View AAISM Exam Questions

Q: 11

Which of the following should be the PRIMARY consideration for an organization concerned about liabilities associated with unforeseen behavior from agentic AI systems?

Options

Discussion

CarefulMentor1874 Feb 17, 2026 1:44 pm

Option C is correct. D looks tempting but accountability model directly addresses liability concerns for agentic AI, not just risk appetite.

Mason O. Feb 12, 2026 6:51 am

Option C seen on similar exam topics, makes sense since accountability model directly addresses how liability is assigned for AI decisions.

RowanQ Feb 20, 2026 4:17 pm

I don’t think D is right here. The question specifically wants the main factor for liability, so C (accountability model) fits best. D is more general risk tolerance, but doesn’t assign responsibility if something goes wrong. Anyone else agree?

Grace E. Feb 28, 2026 2:27 am

D. not C

Robin M. Feb 10, 2026 1:09 pm

Its C, though I've seen similar scenarios in practice tests where D looked possible. Might help to check the official guide on governance for agentic AI systems if you're still split.

Luna D. Feb 18, 2026 9:55 pm

C saw a similar question show up in some exam reports and the answer was accountability model.

Rowan Feb 28, 2026 11:54 am

C , liability always ties back to how you assign accountability for decisions in these systems.

QuietLead2295 Feb 28, 2026 4:39 pm

Wouldn't accountability (C) always come before setting risk thresholds (D) if the question is about legal liability, not just risk management?

Chris E. Feb 26, 2026 8:56 am

C/D? C (accountability model) makes more sense for "liabilities" since legal frameworks always go back to who is responsible if an agentic AI goes off-script. D is tempting because risk thresholds matter, but if you're talking legal and ethical exposure, clearly defined accountability is the real foundation. Pretty sure it's C, but happy to hear counterpoints if you think D is stronger for liabilities specifically.

Amelia Feb 13, 2026 10:29 am

Totally see why people pick D, but liability's main issue is pinning down who’s responsible when AI goes rogue. That’s what an accountability model (C) does. Not 100% sure because wording is a bit vague, but C lines up best with how governance handles this stuff. Disagree?

Be respectful. No spam.

Correct Answer:

Explanation

The primary consideration for managing liabilities from agentic AI's unforeseen behavior is establishing a robust accountability model. This model defines and assigns responsibility for the AI's decisions and outcomes throughout its lifecycle. When an autonomous system acts in an unexpected way, a clear accountability framework is essential for determining legal and ethical responsibility, guiding incident response, and addressing potential harm. It provides the foundational governance structure for managing the specific risk of liability.

Why Incorrect

A. Model dependencies are a technical aspect of an AI system's architecture; while important for operational risk, they do not primarily address the legal framework for liability.

B. Using approved base models is a risk mitigation control, but it does not eliminate the possibility of unforeseen behavior or define who is liable when it occurs.

D. An acceptable risk level is a strategic business decision that sets the threshold for risk tolerance, but it is not the mechanism for managing liability when that threshold is breached.

References

1. ISACA

Auditing Artificial Intelligence

2023: Chapter 2

"AI Governance

" emphasizes that a key principle of AI governance is accountability. It states

"Accountability for AI systems should be established

with clear roles and responsibilities for the development

deployment

and ongoing monitoring of AI systems." This directly links accountability models to the management of AI systems and their outcomes.

2. National Institute of Standards and Technology (NIST)

AI Risk Management Framework (AI RMF 1.0)

January 2023: The "Govern" function is foundational to the framework. Section 3.1

GOVERN-1

highlights the need to establish "policies

processes

procedures

and practices for AI risk management

including roles

responsibilities

authorities

and lines of communication." This establishes an accountability structure as a primary step in managing AI risk

including liabilities.

3. Stanford University Human-Centered AI (HAI)

An Action Plan for Advancing Trustworthy AI

2023: The report repeatedly stresses the importance of accountability mechanisms. On page 10

it calls for "clear accountability mechanisms to ensure that there is recourse and redress when AI systems cause harm

" identifying this as a critical component for building trustworthy AI and managing its societal impact

including liability.

Q: 12

Which of the following is the MOST effective way to mitigate the risk of deepfake attacks?

Options

Discussion

Jordan Y. Feb 24, 2026 3:57 pm

Option C, not D. Provenance checks beat LLM detection since D just spots fakes but C actually blocks them.

