Get Isaca AAISM Exam Practice Questions - Real and Updated

Answer : B

In AAISM governance guidance, risk documentation is described as the structured record that defines the organization's risk appetite and tolerance levels for AI initiatives. By outlining acceptable levels of risk, documentation ensures decision-makers can approve, monitor, and adjust AI projects within defined boundaries. While it may also serve audit functions, technical analysis, or communication to stakeholders, its primary role is to formalize risk acceptance thresholds and integrate them into governance and decision-making. This aligns directly with the governance requirement to align AI adoption with organizational risk appetite.

AAISM Study Guide -- AI Governance and Program Management (Risk Documentation and Appetite)

ISACA AI Security Management -- Governance, Risk and Compliance Integration

Answer : C

AAISM materials describe data segregation and segmented access as core technical controls to prevent unintended information disclosure by AI systems. Siloing refers to logically or physically separating data into distinct repositories or contexts, ensuring that sensitive datasets are not available to components or applications that only require non-sensitive information. This is directly aligned with preventing a chatbot from accessing or mixing confidential data with general conversational content. Zero Trust (A) is an overarching security architecture principle, focusing on identity and continuous verification; it does not by itself guarantee separation of data. Sandboxing (B) isolates processes but is less about fine-grained data separation. Containerization (D) packages applications and their dependencies, again not necessarily solving the specific problem of mixing sensitive and non-sensitive datasets. Siloing is explicitly highlighted as a way to prevent cross-context leakage in AI use cases.

====================

Answer : D

AAISM materials describe that GAN-based systems excel at generating synthetic data---including simulated attack traffic---which can significantly enhance anomaly-based intrusion detection capabilities. The guidance emphasizes that synthetic attack samples help strengthen the model's ability to detect rare or emerging intrusion types. This aligns with the principle that AI security controls should leverage adversarially generated data during training to improve resilience.

Options A and C describe generic ML enhancements, but not GAN-specific advantages. Option B is useful but insufficient for anomaly detection, which relies heavily on recognizing atypical, previously unseen patterns.

=============================================

Answer : C

AAISM clarifies that the primary regulatory purpose of user consent is to provide lawful authorization for processing personal data, including use in AI models.

Consent does not directly prevent unauthorized access (A). Deletion rights (B) relate to data subject rights but are not the purpose of consent. Bias detection (D) is unrelated.

============================================

Answer : A

AAISM highlights that post-incident remediation and demonstrating lessons learned is essential to restoring trust. Governance guidance specifies that stakeholders regain confidence only when organizations show clear corrective actions, transparency, and improvements to prevent recurrence.

Validating outputs (B) supports accuracy but is not trust-restoring. Monitoring (C) and prioritization (D) relate to operations, not trust rebuilding.

=============================================