AAISM Exam Dumps - Isaca AI-Centric Security Management Questions and Answers

According to AAISM, hyperparameter tuning uses validation data, not training or test data. Validation datasets are specifically designed to evaluate different hyperparameter configurations without contaminating the training or testing sets.

Training data (C) teaches the model. Test data (D) is used only for final evaluation. Configuration data (B) is unrelated to performance optimization.

AAISM guidance specifies that before introducing AI into any business or technical workflow, an AI Impact Assessment must be conducted early to determine potential risks, privacy implications, misuse scenarios, governance gaps, and required security controls. This aligns with the principle that AI adoption must begin with governance and risk identification, not training or policy modification.

Training developers (B) is important but occurs after identifying risks. Updating policies (C) is also downstream of the assessment. Cost-benefit analysis (D) supports business justification but does not address security.

AAISM identifies confidence-score analysis as a principal technique for evaluating exposure to membership inference: models often yield measurably higher confidence for points seen during training. Testers compare output probabilities/entropies for known in-training vs. out-of-training samples to assess leakage. Disabling logs (A) reduces evidence; test-set accuracy (B) does not measure privacy leakage; synthetic data generation (D) is a mitigation strategy, not a penetration-testing method.

AAISM categorizes the manipulation of an LLM at inference time, where crafted inputs cause outputs to serve attacker objectives, as an evasion attack. Evasion attacks exploit weaknesses in the model’s decision-making boundaries by altering queries to produce compromised or misleading outputs. Privilege escalation refers to unauthorized access rights, data poisoning targets the training phase, and model inversion reconstructs training data. In this case, manipulation of outputs to align with an attacker’s goals reflects an evasion attack.

For pre-delivery phishing detection and classification, the most appropriate capability is NLP—tokenization, feature extraction, semantic similarity, and supervised classifiers (e.g., transformer-based classifiers) tuned on phishing corpora and indicators. NLP models score messages and drive automated quarantine policies. An LLM (Option A) is a model type, not a specific blue-team feature; NLG (Option C) is for generation, not detection; RAG (Option D) augments responses with retrieved knowledge but does not by itself optimize classification and quarantine of phishing emails.

AAISM states that when evaluating external AI vendors, independently issued third-party audit reports (SOC, ISO, AI assurance assessments) provide the strongest evidence of implemented controls because they are objective, repeatable, and externally verified.

Peer reviews (A) lack formality, internal red-team reports (C) are non-independent, and whitepapers (D) are marketing documents without assurance value.

AAISM emphasizes systemic or structural bias as a high-impact risk because biased data leads directly to discriminatory insights or decisions when used for analytics or reporting. This risk affects fairness, compliance, and organizational reputation.

Hallucinations (A) relate more to generative AI. Incomplete outputs (B) affect accuracy but not structural fairness. Lack of normalization (C) affects performance but is not the dominant risk.

AAISM classifies model inversion as a privacy/information-leakage threat where adversaries infer or reconstruct sensitive training data or attributes from model outputs—directly jeopardizing confidential information targeted by APTs. While data poisoning, unauthorized tuning, and model distillation present material risks (integrity, governance/IP theft), the scenario’s stated objective—accessing confidential information—most directly maps to inversion. Accordingly, AAISM prioritizes defenses such as output regularization, confidence suppression/calibration, overfitting controls, privacy-preserving techniques, and strict access/telemetry on inference interfaces.

AAISM risk guidance notes that the most stringent recovery objectives apply to industrial control systems, as downtime can directly disrupt critical infrastructure, manufacturing, or safety operations. Health support systems also require high availability, but industrial control often underpins safety-critical and real-time environments where delays can result in catastrophic outcomes. Credit risk models and navigation systems are important but less critical in terms of immediate physical and operational impact. Thus, industrial control systems require the tightest RTO.

For developer-facing, near-term hardening of AI agents, AAISM prioritizes secure agent design and runtime controls against prompt injection, unsafe memory/tool use, and tool-execution compromise. These are primary exploitation paths for agents that read external content, persist memory, and call tools with elevated privileges. Training must center on: guarding tool invocation, constraining memory scope, sanitizing/validating inputs, and isolating high-risk actions. Topics like bias/fairness (B) and policy/hallucinations (C) are important but are governance/assurance concerns; API abuse and plug-in risk (D) matter, yet the core, developer-controlled attack surface for agents is injection and unsafe tool/memory design.