Exam AAIR Topic 1 Question 43 Discussion
Actual exam question for ISACA's AAIR exam
Question #: 43
Topic #: 1
Question #: 43
Topic #: 1
Which of the following BEST mitigates risk associated with evasion attacks on AI models?
Suggested Answer: B Vote an answer
Evasion attacks involve adversaries crafting inputs specifically designed to fool AI models into producing incorrect outputs-for example, manipulating images to evade object detection or modifying text to bypass content classifiers. Detecting these attacks requires identifying inputs that are statistically unusual or inconsistent with legitimate use patterns.
Why B is Correct: The ISACA AAIR adversarial AI security guidance identifies anomaly detection as the most effective mitigation for evasion attacks. Anomaly detection systems monitor input distributions, model query patterns, and output characteristics for statistical deviations that indicate adversarial manipulation. By identifying inputs that fall outside expected distributions or trigger unusual model responses, anomaly detection catches evasion attempts before they produce harmful outputs.
Why A is Wrong: API rate limiting controls query frequency to prevent brute-force model probing but does not detect or prevent crafted adversarial inputs sent at normal rates. An attacker can evade rate limits by spacing requests or distributing queries.
Why C is Wrong: Predictive analytics uses historical patterns to forecast future outcomes. It does not specifically detect real-time adversarial manipulation of model inputs.
Why D is Wrong: Feature importance weighting adjusts how much different input features influence model predictions. While it can improve robustness to irrelevant features, it does not detect adversarial inputs specifically crafted to exploit important features.
Why B is Correct: The ISACA AAIR adversarial AI security guidance identifies anomaly detection as the most effective mitigation for evasion attacks. Anomaly detection systems monitor input distributions, model query patterns, and output characteristics for statistical deviations that indicate adversarial manipulation. By identifying inputs that fall outside expected distributions or trigger unusual model responses, anomaly detection catches evasion attempts before they produce harmful outputs.
Why A is Wrong: API rate limiting controls query frequency to prevent brute-force model probing but does not detect or prevent crafted adversarial inputs sent at normal rates. An attacker can evade rate limits by spacing requests or distributing queries.
Why C is Wrong: Predictive analytics uses historical patterns to forecast future outcomes. It does not specifically detect real-time adversarial manipulation of model inputs.
Why D is Wrong: Feature importance weighting adjusts how much different input features influence model predictions. While it can improve robustness to irrelevant features, it does not detect adversarial inputs specifically crafted to exploit important features.
by Buck at Jul 01, 2026, 01:09 AM
Contact Us
If you have any question please leave me your email address, we will reply and send email to you in 12 hours.
Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday
Support: Contact now
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).