Chris N. Feb 11, 2026 3:00 am

C had this exact scenario in a practice set and provenance checks were correct there too.

SharpConsultant1639 Feb 19, 2026 8:40 pm

C imo, provenance checks go deeper than just detection and actually prevent spread. D is tempting if you only think about identifying fakes but that's not full prevention. Saw this logic on similar exam questions.

Ethan Feb 16, 2026 3:11 pm

Aaron Feb 24, 2026 6:49 am

Honestly D seems like the way to go here. LLMs are improving at spotting fake content, so automating detection feels pretty effective.

SeasonedCandidate421 Feb 21, 2026 11:38 am

C or D, but I see C showing up as best practice in the ISACA official guide and practice tests. Labs that focus on media provenance checks really help drill this too. Anyone else think the exam likes C for this kind of scenario?

Quinn Feb 22, 2026 3:31 am

C vs D? C looks more solid to me since verifying provenance stops deepfakes at the source, not just after the fact. D is flashy but LLMs aren't foolproof for detection. Open if anyone thinks I'm missing something.

Arjun T. Feb 14, 2026 10:43 am

C is what I'd pick. Validating the data's origin directly addresses authenticity, which really stops deepfakes before they even enter the system. Saw similar logic in a practice set, but open if someone thinks otherwise.

Nathan Z. Feb 20, 2026 6:40 pm

Not A, C. Had a similar question in an exam report and provenance checks came up as best mitigation.

Nathan X. Feb 13, 2026 1:56 pm

C tbh. Provenance checks (C) actually cut off deepfakes before they spread since you’re validating the original source. D sounds good, but LLMs can miss stuff and are only detection-not prevention. Seen similar in practice sets and C always lines up as most effective.

Be respectful. No spam.

Correct Answer:

Explanation

The most effective and proactive strategy to mitigate the risk of deepfake attacks is to validate the provenance of the data source. Data provenance involves establishing and verifying the origin, history, and chain of custody of a digital asset (e.g., video, audio, image). By using techniques like cryptographic signatures, digital watermarking, or blockchain-based ledgers, an organization can confirm that the media has not been tampered with and originates from a trusted source. This approach addresses the core issue of authenticity, making it a more fundamental and reliable control than reactive detection methods or fallible human judgment.

Why Incorrect

A. Relying on human judgment for oversight: Humans are notoriously unreliable at detecting sophisticated deepfakes, as these are specifically designed to deceive human perception. This makes human judgment a weak primary control.

B. Limiting employee access to AI tools: This is an internal control that does not prevent externally generated deepfake attacks, which are a common threat vector (e.g., a phishing email with a deepfaked video).

D. Using a general-purpose large language model (LLM) to detect fraud: General-purpose LLMs are designed for text-based tasks and are not the appropriate tool for analyzing the complex visual or audio artifacts characteristic of deepfakes.

References

1. ISACA

Artificial Intelligence Audit Toolkit

2023. The toolkit emphasizes the importance of data integrity and governance as foundational controls for AI systems. In the section on AI-specific risks

it discusses the need for controls that ensure the authenticity and integrity of data inputs

which directly relates to validating provenance to counter threats like deepfakes. (Reference to Data Integrity and Input Validation controls).

2. Guera

& Delp

E. J. (2018). "Deepfake Video Detection Using Recurrent Neural Networks." 2018 15th IEEE International Conference on Advanced Video and Signal Based Surveillance (AVSS). While focusing on detection

the paper's context highlights the challenges and the "arms race" between generation and detection

implicitly supporting the need for more fundamental solutions like provenance. The limitations of detection underscore the superiority of proactive authentication. (DOI: 10.1109/AVSS.2018.8639163).

3. MIT Computer Science and Artificial Intelligence Laboratory (CSAIL)

"Detecting Photoshopped and Fake Images." Research from MIT and other institutions consistently points to the difficulty of detection and the value of source verification. Course materials on media forensics often present provenance as a more robust solution than post-facto detection. (Reference to general principles taught in courses like MIT's 6.869 Advances in Computer Vision).

Q: 13

In the context of generative AI, which of the following would be the MOST likely goal of penetration testing during a red-teaming exercise?

Options

Discussion

Layla T. Feb 12, 2026 9:35 pm

Makes sense to go with A. Red teaming pen tests for generative AI are really about those unexpected outputs using adversarial inputs.

