AAISM · Question #74
AAISM Question #74: Real Exam Question with Answer & Explanation
The correct answer is A: Implementing an AI threat control matrix that maps threats to specific controls and assurance. AAISM prescribes building and maintaining an AI Threat-Control Matrix to ensure consistent, repeatable risk treatment. The matrix traces each material threat (e.g., prompt injection, poisoning, exfiltration) to named controls, test/evidence procedures, and assurance owners across
Question
A preliminary risk assessment of a SaaS-based large language model (LLM) business support system has identified prompt injection, data poisoning, and model exfiltration as material threats. Which of the following is the BEST approach to ensure risks are treated consistently?
Options
- AImplementing an AI threat control matrix that maps threats to specific controls and assurance
- BApplying control baselines from a recognized industry standard to AI components
- CRelying on vendor independent audit reports and service level agreements (SLAs) as evidence of
- DFocusing resources on post-deployment red teaming and deferring control selection until post go-
Explanation
AAISM prescribes building and maintaining an AI Threat-Control Matrix to ensure consistent, repeatable risk treatment. The matrix traces each material threat (e.g., prompt injection, poisoning, exfiltration) to named controls, test/evidence procedures, and assurance owners across the lifecycle. Baselines and vendor attestations can support assurance but are insufficient alone; deferring control selection until after deployment conflicts with AAISM's proactive treatment
Topics
Community Discussion
No community discussion yet for this question.