[2026年04月14日]AAISM試験問題集でリアル試験と100%同じ問題と解答 [Q54-Q70]

Share

[2026年04月14日]AAISM試験問題集でリアル試験と100%同じ問題と解答

AAISMテストエンジン問題集トレーニングには257問あります

質問 # 54
Which BEST describes the role of model cards in AI solutions?

  • A. They visualize AI model performance
  • B. They help developers create synthetic data
  • C. They document training data and AI model use cases
  • D. They automatically fine-tune AI models

正解:C

解説:
AAISM explains that model cards provide structured documentation about AI models, including:
* intended use cases
* training data characteristics
* ethical considerations
* known limitations
* risk factors
* performance benchmarks
They are not visualization tools (A), do not create synthetic data (C), and do not tune models (D).
References: AAISM Study Guide - AI Transparency & Model Cards.


質問 # 55
Which of the following BEST ensures AI components are validated as part of disaster recovery testing?

  • A. Monitoring model performance metrics during failover and recovery to assess system stability
  • B. Disconnecting primary model training clusters to test retraining workflow during extended outages
  • C. Simulating denial of service (DoS) attacks against AI APIs to evaluate detection capabilities
  • D. Running simulated data loss scenarios by erasing test records from the AI system's feature store

正解:A

解説:
Business continuity and disaster recovery (BC/DR) exercises for AI must validate that critical AI components (feature stores, model registries, inference services, pipelines) operate within agreed recovery objectives during failover and restoration. Monitoring and evaluating model performance and stability during DR tests provides objective evidence that AI services remain functional, accurate, and reliable under contingency conditions, thereby validating the AI stack end-to-end.
Option A focuses on retraining during outages (a niche scenario) rather than validating service continuity for production inference. Option B is security testing, not BC/DR validation. Option C tests data loss handling but does not comprehensively validate AI service behavior across failover and recovery.
References: AI Security Management (AAISM) Body of Knowledge: "Operational Resilience-BC/DR for AI Systems," "Validation and Evidence of Continuity"; AAISM Study Guide: "AI DR Test Planning- Metrics, Model Performance Validation, and Recovery Readiness."


質問 # 56
An AI system that supports critical processes has deviated from expected performance and is producing biased outcomes. Which of the following is the BEST course of action?

  • A. Conduct audits of the data and the model
  • B. Retrain the model with a new and expanded dataset
  • C. Activate the model kill switch
  • D. Perform a root cause analysis to identify mitigation steps

正解:D

解説:
AAISM directs that when harmful or biased behavior is observed in a production AI system, the organization should enter a formal incident/variance handling workflow that begins with root cause analysis (RCA) to identify the source of deviation (data drift, concept drift, feature leakage, pipeline changes, control failures) and determine proportionate risk treatments. Immediate retraining (Option A) without RCA risks reinforcing the same bias; audits (Option C) are key activities within RCA rather than the action that frames the response; a kill switch (Option D) is reserved for conditions where risk exceeds the defined tolerances and immediate harm prevention is required.
References: AI Security Management (AAISM) Body of Knowledge - Incident Response & Post-Incident Improvement; Model Risk Treatment & Drift Management; Bias Detection and Remediation Governance.


質問 # 57
Which of the following BEST represents a combination of quantitative and qualitative metrics that can be used to comprehensively evaluate AI transparency?

  • A. AI explainability reports and bias metrics
  • B. AI model complexity and accuracy metrics
  • C. AI system availability and downtime metrics
  • D. AI ethical impact and user feedback metrics

正解:D

解説:
The AAISM governance framework emphasizes that AI transparency cannot be evaluated using only technical statistics; it requires a combination of quantitative and qualitative metrics. The best pairing is ethical impact assessments (qualitative) with user feedback metrics (quantitative and perception-based). Availability and accuracy metrics measure performance, not transparency. Explainability reports and bias metrics are useful but still technical and limited. Comprehensive evaluation of transparency requires consideration of ethical dimensions and stakeholder perspectives, which is achieved through ethical impact analysis and user feedback.
References:
AAISM Study Guide - AI Governance and Program Management (Transparency and Accountability) ISACA AI Security Management - Measuring Ethical AI Practices


質問 # 58
An aerospace manufacturing company that prioritizes accuracy and security has decided to use generative AI to enhance operations. Which of the following large language model (LLM) adoption plans BEST aligns with the company's risk appetite?

