AAISM Question #109: Real Exam Question with Answer & Explanation

The correct answer is C: Implementing a solution to prohibit the input of sensitive data. AAISM prioritizes preventive controls at the point of use for generative AI, specifically input- governance and DLP controls that block or redact confidential, regulated, or high-risk data before it can be sent to external models. Audits, pre-deployment tests, and regulatory conf

AI Security Design and Implementation

Question

Which of the following strategies BEST ensures generative AI tools do not expose company data?

Options

AConducting an independent AI data audit
BTesting AI tools before implementation
CImplementing a solution to prohibit the input of sensitive data
DEnsuring AI tools are compliant with local regulations

Explanation

AAISM prioritizes preventive controls at the point of use for generative AI, specifically input- governance and DLP controls that block or redact confidential, regulated, or high-risk data before it can be sent to external models. Audits, pre-deployment tests, and regulatory conformance are necessary but do not themselves prevent an employee from pasting sensitive content into prompts. Enforcing input restrictions, pattern-based redaction, policy-aware controls, and allow- lists for approved contexts provides the highest assurance of preventing exposure.

Topics

#Generative AI Security#Data Exposure Prevention#Sensitive Data Handling#Input Controls

Community Discussion

No community discussion yet for this question.

Full AAISM Practice Browse All AAISM Questions