Explanation: The most critical concern is the reliability and appropriateness of the information being entered and processed. Auditors must ensure that audit data is valid, confidential, and that generated outputs are factual and verifiable. Inputting sensitive or unverified data may lead to regulatory violations or audit inaccuracies. Reference: ISACA AAIA Study Guide, Auditor Responsibility and AI Input Validation
" answer,"A. Validate that the tool is leveraging the latest model.",text,0,0,,1 answer,"B. Validate that the tool provides a privacy notice.",text,0,0,,2 answer,"C. Determine whether any AI model hallucinations have occurred.",text,0,0,,3 answer,"D. Determine whether the information is reliable.",text,1,0,,4 question,"2.An IS auditor notes that an AI model achieved significantly better results on training data than on test data. Which of the following problems with the model has the IS auditor identified?","single_choice",single_choice,1.00,2,,,,"Explanation: Overfitting occurs when a model performs very well on training data but poorly on unseen data, indicating that the model has learned patterns specific to the training set rather than generalizing effectively. Overfitting limits the model's applicability to real-world scenarios. Reference: ISACA AAIA Study Guide, Overfitting, Underfitting, and Generalization
" answer,"A. Underfitting",text,0,0,,1 answer,"B. Overfitting",text,1,0,,2 answer,"C. Generalization",text,0,0,,3 answer,"D. Bias",text,0,0,,4 question,"3.The PRIMARY purpose of maintaining an audit trail in AI systems is to:","single_choice",single_choice,1.00,3,,,,"Explanation: Audit trails in AI systems document the inputs, processes, and outputs of AI decisions, allowing stakeholders and auditors to trace how decisions were made. Maintaining audit logs is critical to explainability and accountability. Reference: ISACA AAIA Study Guide, Auditability and Logging Mechanisms
" answer,"A. Facilitate transparency and traceability of decisions.",text,1,0,,1 answer,"B. Analyze model accuracy and fairness.",text,0,0,,2 answer,"C. Measure computational efficiency.",text,0,0,,3 answer,"D. Ensure compliance with regulatory standards for AI.",text,0,0,,4 question,"4.An organization uses an AI image generation platform to create promotional materials. An IS auditor identifies that the platform includes copyrighted images in its training data. Which of the following is the auditor's BEST recommendation to address this issue?","single_choice",single_choice,1.00,4,,,,"Explanation: Ensuring that AI tools are trained on properly licensed and documented data sets is critical to avoiding copyright infringement and legal exposure. The AAIA Study Guide emphasizes using platforms with certified and traceable training data to meet ethical and legal standards. Reference: ISACA AAIA Study Guide, Ethical and Legal Considerations in AI
" answer,"A. Implement a manual review process to ensure no copyrighted images are used in generated outputs.",text,0,0,,1 answer,"B. Use a platform that certifies the provenance and licensing of its training data.",text,1,0,,2 answer,"C. Label all AI-generated images to disclaim the possibility of third-party content.",text,0,0,,3 answer,"D. Suspend the use of the platform until the training data is sanitized.",text,0,0,,4 question,"5.Which of the following testing techniques would BEST validate whether an organization's data governance program effectively ensures data quality and integrity for AI model training and deployment?","single_choice",single_choice,1.00,5,,,,"Explanation: Assessing data lineage provides insight into the origin, flow, and transformation of data across its lifecycle, which is crucial for validating data governance. Reference: ISACA AAIA Study Guide, Data Quality, Integrity, and Governance Practices
" answer,"A. Performing a business impact analysis (BIA) to assess the consequences of AI model failure",text,0,0,,1 answer,"B. Reviewing the organization’s AI software development life cycle documentation",text,0,0,,2 answer,"C. Conducting a penetration test to identify vulnerabilities in the model",text,0,0,,3 answer,"D. Assessing data lineage to verify the traceability of data sources",text,1,0,,4 question,"6.Which of the following key performance indicators (KPIs) are MOST important when evaluating whether an AI model meets business objectives?","single_choice",single_choice,1.00,6,,,,"Explanation: The primary goal of any AI system is to provide predictions or classifications that support business decisions. Model accuracy—especially when validated against actual outcomes—is the most reliable indicator. Reference: ISACA AAIA Study Guide, AI Metrics and Business Alignment
" answer,"A. Cost of resources required for AI model training",text,0,0,,1 answer,"B. Number of users interacting with the AI model",text,0,0,,2 answer,"C. Frequency of AI model retraining",text,0,0,,3 answer,"D. AI model accuracy in predicting actual outcomes",text,1,0,,4 question,"7.The PRIMARY purpose of utilizing neural networks in AI is to:","single_choice",single_choice,1.00,7,,,,"Explanation: Neural networks are designed to mimic the way the human brain processes information, enabling AI systems to identify complex patterns and make decisions based on data inputs. Reference: ISACA AAIA Study Guide, Neural Networks and Deep Learning