  • A. Contracting LLM access from a reputable third-party provider
  • B. Developing a private LLM to automate non-critical functions
  • C. Developing a public LLM to automate critical functions
  • D. Purchasing an LLM dataset on the open market

正解:B

解説:
AAISM recommends aligning AI adoption with organizational risk appetite by limiting blast radius, protecting sensitive data, and staging adoption in lower-risk domains first. Building a private LLM for non- critical functions preserves data control, enables tighter governance (access control, logging, evaluation), and confines any model errors away from safety- or mission-critical operations. A public LLM for critical functions (A) is misaligned with a high-assurance posture; buying open-market datasets (B) raises provenance and licensing risk; third-party access (C) can be appropriate but still introduces vendor/visibility limits and data residency concerns that may not meet aerospace security needs.
References: AI Security Management™ (AAISM) Body of Knowledge - Risk Appetite Mapping to AI Use Cases; Criticality Segmentation; Data Control & Deployment Models. AAISM Study Guide - Phased Adoption for High-Assurance Environments; Private vs. Hosted LLM Trade-offs; Governance, Evaluation, and Containment Patterns.


質問 # 59
When creating a use case for an AI model that provides sensitive decisions affecting end users, which of the following is the GREATEST benefit of using model cards?

  • A. Ethical considerations of the model are documented
  • B. Data collection requirements are reduced
  • C. Model type selection is documented
  • D. Technical instructions for model deployment are created

正解:A

解説:
AAISM highlights that model cards are a governance tool designed to document ethical considerations, limitations, fairness constraints, data sources, and suitability of use cases for AI models-especially when they affect individuals' rights, opportunities, or access to services.
Their greatest value is providing transparency and ethical clarity, ensuring stakeholders understand risks, bias considerations, and how decisions impact users.
Deployment instructions (B) are not part of model cards. They do not reduce data needs (C), nor is model type selection (D) their primary purpose.
References: AAISM Study Guide - AI Governance Documentation; Transparency and Model Cards.


質問 # 60
An AI application development team has been given access to user information and now must format it to be readable by the AI model. During which phase of the data life cycle would this MOST likely occur?

  • A. Data preparation
  • B. Data normalization
  • C. Data minimization
  • D. Data collection

正解:A

解説:
In the AI data lifecycle, converting raw user information into model-readable form (e.g., cleaning, parsing, feature engineering, encoding, normalization/standardization, and schema alignment) is performed during data preparation. This phase establishes input quality and structure prior to training and inference and may include normalization as one of several preparation steps. Data collection acquires data, minimization limits data to what's necessary, and normalization is a specific technique-not the overarching phase.
References: AI Security Management (AAISM) Body of Knowledge: Data Lifecycle-Preparation and Ingestion Controls; AAISM Study Guide: Data Preparation Activities (cleaning, labeling, feature engineering, encoding) and Quality Gates.


質問 # 61
Which of the following is the MAIN objective of the operational phase of AI life cycle management?

  • A. Optimize the model's algorithms
  • B. Obtain end-user feedback on the model
  • C. Align the model to business needs
  • D. Monitor model performance

正解:D

解説:
In the operational phase, AAISM emphasizes continuous monitoring of models for performance, stability, robustness, drift, data quality, security events, and policy compliance. This includes telemetry, thresholds, alerts, incident response for AI failures, and evidence collection for audits. Alignment to business needs is established earlier in planning/governance; algorithmic optimization and feedback collection are supporting activities, but the primary operational objective is live monitoring and assurance to keep risk within tolerance.
References:* AI Security Management™ (AAISM) Body of Knowledge: AI Life Cycle-Operate/Monitor; Ongoing Performance & Drift Monitoring; AI Incident Management* AAISM Study Guide: Operational Controls, Metrics & SLAs/SLOs; Evidence & Audit Readiness in Production


質問 # 62
An organization utilizes AI-enabled mapping software to plan routes for delivery drivers. A driver following the AI route drives the wrong way down a one-way street, despite numerous signs. Which of the following biases does this scenario demonstrate?

