Certs Vault
See all results for ""
Home Exams
CRISC ISACA CISSP ISC2 200-301 Cisco SY0-701 CompTIA AZ-104 Microsoft AI-900 Microsoft AIGP IAPP 1Z0-1067-26 Oracle View All Exams →
Sign in Create account

ISACA Advanced in AI Security Management Exam AAISM Exam Questions

Preparing for the AAISM exam is simple with Certs Vault. We offer easy-to-understand study materials that help you learn the most important exam topics. You can study using our PDF questions, practice online with a real exam-style test, or use the desktop practice software. Choose the study method that works best for you and prepare at your own pace.

At Certs Vault, we keep our AAISM practice questions up to date. Whenever the exam syllabus or objectives change, we update our study materials so you always learn the latest topics. This helps you save time, avoid outdated content, and feel more confident when you take your exam.

Download Exam View Entire Exam
Page: 1 / 2
Question #1 (Topic: Demo Questions)

A large language model (LLM) has been manipulated to provide advice that serves an attacker’s objectives. Which of the following attack types does this situation represent?

A.

Privilege escalation

B.

Data poisoning

C.

Model inversion

D.

Evasion attack

Correct Answer: D
Explanation:

AAISM categorizes the manipulation of an LLM at inference time, where crafted inputs cause outputs to serve attacker objectives, as an evasion attack. Evasion attacks exploit weaknesses in the model’s decision-making boundaries by altering queries to produce compromised or misleading outputs. Privilege escalation refers to unauthorized access rights, data poisoning targets the training phase, and model inversion reconstructs training data. In this case, manipulation of outputs to align with an attacker’s goals reflects an evasion attack.

[References:, AAISM Exam Content Outline – AI Risk Management (Adversarial Attack Types), AI Security Management Study Guide – Evasion and Manipulation Risks, ]
Question #2 (Topic: Demo Questions)

A post-incident investigation finds that an AI-powered anti-money laundering system inadvertently allowed suspicious transactions because certain risk signals were disabled to reduce false positives. Which of the following governance failures does this BEST demonstrate?

A.

Lack of sufficient computing resources for the AI system

B.

Insufficient model validation and change control processes

C.

Excessive reliance on external consultants for model design

D.

Absence of metrics and dashboard for analysts

Correct Answer: B
Explanation:

AAISM requires formal model change governance: documented justification, risk assessment, validation/verification (V & V), approvals, and post-deployment monitoring when altering features, thresholds, or signals. Disabling risk indicators to reduce false positives without rigorous validation and controlled rollout reflects a failure in model validation and change control, which AAISM treats as a core safeguard against unintended harms and regulatory breaches.

[References: AI Security Management™ (AAISM) Body of Knowledge — Model Risk Governance; Change Management & Approvals; Validation/Verification Requirements. AAISM Study Guide — Control Gates for Feature/Threshold Changes; Post-Change Monitoring and Backout Criteria., ===========, ]
Question #3 (Topic: Demo Questions)

A financial organization is concerned about the risk of prompt injection attacks on its customer service chatbot. Which of the following controls BEST addresses this concern?

A.

Human-in-the-loop

B.

Input validation

C.

Increasing model parameters

D.

Continuous monitoring

Correct Answer: B
Explanation:

AAISM describes prompt injection as an attack where adversaries craft inputs that manipulate model behavior or override system instructions. The recommended control pattern is to implement robust input validation and constraint mechanisms that sanitize and structure user inputs before they are processed by the model. The guidance includes techniques such as template-based prompts, restricted instruction sets, and validation rules to filter malicious or out-of-scope content. Human-in-the-loop (A) provides oversight but may not scale and is not a primary technical protection. Increasing model parameters (C) relates to capacity and performance, not security. Continuous monitoring (D) is important for detection but does not prevent prompt injection at the point of entry. Therefore, input validation, combined with controlled prompt construction, is identified as the best direct control against prompt injection attacks in customer-facing chatbots.

[References: AI Security Management™ (AAISM) Study Guide – AI Threats and Attack Vectors; Prompt Injection and Input Control Mechanisms., , ]
Question #4 (Topic: Demo Questions)

Which of the following is the MOST critical key risk indicator (KRI) for an AI system?

A.

The accuracy rate of the model


B.

The amount of data in the model

C.

The response time of the model

D.

The rate of drift in the model

Correct Answer: D
Explanation:

AAISM highlights that while accuracy and performance metrics are important, the rate of drift is the most critical KRI for AI systems. Model drift occurs when input data or environmental conditions shift, causing the system to degrade and produce unreliable outputs. This risk indicator directly reflects whether the AI continues to function as intended over time. Accuracy rates and response times are performance metrics, not primary risk signals. The amount of data in the model does not reliably indicate exposure to risk. Therefore, the greatest KRI for ongoing assurance and governance is the rate of drift.

[References:, AAISM Study Guide – AI Risk Management (Monitoring and Drift Detection), ISACA AI Security Management – Key Risk Indicators for AI Systems, , , ]
Question #5 (Topic: Demo Questions)

A financial organization is concerned about AI data poisoning. Which control BEST mitigates this risk?

A.

Implementing a break-glass policy

B.

Transparency with customers about data sources

C.

Using training data from multiple sources

D.

Delivering AI-specific security awareness training

Next Question
Correct Answer: C
Explanation:

AAISM outlines that diversifying training data sources reduces the likelihood and impact of poisoning because:

• attack samples become harder to inject

• anomalies are easier to detect

• corrupted data has reduced influence on model behavior

Break-glass procedures (A) relate to incident response, not mitigation. Customer transparency (B) does not stop poisoning. Awareness training (D) is insufficient alone.

[References: AAISM Study Guide – Data Poisoning Mitigation; Data Diversity and Source Validation., ============================================, ]