Luke C. Feb 11, 2026 10:58 pm

Option A similar topic came up on an official practice test. Exam guide focuses on adversarial inputs for pen testing.

Nathan Feb 18, 2026 3:41 am

Nah, I don't think it's B. The real point of pen testing with generative AI is to see if adversarial prompts can get unexpected outputs, so A fits best here. B is more model robustness, not red-teaming. Pretty sure that's what exam guides say.

Morgan J. Mar 1, 2026 7:52 am

Feels like B, seen this phrased similarly in some practice sets and official guide reviews.

NoahT Feb 15, 2026 12:08 pm

Seen similar in practice sets, pretty sure it matches A. Official guide has good breakdowns on red-teaming AI too.

Casey Feb 14, 2026 7:51 am

A tbh, saw a similar theme in some exam reports. Pen testing for gen AI usually targets unexpected outputs with crafted prompts, fits red team objectives.

Meera N. Feb 24, 2026 8:08 am

Probably B, but does the question mean "most likely" from a security or reliability perspective? That could flip my pick.

SteadyDev3235 Feb 12, 2026 12:58 am

B tbh

Leo L. Feb 23, 2026 6:32 pm

A gets my pick. In red-teaming generative AI, you're usually crafting adversarial prompts to force the model into unexpected or unsafe outputs, not just stressing it or scrambling everything. Pretty sure that's what pen testers focus on for this context, but correct me if you see it differently.

Avery Feb 18, 2026 4:24 pm

Option B this time. Stress testing the model’s decision-making gets mentioned in some practice tests as a way to see how it handles edge cases, so I think it fits for pen testing sometimes. Definitely check the official guide though if you’re not sure.

Be respectful. No spam.

Correct Answer:

Explanation

The primary goal of a red-teaming exercise for generative AI, particularly during penetration testing, is to proactively identify and understand potential failures and vulnerabilities. This is achieved by simulating adversarial attacks. Testers craft specific adversarial inputs designed to bypass safety filters or exploit weaknesses in the model's logic, thereby causing it to generate unexpected, harmful, biased, or otherwise unintended outputs. This process directly evaluates the model's resilience against malicious use and helps developers implement more robust safeguards.

Why Incorrect

B. Stress test the model’s decision-making process: Stress testing primarily evaluates system performance and stability under high load or resource constraints, which is distinct from a security-focused red-teaming goal of finding behavioral exploits.

C. Degrade the model’s performance for existing use cases: While an attack might result in performance degradation, the red team's objective is to discover the vulnerability that enables such an attack, not simply to cause the degradation itself.

D. Replace the model’s outputs with entirely random content: This is too specific and narrow. The goal is to elicit a wide range of unintended behaviors, including harmful, biased, or private information, not just to generate random outputs.

References

1. National Institute of Standards and Technology (NIST). (2023). AI Risk Management Framework (AI RMF 1.0).

Reference: Page 31

Section 4.3.3

"Test

Evaluation

Verification

and Validation (TEVV)." The framework states that TEVV includes "red-teaming to search for vulnerabilities and to discover whether the system can be used in unintended ways." This aligns with generating unexpected outputs from adversarial inputs.

2. Perez

et al. (2022). Red Teaming Language Models to Reduce Harms: Methods

Scaling Behaviors

and Lessons Learned. arXiv preprint arXiv:2209.07858.

Reference: Section 2

"Red Teaming Methods." The paper

authored by researchers from Google

DeepMind

and affiliated universities

explicitly defines red teaming as "the practice of adversarially testing a model to find inputs that elicit harmful or otherwise undesirable outputs." This directly supports option A. (DOI not available for this version

but it is a foundational academic paper in the field).

3. MITRE. (2023). MITRE ATLAS™ (Adversarial Threat Landscape for Artificial-Intelligence Systems).

Reference: Technique: ML04-T1059

"Prompt Injection." The ATLAS framework details how adversaries "craft malicious inputs to manipulate a language model into generating unintended outputs." This is a core tactic used in red-teaming and penetration testing of generative AI.

Q: 14

A financial institution plans to deploy an AI system to provide credit risk assessments for loan applications. Which of the following should be given the HIGHEST priority in the system’s design to ensure ethical decision-making and prevent bias?