" answer,"A. Improve the user interface.",text,0,0,,1 answer,"B. Increase computational power.",text,0,0,,2 answer,"C. Mimic human decision making.",text,1,0,,3 answer,"D. Minimize maintenance costs.",text,0,0,,4 question,"8.For a sales promotion, an AI system sorts customer attributes into several categories by analyzing transaction history. Verifying which of the following would BEST validate the effectiveness of this process?","single_choice",single_choice,1.00,8,,,,"Explanation: The effectiveness of an AI-driven business process depends on how well it supports defined business objectives. Validating that AI methodology aligns with intended outcomes is part of performance auditing. Reference: ISACA AAIA Study Guide, Evaluating AI Alignment with Business Objectives
" answer,"A. Stress tests are regularly conducted to maintain consistent AI performance.",text,0,0,,1 answer,"B. The applied methodology adequately reflects business objectives.",text,1,0,,2 answer,"C. Sensitive attributes are converted to other data types prior to input.",text,0,0,,3 answer,"D. Sampling of AI output is conducted to identify unusual decisions.",text,0,0,,4 question,"9.The BEST way to prevent sensitive information disclosure by large language model (LLM) chatbots is through:","single_choice",single_choice,1.00,9,,,,"Explanation: Data masking is a critical technique that prevents the exposure of personally identifiable information (PII) or confidential content by obscuring or replacing sensitive parts of the data during training or interaction. Reference: ISACA AAIA Study Guide, Data Privacy and Information Protection in AI Systems
" answer,"A. Manual monitoring",text,0,0,,1 answer,"B. Access controls",text,0,0,,2 answer,"C. Data sanitization",text,0,0,,3 answer,"D. Data masking",text,1,0,,4 question,"10.Which of the following is the PRIMARY purpose of an AI acceptable use policy?","single_choice",single_choice,1.00,10,,,,"Explanation: An AI acceptable use policy defines how AI tools and technologies should be ethically and responsibly used within an organization. Reference: ISACA AAIA Study Guide, Policies, Standards, and Ethical Frameworks for AI
" answer,"A. Establishing guidance on the ethical use of AI",text,1,0,,1 answer,"B. Outlining AI usage monitoring procedures",text,0,0,,2 answer,"C. Educating employees on where to find and how to use AI tools",text,0,0,,3 answer,"D. Explaining the distinction between different types of AI",text,0,0,,4 question,"11.Which of the following is MOST important to review in order to gain assurance that an AI model is performing without biases?","single_choice",single_choice,1.00,11,,,,"Explanation: Bias in AI models is most commonly introduced through the training data. Reviewing and auditing this data is critical to ensuring that outputs do not disproportionately affect specific groups or skew results. Reference: ISACA AAIA Study Guide, Bias and Fairness in AI Systems
" answer,"A. AI training data",text,1,0,,1 answer,"B. AI development environment",text,0,0,,2 answer,"C. AI model adaptability",text,0,0,,3 answer,"D. AI model temperature",text,0,0,,4 question,"12.An organization is using information gathered from customer accounts to train its AI chatbot. Which of the following is the GREATEST risk associated with this practice?","single_choice",single_choice,1.00,12,,,,"Explanation: The use of customer data in AI training presents a significant privacy risk, especially when the data is not properly anonymized or when consent has not been explicitly obtained. Reference: ISACA AAIA Study Guide, Privacy Risks and Data Minimization
" answer,"A. Disclosure of personal information",text,1,0,,1 answer,"B. AI bias",text,0,0,,2 answer,"C. Transparency",text,0,0,,3 answer,"D. AI model hallucinations",text,0,0,,4 question,"13.Which of the following do supervised AI learning models PRIMARILY use to train algorithms?","single_choice",single_choice,1.00,13,,,,"Explanation: Supervised learning uses labeled data to train models. Labeled data includes input features and the correct output, enabling the model to learn the mapping function accurately. Reference: ISACA AAIA Study Guide, Types of AI Learning Models
" answer,"A. Unlabeled data sets",text,0,0,,1 answer,"B. Clustered data sets",text,0,0,,2 answer,"C. Labeled data sets",text,1,0,,3 answer,"D. Randomized data sets",text,0,0,,4 question,"14.An IS auditor uses an internally developed generative AI tool to prepare a status update for audit stakeholders. Which of the following is the auditor’s MOST appropriate course of action?","single_choice",single_choice,1.00,14,,,,"Explanation: Auditors must ensure the AI-generated output is reliable, factually accurate, and complete. Accountability for audit content remains with the auditor. Reference: ISACA AAIA Study Guide, Auditor Responsibility and Validation in AI-Aided Tasks
