Free AAISM Practice Quiz

The MOST effective AI-driven capability to ensure real-time business continuity is:

1. Predicting potential disruptions without taking preventive action

   Prediction alone is not enough without a response mechanism. Predictions may also need to be validated, which can make them less effective than automated failover.

2. Sending alerts while waiting for manual intervention

   Alerts are helpful, but often, human oversight and review is required before action can be taken, making them less effective use of AI.

3. Keeping logs of incidents for future analysis

   Logging incidents is useful but does not actively maintain business continuity.

4. Automating system failover to backup servers

   AI-enabled automated failover minimizes downtime, ensures operational resilience, and aligns with business continuity objectives. The other options are supportive but not the most effective for ensuring continuity in real-time.

What is the role of an AI governance committee within an organization?

1. To prioritize AI vendors over other business operations

   While selecting vendors is important, the committee’s role is broader, including oversight, compliance, and alignment with organizational priorities.

2. To oversee AI implementation and ensure alignment with ethical guidelines

   An AI governance committee ensures that AI projects are implemented responsibly and aligned with organizational goals, ethical standards, and regulatory requirements.

3. To solely focus on marketing AI products

   Marketing is a different function; the committee's focus is governance, oversight, and ethical compliance.

4. To ensure AI models are proprietary and not shared with stakeholders

   While protecting intellectual property is important, the governance committee ensures transparency, fairness, and accountability in AI use, not secrecy.

Which of the following is the BEST initial action to ensure alignment between artificial intelligence governance and the organization’s business objectives?

1. Develop an AI charter that defines roles, objectives, and oversight responsibilities

   An artificial intelligence (AI) charter provides a structured foundation for governance by documenting scope, roles, and responsibilities. It ensures alignment with business objectives and serves as a guiding document for AI oversight.

2. Create an acceptable use policy (AUP) for generative artificial intelligence tools

   Acceptable use policies (AUPs) are important but not sufficient for strategic alignment; they are narrower in focus and should follow foundational governance structures.

3. Assign an internal auditor to manage all AI governance related activities

   Internal audit should provide oversight into AI governance processes but should not be the owner of them. This responsibility should be shared to avoid creating conflicts with independent assurance.

4. Establish key risk indicators to monitor the ethical impact of AI deployment

   Ethical metrics are necessary but are established after the foundational structure is in place. They do not replace the need for a clear governance framework

An enterprise plans to deploy an AI chatbot provided by an external vendor for customer service purposes. To ensure responsible use and minimize operational risk, which of the following contract terms is MOST critical to define during procurement?

1. Real-time system usage monitoring dashboards for security incidents

   Dashboards support monitoring but do not replace contractual accountability.

2. Inclusion of explainability tools to support end-user transparency

   Explainability features are important for user trust, but their presence does not replace the need for contractual responsibility in the case of misuse or harm.

3. Clear assignment of accountability for AI system outcomes and security incidents

   When outsourcing artificial intelligence solutions (AIS), it is critical to clearly assign responsibility and accountability for how the AIS operates, especially in the event of bias, failure, or harm. Lack of defined responsibility can lead to governance gaps and liability disputes.

4. Vendor incentives tied to customer satisfaction metrics

   Linking incentives to customer experience may encourage performance but does not directly address operational risk or legal accountability for AI-driven decisions.

When an AI impact assessment reveals biased training data, what is the MOST effective method to ensure regulatory compliance?

1. Keep the original dataset when the model’s accuracy is high.

   Biased training data can produce systematic discrimination, regardless of accuracy performance.

2. Rely on model transparency to validate decision making

   Model transparency is essential, but it must be paired with efforts to eliminate bias.

3. Use diverse and representative datasets to monitor the bias.

   Improving data quality and continuously testing for bias are core actions for mitigating discrimination and achieving regulatory compliance.

4. Focus on ethical guidelines to validate model performance.

   While ethics are critical, it must be operationalized through model validation, bias testing, and performance monitoring to be effective.

What is the MOST effective metric for monitoring AI solutions provided by AI vendors?

1. Wait for supplier reports before investigating.

   Waiting for supplier reports is a reactive posture that limits incident response speed and allows risks to propagate unnoticed.

2. Use real-time tools to track AI anomalies.

   Using real-time tools combines continuous visibility with anomalies detection that can enable early detection and fast response.

3. Prioritize endpoint logs over centralized platforms.

   Endpoint logs matter, but excluding centralized monitoring weakens threat correlation.

4. Track model input with key performance indicators.

   Key performance indicators (KPI) are important but have a secondary role.

Which of the following is the BEST method to uncover known vulnerabilities in an AI-based web application that has been recently deployed?

1. Dynamic application security testing (DAST)

   Dynamic application security testing (DAST) analyzes application during runtime from the outside to find known vulnerabilities. It fits best when source code is unavailable, as is often common in AI applications.

