ISACA-AAISM

An AI research team is developing a natural language processing model that relies on several open-source libraries. Which of the following is the team's BEST course of action to ensure the integrity of the software packages used?

An organization plans to apply an AI system to its business, but developers find it difficult to predict system results due to lack of visibility to the inner workings of the AI model. Which of the following is the GREATEST challenge associated with this situation?

After implementing a third-party generative AI tool, an organization learns about new regulations related to how organizations use AI. Which of the following would be the BEST justification for the organization to decide not to comply?

Which of the following is the MOST important consideration when deciding how to compose an AI red team?

An organization's CIO provided the AI steering committee with a list of AI technologies in use and tasked them with categorizing the technologies by risk. Which of the following should the committee do FIRST?

A large pharmaceutical company using a new AI solution to develop treatment regimens is concerned about potential hallucinations with the introduction of real-world data. Which of the following is MOST likely to reduce this risk?

Which of the following should be the PRIMARY consideration for an organization concerned about liabilities associated with unforeseen behavior from agentic AI systems?

During the creation of a new large language model (LLM), an organization procured training data from multiple sources. Which of the following is MOST likely to address the CISO's security and privacy concerns?

An organization is reviewing an AI application to determine whether it is still needed. Engineers have been asked to analyze the number of incorrect predictions against the total number of predictions made. Which of the following is this an example of?

Which of the following is the MOST critical key risk indicator (KRI) for an AI system?

How can an organization BEST protect itself from payment diversions caused by deepfake attacks impersonating management?

Which of the following technologies can be used to manage deepfake risk?

Which of the following would BEST help to prevent the compromise of a facial recognition AI system through the use of alterations in facial appearance?

An organization concerned about the ethical and responsible use of a newly developed AI product should consider implementing:

Which of the following metrics BEST evaluates the ability of a model to correctly identify all true positive instances?

The PRIMARY reason to conduct a privacy impact assessment (PIA) on an AI system is to:

Which of the following will BEST reduce data bias in machine learning (ML) algorithms?

Which of the following should be done FIRST when developing an acceptable use policy for generative AI?

A large language model (LLM) has been manipulated to provide advice that serves an attacker's objectives. Which of the following attack types does this situation represent?

From a risk perspective, which of the following is the MOST important step when implementing an adoption strategy for AI systems?

Which of the following is MOST important to monitor in order to ensure the effectiveness of an organization's AI vendor management program?

After deployment, an AI model's output begins to drift outside of the expected range. Which of the following is the development team's BEST course of action?

The PRIMARY ethical concern of generative AI is that it may:

Which of the following is the MOST effective use of AI-enabled tools in a security operations center (SOC)?

Which of the following recommendations would BEST help a service provider mitigate the risk of lawsuits arising from generative AI's access to and use of internet data?

An organization recently introduced a generative AI chatbot that can interact with users and answer their queries. Which of the following would BEST mitigate hallucination risk identified by the risk team?

Which of the following is the BEST approach for minimizing risk when integrating acceptable use policies for AI foundation models into business operations?

Which of the following key risk indicators (KRIs) is MOST relevant when evaluating the effectiveness of an organization's AI risk management program?

A retail organization implements an AI-driven recommendation system that utilizes customer purchase history. Which of the following is the BEST way for the organization to ensure privacy and comply with regulatory standards?

Which of the following is the MOST serious consequence of an AI system correctly guessing the personal information of individuals and drawing conclusions based on that information?