AAISM Exam Dumps - ISACA Advanced in AI Security Management (AAISM) Exam

AI/ML threat modeling is the most effective structured method to both identify and address model security risks. It systematically surfaces attack classes (poisoning, evasion, membership inference, model extraction, inversion), maps system-specific attack surfaces (data pipelines, feature stores, training artifacts, inference APIs), and drives prioritized mitigations (ingestion validation, robust training, rate-limiting, watermarking, differential privacy, monitoring, red teaming). Output spot-checking (A) finds errors but not security vulnerabilities; encryption (C) protects confidentiality but does not reveal threats or mitigate inference-time attacks; adding data (D) may improve accuracy but does not target adversarial risk.

AAISM states that AI disaster recovery testing must validate that models behave correctly during failover. The only option that tests actual operational continuity of AI components is:

✔ monitoring model performance during failover

This validates stability, functionality, and resilience under disaster conditions.

Options A, B, and C test isolated scenarios but do not validate end-to-end AI operational continuity.

Data splitting partitions a labeled dataset into training, validation, and test subsets to enable unbiased model tuning and evaluation. Training (A) consumes the training split; annotating (B) adds labels; learning (D) is a general term for model optimization, not a data management step.

AAISM materials identify the primary benefit of moderation controls in generative AI systems as their ability to filter out harmful, offensive, or inappropriate content before it is delivered to users. This safeguards organizational reputation, compliance, and user trust. While moderation may indirectly support compliance with privacy requirements, its main function is ensuring that outputs align with ethical and safety standards. Moderation does not enhance creativity or response speed. Its primary value is in controlling the quality of generated outputs by blocking harmful content.

According to the AAISM framework, prompt injection is the act of deliberately crafting malicious or manipulative inputs to override, bypass, or exploit the model’s intended controls. In this case, the attacker is targeting the integrity of the model’s outputs by exploiting weaknesses in how it interprets and processes prompts. Jailbreaking is a subtype of prompt injection specifically designed to override safety restrictions, while evasion attacks target classification boundaries in other ML contexts, and remote code execution refers to system-level exploitation outside of the AI inference context. The most accurate classification of this attack is prompt injection.

AAISM guidance identifies metrics like error rate versus total predictions as a key performance indicator (KPI) for evaluating AI model effectiveness. KPIs provide measurable values to assess performance against objectives. Model validation is broader and occurs prior to production use, testing the model against predefined standards. Control self-assessment relates to governance processes, not predictive accuracy. Explainable decision-making refers to interpretability, not error-rate evaluation. Thus, analyzing incorrect predictions against total predictions is a performance measure, making it a KPI.

According to AAISM risk management guidance, the greatest risk in AI applications handling personal communication data is inadequate parameter controls, which may allow unintended access, manipulation, or leakage of sensitive information. Plug-ins that interact with emails must enforce strict parameter validation and security restrictions to prevent unauthorized or manipulated inputs. While vulnerability scanning, format incompatibility, and API rate limiting are valid concerns, they are secondary. The primary risk is a lack of strong parameter controls that could expose sensitive content.

AAISM identifies robust data validation and anomaly detection on incoming training data as the primary defense against data poisoning. These controls detect corrupted, manipulated, or adversarial samples before they enter the training pipeline.

Diverse data (A) is helpful but not protective against poisoning. More complexity (B) does not mitigate poisoning and can worsen vulnerability. More features (D) increases attack surface.