Isaca Updated AAISM Exam Questions and Answers by boden

Effective AI BCP requires validation through exercises and controlled failover tests to prove recovery objectives can be met in practice. Merely documenting backups (Option D), hardening access (Option B), or improving monitoring (Option A) does not confirm that the AI stack—data pipelines, feature stores, model registries, inference services, and dependent infrastructure—can actually fail over and recover within RTO/RPO. AAISM prescribes periodic BCP/DR testing (including model artifact restoration, configuration reconstitution, dependency failover, and data pipeline continuity) to verify readiness and identify gaps before real incidents.

AAISM states that human oversight is the strongest control for hallucination risks, especially in high-impact decisions. Humans validate outputs, correct errors, and override unsafe model responses.

Automated validation (C) helps but cannot fully detect hallucinations. Chunking (B) improves information handling but not hallucination mitigation. Content enrichment (D) does not reduce hallucinations.

The first action, before any processing of personal data for AI-driven profiling and targeted communications, is to establish a lawful basis for processing. Under AAISM-aligned privacy governance, explicit and informed consent is prioritized for new or sensitive uses such as interest profiling and targeted marketing. Consent ensures purpose limitation, transparency, and user control prior to model ingestion and campaign activation. Training teams, updating terms of service, or verifying contact details are important, but they do not provide legal authority to process data; therefore, they follow after consent is obtained.

AAISM identifies training-data diversity and provenance assurance as primary treatments against data poisoning. Sourcing data from multiple, independently governed providers, combined with ingestion validation and anomaly screening, reduces the chance that a single compromised source can skew model behavior and improves cross-source consistency checks. Transparency, break-glass, and awareness are valuable but do not directly reduce poisoning exposure at the training boundary.