Free Practice Questions for Isaca AAISM Exam

AAISM guidance identifies metrics like error rate versus total predictions as a key performance indicator (KPI) for evaluating AI model effectiveness. KPIs provide measurable values to assess performance against objectives. Model validation is broader and occurs prior to production use, testing the model against predefined standards. Control self-assessment relates to governance processes, not predictive accuracy. Explainable decision-making refers to interpretability, not error-rate evaluation. Thus, analyzing incorrect predictions against total predictions is a performance measure, making it a KPI.

According to AAISM technical controls, the element of security frameworks that directly safeguards output integrity is ensuring that bias-related risks are maintained within acceptable ranges. This ensures that AI results remain consistent, fair, and reliable, preserving trust in outputs. Ethical awareness, architectural disclosure, and legal responsibilities are governance practices but do not directly secure output integrity. Output integrity is primarily protected through bias management and ongoing evaluation of fairness and accuracy.

The AAISM governance framework emphasizes that AI transparency cannot be evaluated using only technical statistics; it requires a combination of quantitative and qualitative metrics. The best pairing is ethical impact assessments (qualitative) with user feedback metrics (quantitative and perception-based). Availability and accuracy metrics measure performance, not transparency. Explainability reports and bias metrics are useful but still technical and limited. Comprehensive evaluation of transparency requires consideration of ethical dimensions and stakeholder perspectives, which is achieved through ethical impact analysis and user feedback.

AAISM defines cryptographic tracking and verification as the best control for ensuring the integrity of training data. By applying hashing and verification methods, organizations can confirm that datasets remain unaltered and authentic throughout collection, storage, and processing. Collecting only necessary data, proper storage, or clear documentation all support governance and compliance, but they do not guarantee that the data has not been tampered with. Integrity is specifically ensured by cryptographic verification techniques.

AAISM highlights that the core ethical risk in AI is the perpetuation of bias that results in unfair or discriminatory outcomes. Therefore, the most important validation step is ensuring that outputs of AI systems are free from adverse biases. A responsible development policy, stakeholder approvals, and privacy reviews all contribute to governance, but they do not directly ensure ethical outcomes. Validation of output fairness is the critical safeguard for ensuring AI does not violate ethical principles.

AAISM emphasizes that the primary objective of responsible AI is to establish and maintain trust in AI-driven decisions and predictions. Trust is achieved through transparency, accountability, fairness, and governance. While confidentiality and integrity are critical technical objectives, they are not the overarching purpose of responsible AI service provision. Autonomy and learning ability are features of AI, but without trust, adoption and compliance falter. The correct answer is that responsible AI services must focus on building trust in AI outcomes.

AAISM materials note that adversaries may attempt to bypass facial recognition by disguising or altering appearance. The most effective mitigation is to enhance training data with a wide range of variances in facial features, lighting, and disguises so the system can robustly detect authentic users despite adversarial attempts. Monitoring and secondary confirmation are supportive controls but are reactive. Fine-tuning to reduce hallucinations is irrelevant in this context, as hallucinations apply more to generative AI. The best preventive measure is strengthening the model with diverse, variance-rich training data.

According to AAISM risk management guidance, the greatest risk in AI applications handling personal communication data is inadequate parameter controls, which may allow unintended access, manipulation, or leakage of sensitive information. Plug-ins that interact with emails must enforce strict parameter validation and security restrictions to prevent unauthorized or manipulated inputs. While vulnerability scanning, format incompatibility, and API rate limiting are valid concerns, they are secondary. The primary risk is a lack of strong parameter controls that could expose sensitive content.

AAISM materials make clear that the best safeguard against sensitive information being leaked through the outputs of LLMs is data sanitization. This involves filtering, redacting, or masking sensitive content before the model can use it, thereby preventing unintended disclosure in outputs. Encryption protects confidentiality in storage and transmission but does not stop output leaks. Adversarial testing helps identify vulnerabilities but does not prevent exposure by itself. Least privilege access restricts who can interact with the model but does not sanitize the content of its outputs. The control most directly tied to preventing leakage is implementing data sanitization techniques.