" answer,"A. Compare results with a publicly available generative AI tool to ensure outputs are similar.",text,0,0,,1 answer,"B. Assess whether the information provided is complete and accurate.",text,1,0,,2 answer,"C. Regenerate the results to ensure similar outputs are provided.",text,0,0,,3 answer,"D. Share and review the results with management.",text,0,0,,4 question,"15.Which of the following is the GREATEST risk associated with using AI in audit planning?","single_choice",single_choice,1.00,15,,,,"Explanation: Incomplete or inaccurate data is the most significant risk in AI-driven audit planning. If the data input into AI tools is missing, outdated, or inconsistent, the model's suggestions for risk prioritization or control testing will be flawed. Reference: ISACA AAIA Study Guide, Data Integrity and Planning Risks
" answer,"A. Increased planning costs",text,0,0,,1 answer,"B. Scope creep",text,0,0,,2 answer,"C. Incomplete data",text,1,0,,3 answer,"D. Limited knowledge",text,0,0,,4 question,"16.In the context of an AI implementation, which of the following actions is MOST critical for an organization's change management program?","single_choice",single_choice,1.00,16,,,,"Explanation: A comprehensive, AI-specific risk assessment is the most critical component of a change management program to ensure that updates, retraining, or parameter adjustments do not introduce vulnerabilities or unintended consequences. Reference: ISACA AAIA Study Guide, Change Management and AI Risk Control
" answer,"A. Ensuring the organization has a dedicated AI governance committee",text,0,0,,1 answer,"B. Reviewing documentation for AI system changes, updates, and patches",text,0,0,,2 answer,"C. Conducting a comprehensive risk assessment specific to AI-related changes",text,1,0,,3 answer,"D. Verifying that all employees have completed mandatory AI ethics training",text,0,0,,4 question,"17.Which of the following is the PRIMARY reason IS auditors must be aware that generative AI may return different investment recommendations from the same set of data?","single_choice",single_choice,1.00,17,,,,"Explanation: Generative AI systems produce outputs using probabilistic computations, so outputs can vary with each run based on stochastic sampling techniques. Reference: ISACA AAIA Study Guide, Stochastic Behavior in Generative Models
" answer,"A. Limitations can arise in the quantification of risk profiles.",text,0,0,,1 answer,"B. Neural node access varies each time the process is executed.",text,0,0,,2 answer,"C. Computational logic is based on probabilities.",text,1,0,,3 answer,"D. Servers are reconfigured periodically.",text,0,0,,4 question,"18.An IS auditor is auditing an AI system that predicts inventory needs. The system recently failed to predict a stock outage for a key product. Which of the following audit tests would BEST validate the system's accuracy?","single_choice",single_choice,1.00,18,,,,"Explanation: The best way to validate the accuracy of a predictive AI system is to use historical testing with past sales data (back-testing). This method reveals any gaps or biases in the model by comparing predictions to known outcomes. Reference: ISACA AAIA Study Guide, AI Model Validation Techniques
" answer,"A. Unit testing of the forecasting algorithm",text,0,0,,1 answer,"B. Load testing during peak sales periods",text,0,0,,2 answer,"C. Sensitivity analysis on input variables",text,0,0,,3 answer,"D. Historical testing with past sales data",text,1,0,,4 question,"19.Which of the following strategies used by modelers to enhance data accuracy has the GREATEST risk of bias and information loss?","single_choice",single_choice,1.00,19,,,,"Explanation: Imputing missing values using the mean, median, or mode can reduce data variability and reinforce existing biases. Reference: ISACA AAIA Study Guide, Data Imputation and Transformation Risks
" answer,"A. Filling blank attributes in records with the mean, median, or mode within a grouping",text,1,0,,1 answer,"B. Identifying and deleting duplicate entries in the data set",text,0,0,,2 answer,"C. Separating multiple data attributes within one field into individual attribute columns",text,0,0,,3 answer,"D. Placing numerical data into bins or buckets for a manageable quantity of correlations and result analyses",text,0,0,,4 question,"20.An organization's system development process has been enhanced with AI. Which of the following features presents the GREATEST risk?","single_choice",single_choice,1.00,20,,,,"Explanation: Allowing AI to autonomously generate code without human review introduces significant risks, including security vulnerabilities, logic errors, and noncompliance with organizational development standards. Reference: ISACA AAIA Study Guide, AI in Software Development and Associated Risks