2. Static application security testing (SAST)

   Static application security testing (SAST) analyzes source code, but it is not suitable when an application is already deployed.

3. Runtime application self-protection (RASP)

   Runtime application self-protection (RASP) is a protection mechanism, not a testing tool..

4. Interactive application security testing (IAST)

   Interactive application security testing (IAST) requires internal sensors. It is less effective without direct code or internal access.

A hospital adopts an AI solution from an external vendor to help diagnose rare diseases. Which of the following BEST demonstrates the verification of security requirements for this technology?

1. Require contractual clauses stipulating periodic information security reviews.

   Contractual clauses mandating periodic security reviews are also important, but they do not replace a proactive approach to secure design.

2. Preview contractual clauses of mandatory security AI software update.

   Contractual clauses requiring mandatory security AI software updates are also important, but they do not replace a proactive approach to secure design.

3. Perform regular in-depth vulnerability scans on the AI system.

   In-depth vulnerability scans are also important, but they do not replace a proactive approach to secure design.

4. Integrate requirements for sensitive data aligned with healthcare regulations.

   By integrating security requirements for sensitive clinical data right from the start, the hospital ensures that all data handling and AI operations comply with regulations (e.g., HIPAA, GDPR), as a security by design principle.

Which of the following is the MOST effective approach to mitigate privacy concerns when an organization collects personal data through a third-party AI application?

1. Have the vendor sign a nondisclosure agreement.

   Creating a nondisclosure agreement for the third-party vendor helps protect confidential information between the parties. However, it does not directly safeguard the rights of data subjects, as it primarily governs the contractual relationship between the organization and the vendor.

2. Obtain data subject consent on the end user interface.

   When an organization collects personal data through a third-party AI application, it is important to inform the user that they are interacting with AI and that personal information is being collected for specific purpose. Consent ensures compliance with data protection laws and empowers individuals to control how their personal information is used and if they wish to engage with the AI solution.

3. Apply encryption to safeguard personnel data.

   Encryption is a vital technical safeguard for protecting data in transit and at rest, but it cannot substitute for legal requirements such as obtaining consent. It focuses on securing data after it has been collected, rather than addressing the legality of the data collection itself.

4. Conduct a review of applicable data protection regulations.

   Reviewing applicable data protection regulations is an essential preparatory activity, but it does not in itself resolve privacy concerns. Actual implementation is necessary to ensure compliance and protection, such as obtaining consent or applying safeguards.

Which of the following data management techniques BEST improves an AI model’s performance by enhancing training data quality?

1. Data classification

   Data classification helps categorize data based on criticality and sensitivity to ensure appropriate control implementation; however, it does not directly improve model performance.

2. Data access

   Data access ensures secure and efficient retrieval of data but does not enhance data quality for training or improve AI model performance.

3. Data scrubbing

   Data scrubbing is the most effective data management technique for enhancing the performance of AI models. This technique ensures that datasets used for model training are accurate, complete, and free from errors.

4. Data encoding

   Data encoding converts raw data into a format that machine learning models can understand and process effectively. However, if the data is incorrect or inconsistent, encoding alone will not improve performance.

Within which stage of the AI development life cycle should effective feature engineering be conducted?

1. Testing

   The testing phase evaluates the AI model's performance, but feature engineering should already be completed by this stage to avoid modifying the model post-development.

2. Development

   Feature engineering is ideally conducted during the development phase of the AI life cycle, as this is when the model is being built, trained, and optimized. Feature engineering is the process of selecting, transforming, and converting data into useful representations.

3. Design

   The design phase involves defining the AI system’s architecture and algorithms, but feature engineering is a data processing task that occurs during the development phase.

4. Define

   The define phase focuses on identifying objectives, data requirements, and risk but does not involve actual data preprocessing or feature creation.

When designing an AI security architecture, what is the PRIMARY purpose of using adversarial training?

1. To enhance AI model performance on standard datasets

   Its primary purpose is not to enhance general performance on standard datasets but to protect against adversarial perturbations that can manipulate model outputs.

2. To improve the fairness of AI model decisions

   Adversarial training may improve fairness by generalizing biases created from the original training data; however, this is not the primary purpose. The primary purpose of adversarial training is to improve model robustness and resilience against adversarial attacks and unexpected inputs.

3. To reduce the computational cost of resisting attacks

   While adversarial training may reduce the computational costs of resisting attacks, that is a secondary benefit. The primary benefit is to enhance model robustness and resilience by exposing the model to different adversarial attacks.

4. To make AI models more resilient to potential attacks

   The primary goal of adversarial training is to expose models to adversarial examples during training, helping them learn to resist perturbations and correctly classify inputs even when they have been intentionally manipulated.