Options

Discussion

Meera P. Feb 22, 2026 2:36 am

Option C D looks tempting since numbers feel fair, but human-in-the-loop (C) actually catches bias AI can miss. Similar practice questions went for C over D for the ethical bit. Open if anyone thinks D is better here.

Logan Mar 1, 2026 7:42 pm

Option C, encountered exactly similar question in my exam and it's the right pick.

Zoe Q. Feb 27, 2026 7:48 am

I don't see how D could be right here. Human-in-the-loop (C) is the key safeguard for ethics and bias, while restricting only to financial metrics misses some real world nuances. C

Anita U. Feb 17, 2026 1:59 am

Maybe C. Encountered exactly similar question in my exam and human-in-the-loop (C) was the best fit for ethics, but I could see D being tempting if it focused only on bias. Anyone else remember this one?

Priya Y. Feb 26, 2026 5:15 am

I don’t think it’s C. D is more about cutting out bias by sticking to just the numbers so it feels like the safer bet ethically. But I could be missing something since human review also helps. Thoughts?

Jason S. Mar 1, 2026 6:30 am

Its D

Anita X. Feb 14, 2026 8:44 am

C or D. If we're talking strict prevention of bias, restricting to just objective financial metrics (D) would lower the chance of human subjectivity creeping in. I get that C covers more ethics but D feels closest if it's about measurable fairness. Agree?

AdamL Mar 2, 2026 7:25 pm

C is the one I'd pick here. Human review (C) means a person can spot bias an AI might miss, which covers the ethical aspect way better than just sticking to numbers like D. Pretty sure that's what they're after given "ethical" is called out.

Sean Feb 10, 2026 5:24 pm

C , saw something like this on a practice set. Human expert making the final call lets you catch bias and explain decisions. That lines up with AAISM's focus on ethical controls over just relying on objective metrics. Anyone think D could still work?

Mia G. Feb 18, 2026 2:43 am

encountered exactly similar question in my exam. in practice, picked C for the ethical and bias piece.

Be respectful. No spam.

Correct Answer:

Explanation

In high-stakes applications like credit risk assessment, ensuring ethical decision-making is paramount. The "human-in-the-loop" (HITL) approach, where the AI system provides advisory outputs and a human expert makes the final decision, is the highest priority. This design embeds accountability and allows for contextual judgment that an AI model cannot replicate. A human expert can override potentially biased or unfair automated recommendations, providing a critical safeguard against algorithmic discrimination and ensuring that decisions are both explainable and ethically sound. This approach directly addresses the core requirement of preventing bias at the point of decision.

Why Incorrect

A. Regularly updating the model is a standard practice for maintaining performance, but it does not inherently address ethical concerns or bias. New data can perpetuate or even introduce new biases.

B. An appeal mechanism is a crucial reactive control for redress after a decision is made, but it is not a preventative measure integrated into the initial decision-making process itself.

D. Restricting the model to "objective" financial metrics is a flawed strategy, as these metrics can act as proxies for protected characteristics (e.g., zip code correlating with race), leading to systemic bias.

References

1. ISACA

Artificial Intelligence Audit Framework

2023. In the section on AI Governance and Risk Management

the framework emphasizes the need for human oversight

especially for high-risk AI systems. It states

"For high-risk AI systems

human oversight should be in place to allow for human intervention to prevent or minimize harm... The final decision is made by a human." (Domain 1: AI Governance

Section 1.3 Human Oversight and Involvement).

2. High-Level Expert Group on Artificial Intelligence

Ethics Guidelines for Trustworthy AI

European Commission

2019. This foundational document lists "Human agency and oversight" as one of the seven key requirements for trustworthy AI. It specifies that for critical decisions

the system should support human autonomy

with the final determination left to a human. It recommends "human-in-the-loop (HITL)" approaches for high-stakes domains. (Chapter II

Page 14).

3. Barocas

& Selbst

A. D.

"Big Data's Disparate Impact

" California Law Review

Vol. 104

2016. This academic paper explains how seemingly neutral or "objective" criteria can function as proxies for protected classes

leading to discriminatory outcomes. It demonstrates why simply restricting data inputs (as suggested in option D) is insufficient to prevent bias. (Section II.A. The Problem of Proxies

pp. 679-685). DOI: https://doi.org/10.15779/Z38G655.

Q: 15

An organization recently introduced a generative AI chatbot that can interact with users and answer their queries. Which of the following would BEST mitigate hallucination risk identified by the risk team?