" answer,"A. The AI allocates resources for new system development projects.",text,0,0,,1 answer,"B. Non-technical users are validating AI results.",text,0,0,,2 answer,"C. The AI personalizes applications for the user.",text,0,0,,3 answer,"D. All codes are generated by AI without human oversight.",text,1,0,,4 question,"21.When utilizing a machine learning (ML) model to predict whether a wind turbine electricity generator will fail, which model evaluation metric should be the PRIMARY focus?","single_choice",single_choice,1.00,21,,,,"Explanation: In predictive maintenance use cases, Recall is the most appropriate metric because it measures the proportion of true positives correctly identified. Reference: ISACA AAIA Study Guide, Evaluation Metrics and Predictive Accuracy
" answer,"A. Precision",text,0,0,,1 answer,"B. Specificity",text,0,0,,2 answer,"C. Accuracy",text,0,0,,3 answer,"D. Recall",text,1,0,,4 question,"22.Which of the following is the MOST important risk for an IS auditor to consider when reviewing the adoption of an AI system?","single_choice",single_choice,1.00,22,,,,"Explanation: Bias in AI decision-making is one of the most critical risks, particularly when AI influences areas like hiring, lending, or healthcare. Reference: ISACA AAIA Study Guide, Bias and Fairness in AI
" answer,"A. Costs associated with AI system maintenance",text,0,0,,1 answer,"B. Immaturity of AI systems in the industry",text,0,0,,2 answer,"C. Bias in AI system decision making",text,1,0,,3 answer,"D. Resistance to the use of AI technology",text,0,0,,4 question,"23.Which of the following is the MOST important purpose of conducting a risk assessment for AI models within an organization?","single_choice",single_choice,1.00,23,,,,"Explanation: Risk assessments identify potential threats and vulnerabilities in AI systems and support the development of mitigation strategies. Reference: ISACA AAIA Study Guide, Risk Assessment and Mitigation for AI Systems
" answer,"A. Categorizing data used by the AI model",text,0,0,,1 answer,"B. Defining mitigation strategies for AI deployment",text,1,0,,2 answer,"C. Monitoring AI model performance on an ongoing basis",text,0,0,,3 answer,"D. Determining whether AI model outputs align with established use cases",text,0,0,,4 question,"24.Which of the following will provide the BEST evidence to support the alignment of an AI model with an organization's business objectives?","single_choice",single_choice,1.00,24,,,,"Explanation: An AI model inventory documents the models in use, their purposes, and how they support specific business functions. Reference: ISACA AAIA Study Guide, Evidence and Documentation of AI Strategy Alignment
" answer,"A. AI model vulnerability assessment",text,0,0,,1 answer,"B. AI change management requests",text,0,0,,2 answer,"C. AI model inventory",text,1,0,,3 answer,"D. AI acceptable use policy",text,0,0,,4 question,"25.Which of the following is the MOST important course of action for an organization prior to allowing end users to utilize an AI tool?","single_choice",single_choice,1.00,25,,,,"Explanation: An AI usage policy sets the foundation for safe, ethical, and effective AI deployment. Reference: ISACA AAIA Study Guide, Policy Frameworks for End-User AI Interaction
" answer,"A. Develop an AI policy with guidelines on appropriate use.",text,1,0,,1 answer,"B. Determine the impact to the disaster recovery plan (DRP).",text,0,0,,2 answer,"C. Implement baseline performance metrics.",text,0,0,,3 answer,"D. Ensure a cybersecurity insurance clause is in place to include the use of AI.",text,0,0,,4 question,"26.When using off-the-shelf AI models, which of the following is the MOST appropriate way for organizations to approach vendor management?","single_choice",single_choice,1.00,26,,,,"Explanation: Establishing clear contractual terms regarding responsibilities for ongoing model updates, maintenance, support, and incident response is essential for managing third-party AI risks. Reference: ISACA AAIA Study Guide, Third-Party AI Risk and Contractual Obligations
" answer,"A. Ensure a minimum of three quotes have been obtained for market research and comparison.",text,0,0,,1 answer,"B. Establish responsibility and clear terms for model updates and support.",text,1,0,,2 answer,"C. Only use models from vendors with globally recognized accreditation.",text,0,0,,3 answer,"D. Use the vendor only if the contract has been reviewed by the information security department.",text,0,0,,4 question,"27.Which of the following is the MOST effective way an IS auditor could use generative AI to plan an audit of a new database storing transactional data?","single_choice",single_choice,1.00,27,,,,"Explanation: Generative AI can assist auditors during planning by generating tailored risk profiles for technologies under review, helping prioritize audit focus and scoping. Reference: ISACA AAIA Study Guide, Generative AI Use in Planning and Scoping
" answer,"A. Identifying separation of duties conflicts for database data changes",text,0,0,,1 answer,"B. Developing architecture diagrams",text,0,0,,2 answer,"C. Identifying technology-specific risk and considerations",text,1,0,,3 answer,"D. Summarizing meeting transcripts from interviews with database administrators (DBAs)",text,0,0,,4