  • A. Reporting
  • B. Automation
  • C. Selection
  • D. Confirmation

正解:B

解説:
AAISM defines automation bias as the tendency of individuals to over-rely on AI-generated outputs even when contradictory real-world evidence is available. In this scenario, the driver ignores traffic signs and follows the AI's instructions, showing blind reliance on automation. Selection bias relates to data sampling, reporting bias refers to misrepresentation of results, and confirmation bias involves interpreting information to fit pre-existing beliefs. The most accurate description is automation bias.
References:
AAISM Exam Content Outline - AI Risk Management (Bias Types in AI)
AI Security Management Study Guide - Automation Bias in AI Use


質問 # 63
An organization plans to use AI to analyze the shopping patterns of its customers to predict interests and send targeted, customized marketing emails. Which of the following should be done FIRST?

  • A. Verify customer email addresses
  • B. Train the marketing department
  • C. Update the terms of service
  • D. Obtain customer consent

正解:D

解説:
The first action, before any processing of personal data for AI-driven profiling and targeted communications, is to establish a lawful basis for processing. Under AAISM-aligned privacy governance, explicit and informed consent is prioritized for new or sensitive uses such as interest profiling and targeted marketing.
Consent ensures purpose limitation, transparency, and user control prior to model ingestion and campaign activation. Training teams, updating terms of service, or verifying contact details are important, but they do not provide legal authority to process data; therefore, they follow after consent is obtained.
References: AI Security Management (AAISM) Body of Knowledge - Privacy Governance and Lawful Basis; Purpose Limitation and Transparency; Consent Management in AI-enabled Marketing. AAISM Study Guide - Data Protection Controls for AI Profiling; Consent Capture and Record-Keeping.


質問 # 64
An organization plans to use AI to analyze the shopping patterns of its customers to predict interests and send targeted, customized marketing emails. Which of the following should be done FIRST?

  • A. Verify customer email addresses
  • B. Train the marketing department
  • C. Update the terms of service
  • D. Obtain customer consent

正解:D

解説:
The first action, before any processing of personal data for AI-driven profiling and targeted communications, is to establish a lawful basis for processing. Under AAISM-aligned privacy governance, explicit and informed consent is prioritized for new or sensitive uses such as interest profiling and targeted marketing. Consent ensures purpose limitation, transparency, and user control prior to model ingestion and campaign activation.
Training teams, updating terms of service, or verifying contact details are important, but they do not provide legal authority to process data; therefore, they follow after consent is obtained.
References: AI Security Management™ (AAISM) Body of Knowledge - Privacy Governance and Lawful Basis; Purpose Limitation and Transparency; Consent Management in AI-enabled Marketing. AAISM Study Guide - Data Protection Controls for AI Profiling; Consent Capture and Record-Keeping.


質問 # 65
An organization using an AI model for financial forecasting identifies inaccuracies caused by missing data.
Which of the following is the MOST effective data cleaning technique to improve model performance?

  • A. Increasing the frequency of model retraining with the existing data set
  • B. Tuning model hyperparameters to increase performance and accuracy
  • C. Deleting outlier data points to prevent unusual values impacting the model
  • D. Applying statistical methods to address missing data and reduce bias

正解:D

解説:
The AAISM study content emphasizes that data quality management is a central pillar of AI risk reduction.
Missing data introduces bias and undermines predictive accuracy if not addressed systematically. The most effective remediation is to apply statistical imputation and related methods to fill in or adjust for missing values in a way that minimizes bias and preserves data integrity. Retraining on flawed data does not solve the underlying issue. Deleting outliers may harm model robustness, and hyperparameter tuning optimizes model mechanics but cannot resolve missing information. Therefore, the proper corrective technique for missing data is the application of statistical methods to reduce bias.
References:
AAISM Study Guide - AI Risk Management (Data Integrity and Quality Controls) ISACA AI Governance Guidance - Data Preparation and Bias Mitigation


質問 # 66
A health services organization is developing a proprietary generative AI chatbot to assist patients with medical devices. Which of the following should be the organization's HIGHEST priority?

