AAISM Practice Questions: AI Technologies and Controls Domain

Correct Answer: A

Explanation: Robust data validation and cleaning processes are the most effective control for preventing data poisoning attacks, as they help ensure that only clean, verified data is used for training AI models. Encryption (B) and authentication (C, D) are important for data security but do not directly address the integrity of the data itself.

Correct Answer: A

Explanation: Isolating the affected dataset is the first action to prevent further contamination and protect the integrity of the AI system. Notifying the incident response team (B) and reviewing logs (C) are important subsequent steps for investigation. Implementing data validation checks (D) is a preventive measure that should be part of the overall security strategy.

Correct Answer: B

Explanation: Implementing a model interpretability framework is the most effective method to ensure transparency as it provides clear insights into the decision-making process of AI models. Open-source models (A) and publishing source code (C) contribute to transparency but do not necessarily provide interpretability. Third-party audits (D) are useful for validation but do not inherently make the decision-making process transparent.

Correct Answer: A

Explanation: Conducting thorough due diligence before engaging vendors is the best approach to identify potential risks and ensure that vendors meet security and compliance requirements. While frameworks, monitoring, and contracts are important, due diligence is the foundational step in managing vendor risks.

Correct Answer: A

Explanation: Implementing fairness and bias testing protocols directly addresses ethical concerns and aligns with the EU AI Act's requirements for non-discriminatory AI systems. Data encryption (B) and penetration testing (C) are security controls and do not directly address ethical AI. A centralized logging system (D) is useful for accountability but does not specifically address fairness and ethics.

Correct Answer: D

Explanation: Applying model interpretability techniques (D) is the most effective control for ensuring transparency in AI decision-making processes, as it allows stakeholders to understand how decisions are made by the AI models. Model documentation (A) and stakeholder meetings (B) support transparency efforts but do not directly address decision-making processes. Using open-source tools (C) can enhance transparency in development but not necessarily in decision-making.

Correct Answer: B

Explanation: Behavioral analytics (B) is most effective for detecting adversarial attacks as it focuses on identifying unusual patterns or behaviors in the AI system's outputs that may indicate an attack. Network intrusion detection systems (A) and user activity monitoring (D) are useful for general security monitoring but may not specifically detect adversarial attacks. Regular software patching (C) is a preventive measure rather than a monitoring control.

Correct Answer: A

Explanation: Identifying and classifying AI assets and data is the best initial step as it provides a foundation for understanding what needs to be protected and how critical each component is. This step informs subsequent actions, such as risk assessment (D), monitoring (B), and access controls (C).

Correct Answer: A

Explanation: Isolating the affected model from the network is the first action to prevent further data exposure and limit the attack's impact. Notifying stakeholders (B) and conducting forensic analysis (C) are critical but should follow containment. Reviewing access controls (D) is a preventive measure for future protection.

Correct Answer: C

Explanation: The primary objective of implementing explainability controls is to improve stakeholder trust and transparency in AI decisions, making AI outputs understandable and justifiable. While compliance (A) and security (B) are important, they are secondary objectives. Reducing computational cost (D) is unrelated to explainability.