Free Isaca AAIA Actual Exam Questions - Question 8 Discussion

C/D? I’m thinking data sanitization (C) is more proactive because it stops sensitive info from even getting into the system, which seems crucial. Masking data (D) is good but feels more like a patch after the fact; if data’s sanitized upfront, fewer risks later on. Manual monitoring (A) seems too reactive and resource-heavy, and access controls (B) might not stop the data from leaking if the model itself has sensitive info embedded. So, cleaning input data before training or use seems like the strongest first line of defense here.

B. Even if data is sanitized, without strict access controls, unauthorized users might still get sensitive info from the chatbot. Controlling who can interact is a critical layer of defense.

D, masking hides sensitive info even if data leaks happen downstream.

Option C seems solid-cleaning data before use stops leaks early.