ISACA Advanced in AI Audit v1.0

Page:    1 / 12   
Exam contains 178 questions
Expand All

Which of the following metrics are the BEST indication of a mature and effective approach to an organization’s data governance program for its AI systems?

  • A. Total budget allocated to AI initiatives across all departments
  • B. Number of AI projects completed within the last fiscal year
  • C. Percentage of AI models with documented data lineage
  • D. Frequency of data quality audits on the organization's data sets


Answer : C

Which of the following is the BEST way to support the development and design of high-risk AI systems?

  • A. Conduct regular training sessions for users on data privacy.
  • B. Ensure the availability of trustworthy data sets.
  • C. Regularly back up the AI system’s data to a secure, offsite location.
  • D. Implement multi-factor authentication (MFA) for all users accessing the AI system.


Answer : B

An organization shares an AI model with external partners. One partner reports that sensitive data has been inadvertently exposed through the model's outputs. Which of the following is the IS auditor's BEST recommendation?

  • A. Retrain the model immediately and implement privacy-preserving techniques.
  • B. Disable the shared model and notify partners of the potential breach.
  • C. Limit the model's outputs to anonymized results while investigating further.
  • D. Audit the data pipelines of all partners to identify the source of the leak.


Answer : A

Which of the following controls helps mitigate the risk of competitors poisoning data utilized by a machine learning (ML) model performing sentiment analysis of product reviews?

  • A. Peer reviewing code that acquires product reviews from social media posts
  • B. Hiring a marketing firm to text links to customers requesting product reviews for monetary compensation
  • C. Requiring customers to authenticate access to their accounts prior to writing product reviews
  • D. Augmenting the unbalanced product review data set with the use of oversampling by the model developer


Answer : C

The PRIMARY purpose of maintaining an audit trail in AI systems is to:

  • A. facilitate transparency and traceability of decisions.
  • B. analyze model accuracy and fairness.
  • C. ensure compliance with regulatory standards for AI.
  • D. measure computational efficiency.


Answer : A

Which of the following is MOST important to review in order to gain assurance that an AI model is performing without biases?

  • A. AI model temperature
  • B. AI development environment
  • C. AI training data
  • D. AI model adaptability


Answer : C

Which of the following is the MOST important risk for an IS auditor to consider when reviewing the adoption of an AI system?

  • A. Immaturity of AI systems in the industry
  • B. Resistance to the use of AI technology
  • C. Costs associated with AI system maintenance
  • D. Bias in AI system decision making


Answer : D

During an audit of an investment organization's AI-powered software, an IS auditor identifies a potential security risk. What is the GREATEST risk associated with staff exfiltrating organizational data to a generative AI tool?

  • A. Excessive reliance on AI-generated insights
  • B. Unauthorized data disclosure
  • C. Potential business disruptions
  • D. Data contamination due to biased AI model outputs


Answer : B

Which of the following will provide the BEST evidence to support the alignment of an AI model with an organization’s business objectives?

  • A. AI change management requests
  • B. AI model vulnerability assessment
  • C. AI acceptable use policy
  • D. AI model inventory


Answer : D

An organization uses third-party licensed data for training its AI models. During an audit, it is discovered that data usage restrictions were violated. Which of the following is the IS auditor’s MOST appropriate recommendation?

  • A. Review all organizational data agreements.
  • B. Discontinue use of the AI model training data.
  • C. Strengthen system development life cycle (SDLC) controls.
  • D. Implement stronger data clustering techniques.


Answer : B

Which of the following is the MOST significant risk associated with a deep learning system algorithm being updated as it learns?

  • A. System algorithms can easily be modified by attackers because the algorithms reside in system memory.
  • B. Project stakeholders may not endorse the system because its behavior may be contrary to their expectations.
  • C. Operational risk may increase because the system is continuously running.
  • D. The system may generate discriminatory output because of biases in training data.


Answer : D

When assessing the potential risk of implementing an AI system, it is MOST important to validate the model's:

  • A. processing speed and computational efficiency,
  • B. decision-making explanations and interpretability of its outputs,
  • C. number of parameters and its overall complexity,
  • D. compatibility with existing legacy software used by the organization.


Answer : B

An organization uses an AI video generation platform to create videos for public audiences. An IS auditor notes that there are no clear governance policies defining how viewers should be informed that content is generated by AI. Which of the following recommendations would BEST ensure the ethical use of AI within this platform?

  • A. Establish a policy requiring all AI-generated content to be labeled as such for transparency.
  • B. Improve the production quality of AI-generated content to match industry standards.
  • C. Conduct regular content accuracy checks to ensure AI-generated videos meet quality expectations.
  • D. Limit access to the video generation platform to approved users within the organization.


Answer : A

Which of the following would be of GREATEST concern to an IS auditor reviewing an organization’s AI policies and procedures?

  • A. The documentation of AI models does not address business resiliency and disaster recovery.
  • B. The AI model does not have an approval process for production changes.
  • C. External validation is not required for AI systems before deployment.
  • D. The data privacy policy has not been reviewed in the past three years.


Answer : C

An IS auditor is participating in a task force to select an AI solution vendor. The vendor states that their product is only functional with web integration activated. Which of the following is the GREATEST concern?

  • A. AI training model environment
  • B. Inappropriate algorithms used by the vendor
  • C. Data hallucinations and biases
  • D. Impacts on employee and contractor workforces


Answer : A

Page:    1 / 12   
Exam contains 178 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy