptographic tracking and verification as the best control for ensuring the integrity of training data. By applying hashing and verification methods, organizations can confirm that datasets remain unaltered and authentic throughout collection, storage, and processing. Collecting only necessary data, proper storage, or clear documentation all support governance and compliance, but they do not guarantee that the data has not been tampered with. Integrity is specifically ensured by cryptographic verification techniques.
AAISM Exam Content Outline AI Risk Management (Data Integrity and Protection)AI Security Management Study Guide Cryptographic Controls for Dataset Integrity
Share your comments for ISACA AAISM exam with other users:
good analytics question
this looks accurate
question 46, the answer should be data "virtualization" (not visualization).
its useful.
Pass this exam 3 days ago. The PDF version and the Xengine App is quite useful.
informative for me.
question 134s answer shoule be "dlp"
in 72 the answer must be [sys_user_has_role] table.
i appreciated the mix of multiple-choice and short answer questions. i passed my exam this morning.
great to find this website, thanks
examination questions seem to be relevant.
planning to take psm test
please allow to download
please provide dumps
is the answer to question 15 correct ? i feel like the answer should be b
its getting more technical
i think these questions are what i need.
helpful assessment
i am confused about the answers to the questions. do you know if the answers are correct?
hi, please make the dumps available for my upcoming examination.
good practice
so far it is really informative
hi i want it please please upload it
am preparing for exam ,just nice questions
please upload c_tadm_23 exam
can we get tdvan4 vantage data engineering pdf?
want to clear the exam.
could you please upload the dumps of sap c_sac_2302
asm management configuration is about storage
kool thumb up
just passed the az-500 exam this last friday. most of the questions in this exam dumps are in the exam. i bought the full version and noticed some of the questions which were answered wrong in the free version are all corrected in the full version. this site is good but i wish the had it in an interactive version like a test engine simulator.
i can practice for exam
please i need this exam.
i need the dump