Free Isaca AAISM Actual Exam Questions - Question 2 Discussion
language models (LLMs) in applications?
B—finding hidden vulnerabilities before deployment seems most proactive here.
D – limiting access post-output definitely cuts down exposure chances.
Option B is worth considering since adversarial testing helps identify hidden vulnerabilities that might cause leaks before the model is used widely, which is a proactive way to reduce risk.
C/D? Sanitization cuts out sensitive info upfront, but least privilege limits who can even see the output, so both reduce risk differently. In terms of output exposure though, C feels slightly stronger.
Makes sense that sanitization is key, but I think B helps too since adversarial testing can reveal hidden leaks before deployment. I’d go with B to catch issues proactively.
C imo, sanitizing data before training or output is key here.