AAISM Online Practice Questions

Explanation:
AAISM study content identifies validating the provenance of data sources as the most effective way to counter deepfake risks. Provenance validation ensures that content is authentic, verifiable, and traceable, preventing malicious synthetic media from being trusted as legitimate. Human oversight helps but cannot reliably detect sophisticated fakes. Limiting tool access reduces exposure but does not prevent external attacks. General-purpose LLMs are not optimized for fraud detection. The strongest control is verifying the origin and authenticity of data before acceptance.
Reference: AAISM Study Guide C AI Risk Management (Deepfake and Content Integrity Risks)
ISACA AI Security Management C Provenance Validation as a Defense

Explanation:
The AAISM guidance defines risk minimization for AI deployment as requiring a formalized AI model life cycle policy and associated procedures. This ensures oversight from design to deployment, covering data handling, bias testing, monitoring, retraining, decommissioning, and acceptable use. Limiting usage to developer-defined scenarios or relying on vendor mechanisms transfers responsibility away from the organization and fails to meet governance expectations. Training and awareness support cultural alignment but cannot substitute for structured lifecycle controls. Therefore, the establishment of a documented lifecycle policy and procedures is the most comprehensive way to minimize operational, compliance, and ethical risks in integrating foundation models.
Reference: AAISM Study Guide C AI Governance and Program Management (Model Lifecycle Governance) ISACA AI Security Guidance C Policies and Lifecycle Management

Explanation:
AAISM governance content highlights that the greatest intellectual property challenge in the context of AI-generated works is determining rightful ownership. Traditional copyright law requires human authorship, but AI-generated creations blur authorship and ownership boundaries, raising legal uncertainty about who can claim rights. Trademark enforcement, trade secret protection, and licensing frameworks are established areas of IP law but do not present the same fundamental challenge as ownership attribution. For AI-generated content, the central legal dilemma is ownership of the creation.
Reference: AAISM Study Guide C AI Governance and Program Management (Intellectual Property and AI) ISACA AI Security Management C Copyright and Ownership Challenges

Explanation:
AAISM defines automation bias as the tendency of individuals to over-rely on AI-generated outputs even when contradictory real-world evidence is available. In this scenario, the driver ignores traffic signs and follows the AI’s instructions, showing blind reliance on automation. Selection bias relates to data sampling, reporting bias refers to misrepresentation of results, and confirmation bias involves interpreting information to fit pre-existing beliefs. The most accurate description is automation bias.
Reference: AAISM Exam Content Outline C AI Risk Management (Bias Types in AI)
AI Security Management Study Guide C Automation Bias in AI Use

Explanation:
According to the AAISM framework, the first step in drafting an acceptable use policy is defining the scope and intended use of the AI system. This ensures that governance, regulatory considerations, risk assessments, and alignment with organizational policies are all tailored to the specific applications and functions the AI will serve. Once scope and intended use are clearly defined, legal, regulatory, and risk considerations can be systematically applied. Without this step, policies risk being generic and misaligned with business objectives.
Reference: AAISM Study Guide C AI Governance and Program Management (Policy Development Lifecycle) ISACA AI Governance Guidance C Defining Scope and Use Priorities