Options

Discussion

Logan Mar 2, 2026 1:16 pm

D . Fine-tuning is always what ISACA likes for AI hallucination cases. Saw this on similar practice exams and official guide too.

Ethan K. Feb 28, 2026 10:56 pm

Option D fine-tuning is what actually cuts down hallucination in these AI chatbot cases.

Cameron K. Feb 20, 2026 4:54 am

JamieC Feb 25, 2026 5:07 pm

Model testing sounds like it'd catch most obvious errors before rollout. A

Liam D. Feb 26, 2026 4:21 pm

Saw this pop up in recent exam reports. Anyone else see D picked for hallucination risk mitigation?

Nora R. Feb 19, 2026 7:32 am

A or B both seem reasonable. Model testing (A) should catch hallucinations before users see them, and larger training sets (B) can help with model accuracy overall. Pretty sure one of these would work. Disagree?

Ethan Feb 11, 2026 12:31 am

Its D fine-tuning directly targets hallucinations for orgs using generative AI.

FocusedArchitect8124 Feb 21, 2026 3:35 pm

Just to be clear, is the question asking for the BEST way to mitigate hallucination risk after deployment, or during model development? If they're focused on initial deployment, I'd probably lean D, but if it's about ongoing risk management or general controls, option A might fit better.

DrewR Feb 25, 2026 12:33 pm

D is the move here. Fine-tuning adapts the AI to your domain, which official guides and practice tests always point to as best for reducing hallucinations. If you want more, check the ISACA official study guide or sample exam questions. Pretty sure this matches exam logic, but open if you see it differently.

CarefulSec1839 Feb 27, 2026 5:13 pm

Wouldn’t D (fine-tuning) be the strongest here, since that actually adjusts the model’s outputs to your domain and data? Model testing (A) helps spot issues but doesn’t fix the root cause. Curious if anyone thinks A is even close for "BEST" in real deployment scenarios?

Be respectful. No spam.

Correct Answer:

Explanation

Fine-tuning is a process that adapts a pre-trained foundational model to a specific, narrower domain by continuing the training process on a smaller, curated, and high-quality dataset relevant to the organization. This technique "grounds" the model in the organization's specific context and factual data. By constraining the model's knowledge to this trusted information, it directly reduces the likelihood of it generating fabricated or nonsensical information (hallucinations) when answering user queries. It is the most direct technical control listed for mitigating this specific risk.

Why Incorrect

A. Performing model testing and validation is a detective control that identifies the presence and frequency of hallucinations but does not, by itself, mitigate or prevent them.

B. Training the foundational model on large data sets is what creates the base model. This broad, uncurated training is often a source of hallucinations, not a specific mitigation for a deployed application.

C. Ensuring model developers have been trained in AI risk is a procedural and preventative control. While important for governance, it does not directly alter the model's output or reduce hallucinations.

References

1. ISACA

Generative AI: A Practical Audit Approach

2023: In the section "Key Risks and Controls for Generative AI

" the risk of "Inaccurate or Fabricated Information (Hallucinations)" is discussed. A key control mentioned is to "Fine-tune with domain-specific data...to help ground the model in a specific context

reducing the likelihood of generating irrelevant or fabricated information." (Page 11

Table 1).

2. Stanford University

Center for Research on Foundation Models (CRFM)

On the Opportunities and Risks of Foundation Models

2021: The report explains that fine-tuning (referred to as adaptation) is a primary method for specializing a foundation model for downstream tasks. This specialization improves performance and alignment with desired behaviors

such as factuality. (Section 4.2

"Adaptation

" pp. 85-87).

3. Zhang

et al.

A Survey on Hallucination in Large Language Models: Principles

Taxonomy

and Mitigation

ACM Computing Surveys

2024: This peer-reviewed academic survey categorizes mitigation strategies. It places fine-tuning under "Model-based" mitigation techniques

describing it as a method to align the model's knowledge with factual data sources

thereby directly reducing knowledge-based hallucinations. (Section 5.2.2

"Supervised Fine-tuning"). DOI: https://doi.org/10.1145/3626428

Question 11 of 20 · Page 2 / 2

Premium Access Includes

✓ Quiz Simulator
✓ Exam Mode
✓ Progress Tracking
✓ Question Saving
✓ Flash Cards
✓ Drag & Drops
✓ 3 Months Access
✓ PDF Downloads

Get Premium Access

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE