Isaca AAIA Exam - Questions and Answers

Question 1

Which of the following metrics are the BEST indication of a mature and effective approach to an organization’s data governance program for its AI systems?

A. Total budget allocated to AI initiatives across all departments
B. Number of AI projects completed within the last fiscal year
C. Percentage of AI models with documented data lineage
D. Frequency of data quality audits on the organization's data sets

Answer : C

Question 2

Which of the following is the BEST way to support the development and design of high-risk AI systems?

A. Conduct regular training sessions for users on data privacy.
B. Ensure the availability of trustworthy data sets.
C. Regularly back up the AI system’s data to a secure, offsite location.
D. Implement multi-factor authentication (MFA) for all users accessing the AI system.

Answer : B

Question 3

An organization shares an AI model with external partners. One partner reports that sensitive data has been inadvertently exposed through the model's outputs. Which of the following is the IS auditor's BEST recommendation?

A. Retrain the model immediately and implement privacy-preserving techniques.
B. Disable the shared model and notify partners of the potential breach.
C. Limit the model's outputs to anonymized results while investigating further.
D. Audit the data pipelines of all partners to identify the source of the leak.

Answer : A

Question 4

Which of the following controls helps mitigate the risk of competitors poisoning data utilized by a machine learning (ML) model performing sentiment analysis of product reviews?

A. Peer reviewing code that acquires product reviews from social media posts
B. Hiring a marketing firm to text links to customers requesting product reviews for monetary compensation
C. Requiring customers to authenticate access to their accounts prior to writing product reviews
D. Augmenting the unbalanced product review data set with the use of oversampling by the model developer

Answer : C

Question 5

The PRIMARY purpose of maintaining an audit trail in AI systems is to:

A. facilitate transparency and traceability of decisions.
B. analyze model accuracy and fairness.
C. ensure compliance with regulatory standards for AI.
D. measure computational efficiency.

Answer : A

Question 6

Which of the following is MOST important to review in order to gain assurance that an AI model is performing without biases?

A. AI model temperature
B. AI development environment
C. AI training data
D. AI model adaptability

Answer : C

Question 7

Which of the following is the MOST important risk for an IS auditor to consider when reviewing the adoption of an AI system?

A. Immaturity of AI systems in the industry
B. Resistance to the use of AI technology
C. Costs associated with AI system maintenance
D. Bias in AI system decision making

Answer : D

Question 8

During an audit of an investment organization's AI-powered software, an IS auditor identifies a potential security risk. What is the GREATEST risk associated with staff exfiltrating organizational data to a generative AI tool?

A. Excessive reliance on AI-generated insights
B. Unauthorized data disclosure
C. Potential business disruptions
D. Data contamination due to biased AI model outputs

Answer : B

Question 9

Which of the following will provide the BEST evidence to support the alignment of an AI model with an organization’s business objectives?

A. AI change management requests
B. AI model vulnerability assessment
C. AI acceptable use policy
D. AI model inventory

Answer : D

Question 10

Which of the following should be done FIRST when an attacker exfiltrates sensitive information from an AI model?

A. Inform regulators and affected stakeholders of a potential data breach.
B. Implement rate limiting and query restrictions to reduce exploitation attempts.
C. Isolate impacted systems until the attack vector is identified.
D. Rebuild the AI model using a more secure architecture.

Answer : C

Question 11

Which of the following do supervised AI learning models PRIMARILY use to tram algorithms?

A. Unlabeled data sets
B. Randomized data sets
C. Labeled data sets
D. Clustered data sets

Answer : C

Question 12

A generative AI system has a validation control in place to reject inappropriate questions by checking them against built-in ethical standards. Which of the following enables malicious actors to circumvent this control through prompt engineering?

A. Presenting theoretical situations to justify the reason for asking the questions
B. Submitting the same questions in a foreign language translated by another AI-based system
C. Randomly placing keywords unrelated to the main topic
D. Asking the same questions later when the algorithm has changed after further learning

Answer : A

Question 13

When converting data categories before training an AI model, which of the following scenarios represents the GREATEST risk?

A. One-hot encoding the data attribute car colors for the options red, blue, green black, white
B. Creating dummy variables for the data attribute product flavor for the options vanilla, chocolate, strawberry, banana
C. One-hot encoding the data attribute customer rewards category for the options economy, business, first class
D. Creating dummy variables for the data attribute dog breed for the options labrador, terrier, beagle

Answer : C

Question 14

When utilizing a machine learning (ML) model to predict whether a wind turbine electricity generator will fail, which model evaluation metric should be the PRIMARY focus?

A. Recall
B. Specificity
C. Precision
D. Accuracy

Answer : A

Question 15

An IS auditor notes that an AI model achieved significantly better results on training data than on test data. Which of the following problems with the model has the IS auditor identified?

A. Underfitting
B. Bias
C. Overfitting
D. Generalization

Answer : C

ISACA Advanced in AI Audit v1.0

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Talk to us!