AAISM Practice Questions
265 real AAISM exam questions with expert-verified answers and explanations. Page 3 of 6.
- Question #101AI Security Assurance and Resilience
Which of the following is the BEST way to ensure an organization remains compliant with industry regulations when decommissioning an AI system used to record patient data?
AI System DecommissioningData DestructionRegulatory ComplianceData Retention Policy - Question #102AI Security Risk Management
Which of the following is the GREATEST benefit of performing AI security risk assessments?
AI Security Risk AssessmentRisk PrioritizationRisk Management Benefits - Question #103AI Security Design and Implementation
An organization is designing an AI-based credit risk assessment system that will integrate with sensitive financial datasets. Which of the following would BEST support the implemen...
Security-by-designThreat modelingAI architecture securitySecure development lifecycle - Question #104AI Security Operations and Monitoring
Which of the following BEST enables an organization to strengthen information security controls around the use of generative AI applications?
AI Output MonitoringGenerative AI SecurityOperational Security ControlsPolicy Compliance - Question #105AI Security Risk Management
Which of the following is the MOST effective way to identify and address security risk in an AI model?
AI SecurityThreat ModelingRisk IdentificationVulnerability Assessment - Question #106AI Security Risk Management
An aerospace manufacturing company that prioritizes accuracy and security has decided to use generative AI to enhance operations. Which of the following large language model (LLM)...
LLM adoptionRisk appetiteAI deploymentRisk management - Question #107AI Security Risk Management
An organization has discovered that employees have started regularly utilizing open-source generative AI without formal guidance. Which of the following should be the CISO's GREATE...
Data leakageGenerative AI securityUnsanctioned AI useRisk prioritization - Question #108AI Security Design and Implementation
An organization decides to use an anomaly-based intrusion detection system (IDS) integrated with a generative adversarial network璭nabled AI tool. The integrated tool would MOST eff...
Anomaly DetectionGenerative AIIntrusion DetectionAI Training Data - Question #109AI Security Design and Implementation
Which of the following strategies BEST ensures generative AI tools do not expose company data?
Generative AI SecurityData Exposure PreventionSensitive Data HandlingInput Controls - Question #110AI Security Risk Management
An organization is planning to commission a third-party AI system to make decisions using sensitive data. Which of the following metrics is MOST important for the organization to c...
AI performance metricsData sensitivityAI decision-makingAI risk management - Question #111AI Security Risk Management
Which of the following BEST addresses risk associated with hallucinations in AI systems?
AI hallucinationsRisk mitigationHuman oversightAI safety - Question #112AI Security Risk Management
Which of the following is the GREATEST concern when a vendor enables generative AI features for an organization's critical system?
Generative AI securityVendor risk managementAI model access controlCritical infrastructure security - Question #113AI Security Design and Implementation
Secure aggregation enhances the security of federated learning systems by:
Federated LearningSecure AggregationData PrivacyAI Security Controls - Question #114AI Security Operations and Monitoring
Within an incident handling process, which of the following would BEST help restore end user trust with an AI system?
AI Incident ResponseEnd-user TrustHuman OversightAI Output Validation - Question #115AI Security Assurance and Resilience
Which of the following is the MOST effective strategy for penetration testers assessing the security of an AI model against membership inference attacks?
Membership Inference AttacksAI PrivacyAI Model Security TestingModel Confidence Scores - Question #116AI Security Operations and Monitoring
An organization implementing a large language model (LLM) application notices significant and unexpected cost increases due to excessive computational resource usage. Which vulnera...
LLM vulnerabilitiesResource consumptionCost managementOperational risk - Question #117AI Security Strategy and Governance
A financial services firm received a regulatory fine after a vendor switched its chatbot's AI model without due diligence, resulting in unethical investment advice to the firm's cl...
Change ManagementVendor Risk ManagementAI GovernanceRegulatory Compliance - Question #118AI Security Strategy and Governance
Which of the following actions BEST enables the evaluation of bias during an AI impact assessment?
AI Bias EvaluationAI Impact AssessmentTraining Data RepresentationResponsible AI - Question #119AI Security Strategy and Governance
Which of the following reviews MUST be conducted as part of an AI impact assessment?
AI Impact AssessmentResponsible AIAI GovernanceAI Ethics - Question #120AI Security Design and Implementation
Which of the following approaches BEST enables the separation of sensitive and shareable data to prevent an AI chatbot from inadvertently disclosing confidential information?
AI Data SecurityData SegregationConfidentialityData Leak Prevention - Question #121AI Security Strategy and Governance
An organization is implementing an AI-based credit assessment engine using internal and third- party customer data. Which of the following BEST aligns with data management controls...
Data ManagementData QualityData GovernanceAI Lifecycle - Question #122AI Security Design and Implementation
An AI application development team has been given access to user information and now must format it to be readable by the AI model. During which phase of the data life cycle would...
Data preparationAI data pipelineData life cycle - Question #123AI Security Risk Management
Which of the following mitigation control strategies would BEST reduce the risk of introducing hidden backdoors during model fine-tuning via third-party components?
AI Supply Chain SecurityThreat ModelingIntegrity ChecksModel Backdoors - Question #124AI Security Risk Management
An organization is looking to purchase an AI application from a vendor but is concerned about the security of its data. Which of the following is the MOST effective way to address...
AI procurementData securityVendor risk managementData usage disclosure - Question #125AI Security Risk Management
Which of the following is MOST important for effective AI risk management?
AI risk managementAI system life cycleEarly risk identificationRisk measurement - Question #126AI Security Strategy and Governance
Which of the following is the MOST important consideration when an organization is adopting generative AI for personalized advertising?
Generative AIRegulatory ComplianceRisk ManagementAI Adoption - Question #127AI Security Design and Implementation
A financial organization is concerned about the risk of prompt injection attacks on its customer service chatbot. Which of the following controls BEST addresses this concern?
Prompt InjectionInput ValidationChatbot SecurityAI Security Controls - Question #128AI Security Design and Implementation
An organization decides to use an anomaly-based intrusion detection system (IDS) integrated with a generative adversarial network (GAN)璭nabled AI tool. The integrated tool would MO...
Anomaly-based IDSGenerative Adversarial Networks (GANs)AI TrainingSynthetic Data - Question #129AI Security Design and Implementation
Which of the following should be the PRIMARY objective of implementing differential privacy techniques in AI models used for fraud detection systems?
Differential PrivacyAI PrivacyData ProtectionFraud Detection - Question #130AI Security Assurance and Resilience
Within an incident handling process, which of the following would BEST help restore end-user trust in an AI system?
Incident ResponseTrust RestorationRemediationLessons Learned - Question #131AI Security Assurance and Resilience
A financial organization relies on AI-based identity verification and fraud detection services. Which of the following BEST integrates AI security risk into the business continuity...
Business Continuity PlanDisaster RecoveryAI InfrastructureOperational Resilience - Question #132AI Security Strategy and Governance
Which of the following is MOST important to ensure security throughout the AI data life cycle?
AI Data Life Cycle SecurityData GovernanceData LineageData Inventory - Question #133AI Security Risk Management
Which of the following is the BEST way to reduce the risk of misuse of an AI agent that has access to critical data and systems?
AI Risk ManagementAI Security ControlsOutput RestrictionsAI Misuse Prevention - Question #134AI Security Operations and Monitoring
Which of the following is the MAIN objective of the operational phase of AI life cycle management?
AI Lifecycle ManagementOperational PhaseModel MonitoringAI Operations - Question #135AI Security Assurance and Resilience
Which approach should an organization prioritize to effectively verify the security of its AI models?
AI Security TestingAI Threat ModelingAdversarial AttacksAI Model Verification - Question #136AI Security Risk Management
When deriving statistical information from AI systems, which source of risk is MOST important to address?
AI biasData qualityEthical AIAI risk management - Question #137AI Security Design and Implementation
Which of the following approaches BEST helps reduce model bias?
Model Bias MitigationTraining Data DiversityResponsible AIAI Ethics - Question #138AI Security Risk Management
An organization plans to leverage AI in the software development process to speed up coding. Which of the following should the information security manager do FIRST?
AI Risk ManagementImpact AssessmentSecurity PlanningSDLC Security - Question #139AI Security Strategy and Governance
An organization plans to use an open-source foundational AI model. Which of the following is MOST important for the AI governance committee to consider when approving its use?
AI GovernanceOpen-source AI RisksData LeakageRisk Management - Question #140AI Security Assurance and Resilience
An organization is adopting an agentic AI solution from an external vendor to support internal IT operations. Which of the following provides the MOST reliable and independently ve...
Vendor risk managementSecurity assuranceThird-party auditEvidence of controls - Question #141AI Security Strategy and Governance
When preparing for an AI incident, which of the following should be done FIRST?
AI Incident ResponseIncident PreparednessTeam BuildingOrganizational Structure - Question #142AI Security Strategy and Governance
Which of the following is the MOST effective action an organization can take to address data security risk when using generative AI features in an application?
AI security policiesSecurity awareness trainingGenerative AI risk managementData security governance - Question #143AI Security Risk Management
An organization implementing an LLM application sees unexpected cost increases due to excessive computational resource usage. Which vulnerability is MOST likely in need of mitigati...
LLM vulnerabilitiesUnbounded consumptionResource managementAI cost optimization - Question #144AI Security Assurance and Resilience
Which of the following is BEST for analyzing true positives, true negatives, false positives, and false negatives produced by an AI model?
AI model evaluationConfusion matrixPerformance metrics - Question #145AI Security Risk Management
An aerospace manufacturer prioritizing accuracy and security wants to use generative AI. Which LLM adoption plan BEST aligns with its risk appetite?
LLM Deployment ModelsAI Risk ManagementData SecurityOrganizational Risk Appetite - Question #146AI Security Assurance and Resilience
During red-team testing of an AI system used for lending decisions, which technique BEST simulates a data poisoning attack?
Data PoisoningAdversarial AIRed TeamingAI Security Attacks - Question #147AI Security Operations and Monitoring
Which strategy is MOST effective for penetration testers assessing an AI model against membership inference attacks?
Membership Inference AttacksAI Penetration TestingModel Confidence ScoresAI Model Vulnerability Assessment - Question #148AI Security Strategy and Governance
When creating a use case for an AI model that provides sensitive decisions affecting end users, which of the following is the GREATEST benefit of using model cards?
Model CardsEthical AIAI GovernanceResponsible AI - Question #149AI Security Risk Management
An organization is commissioning a third-party AI system using sensitive data. Which metric is MOST important to consider?
AI System MetricsSensitive Data ProtectionAccuracyThird-party AI Risk - Question #150AI Security Design and Implementation
Which AI model is BEST suited to ensure explainability in an HR department's pre-screening tool for candidate resumes?
AI ExplainabilityMachine Learning ModelsDecision TreesResponsible AI