  • A. Maximizing neural network size
  • B. Selecting the appropriate training data
  • C. Maximizing the amount of training data
  • D. Tuning algorithms used in the AI model

正解:B

解説:
AAISM prioritizes training data suitability-lawful sourcing, provenance, quality, representativeness, and safety-especially in health-related applications. The correctness and appropriateness of training data determine clinical safety, reduction of harmful outputs, and compliance with data protection/sector obligations. Larger models or more data do not compensate for inappropriate or low-quality datasets; tuning is secondary to ensuring the right data with rigorous curation, labeling quality, and guardrails aligned to patient safety requirements.
References:* AI Security Management (AAISM) Body of Knowledge: Data Governance & Quality; High- Risk/Health Context Controls; Safety & Harm Minimization* AAISM Study Guide: Data Provenance & Suitability, Domain-Specific Dataset Controls; Compliance-by-Design for Sensitive Sectors


質問 # 67
When evaluating a third-party AI service provider, which master services agreement (MSA) provision is MOST critical for managing security risk?

  • A. Sharing real-time log information
  • B. Prohibiting the use of customer data for model training
  • C. Guaranteeing unlimited model retraining requests
  • D. Restricting query volume thresholds

正解:B

解説:
AAISM emphasizes strong contractual restrictions on how vendors use customer data, especially prohibiting vendors from using customer inputs to train or fine-tune shared models.
This protects against:
* data leakage
* intellectual property exposure
* regulatory violations
* shadow training of external models
Log sharing (B) and query limits (D) are operational controls but do not directly prevent data misuse.
Unlimited retraining (A) has no relevance to security.
References: AAISM Study Guide - Vendor Risk Management; Data Usage Restrictions in Contracts.


質問 # 68
Which of the following technologies can be used to manage deepfake risk?

  • A. Systematic data tagging
  • B. Multi-factor authentication (MFA)
  • C. Blockchain
  • D. Adaptive authentication

正解:C

解説:
The AAISM study material highlights blockchain as a control mechanism for managing deepfake risk because it provides immutable verification of digital media provenance. By anchoring original data signatures on a blockchain, organizations can verify authenticity and detect tampered or synthetic content. Data tagging helps organize but does not guarantee authenticity. MFA and adaptive authentication strengthen identity security but do not address content manipulation risks. Blockchain's immutability and traceability make it the recognized technology for mitigating deepfake challenges.
References:
AAISM Study Guide - AI Technologies and Controls (Emerging Controls for Content Authenticity) ISACA AI Governance Guidance - Blockchain for Data Integrity and Deepfake Mitigation


質問 # 69
Which of the following is the MOST likely cause of model drift?

  • A. Membership inference
  • B. Data poisoning
  • C. Model stealing
  • D. Perfect knowledge

正解:B

解説:
Model drift occurs when the statistical properties of input data and/or the relationship between features and outcomes change over time, causing degraded model performance. The AAISM guidance classifies data- centric causes (distribution shift, concept drift, and contamination) as the primary drivers and highlights that malicious contamination of training or incremental learning data (data poisoning) is a direct, high- likelihood driver of observable drift in production because it changes the effective data-generating process the model learns from. In contrast:
* Perfect knowledge is an attacker capability descriptor, not a drift cause.
* Membership inference targets privacy of the training set and does not inherently shift data distributions.
* Model stealing targets IP/confidentiality; it does not change the victim model's data distribution or decision boundary in situ.
References:* AI Security Management (AAISM) Body of Knowledge: Model Risk & Drift; Data Integrity Risks; Adversarial ML-Poisoning vs. Evasion* AAISM Study Guide: Production Monitoring & Drift Management; Risk Scenarios-Data Poisoning Impacts and Controls* AAISM Mapping to Standards:
Lifecycle Risk Treatment-Robustness to Data Contamination; Continuous Monitoring and Feedback


質問 # 70
......

AAISM練習テストPDF試験材料:https://jp.fast2test.com/AAISM-premium-file.html

AAISM問題で一発合格させる問題集にはIsaca Certification認定問題を使おう:https://drive.google.com/open?id=1urN-wEblon_KQQ1aScEjR3Moivny1DeT


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어