Explanation: Outcome robustness ensures the model's reliability and fairness across all relevant scenarios, reducing the risk of biased or unreliable decisions. Reference: ExamsEmpire Demo
",,,,, answer,A. Algorithmic fidelity,text,0,0,,1,,,,,,,, answer,B. Outcome robustness,text,1,0,,2,,,,,,,, answer,C. Sampling regression,text,0,0,,3,,,,,,,, answer,D. Versioning traceability,text,0,0,,4,,,,,,,, question,2.Which tool is commonly used to gather real-time evidence from AI inference pipelines?,single_choice,single_choice,1,2,,,,"Explanation: Model debug logs capture real-time outputs and errors, supporting effective AI audit trails. Reference: ExamsEmpire Demo
",,,,, answer,A. Static compilers,text,0,0,,1,,,,,,,, answer,B. Model debug logs,text,1,0,,2,,,,,,,, answer,C. Root access via SSH,text,0,0,,3,,,,,,,, answer,D. Power usage analyzers,text,0,0,,4,,,,,,,, question,"3.In audit planning, ________ refers to the alignment of audit objectives with business processes, stakeholder expectations, and potential AI-related risks.",single_choice,single_choice,1,3,,,,Explanation: Strategic audit alignment ensures the audit plan is relevant and addresses key business and risk priorities. Reference: ExamsEmpire Demo
,,,,, answer,A. Audit onboarding,text,0,0,,1,,,,,,,, answer,B. Strategic audit alignment,text,1,0,,2,,,,,,,, answer,C. Risk mapping,text,0,0,,3,,,,,,,, answer,D. Policy conformance,text,0,0,,4,,,,,,,, question,4.Which practices help align data governance with privacy regulations for AI? (choose two),multi_choice,multi_choice,1,4,,,,Explanation: Encrypting personal data and assigning data stewards are key practices for privacy compliance. Reference: ExamsEmpire Demo
,,,,, answer,A. Encrypting personal data at rest and in transit,text,1,0,,1,,,,,,,, answer,B. Collecting all available data regardless of purpose,text,0,0,,2,,,,,,,, answer,C. Assigning data stewards for sensitive datasets,text,1,0,,3,,,,,,,, answer,D. Skipping user consent for internal models,text,0,0,,4,,,,,,,, question,5.Which practices ensure the integrity of AI audit evidence? (choose two),multi_choice,multi_choice,1,5,,,,Explanation: Timestamping and secure hashing of evidence preserve authenticity and integrity. Reference: ExamsEmpire Demo
,,,,, answer,A. Timestamping collected data,text,1,0,,1,,,,,,,, answer,B. Allowing audit staff to modify logs,text,0,0,,2,,,,,,,, answer,C. Hashing and storing evidence securely,text,1,0,,3,,,,,,,, answer,D. Forwarding samples to external vendors without encryption,text,0,0,,4,,,,,,,, question,6.What is the first step when designing an audit plan for an AI system?,single_choice,single_choice,1,6,,,,Explanation: Identifying AI-specific risks and business objectives ensures the audit plan is relevant and comprehensive. Reference: ExamsEmpire Demo
,,,,, answer,A. Select audit sampling techniques,text,0,0,,1,,,,,,,, answer,B. Identify AI-specific risks and business objectives,text,1,0,,2,,,,,,,, answer,C. Develop a script for post-audit interviews,text,0,0,,3,,,,,,,, answer,D. Compare source code with regulatory standards,text,0,0,,4,,,,,,,, question,7.What is a primary objective of testing AI model outcomes during an audit?,single_choice,single_choice,1,7,,,,"Explanation: Verifying fairness, accuracy, and reliability ensures the model meets organizational and regulatory standards. Reference: ExamsEmpire Demo
",,,,, answer,A. To automate compliance scoring,text,0,0,,1,,,,,,,, answer,"B. To verify the model meets fairness, accuracy, and reliability standards",text,1,0,,2,,,,,,,, answer,C. To reproduce training data without constraints,text,0,0,,3,,,,,,,, answer,D. To increase computational complexity,text,0,0,,4,,,,,,,, question,8.Which activities enhance the effectiveness of AI audit planning? (choose two),multi_choice,multi_choice,1,8,,,,Explanation: Stakeholder interviews and reviewing internal controls provide context and assurance for audit planning. Reference: ExamsEmpire Demo
,,,,, answer,A. Stakeholder interviews to understand AI use,text,1,0,,1,,,,,,,, answer,B. Ignoring legacy model documentation,text,0,0,,2,,,,,,,, answer,C. Reviewing AI-related internal controls,text,1,0,,3,,,,,,,, answer,D. Prioritizing models based on popularity,text,0,0,,4,,,,,,,, question,9.Which mechanism best supports AI supervision after model deployment?,single_choice,single_choice,1,9,,,,Explanation: Real-time monitoring dashboards and alert systems provide ongoing oversight and quick detection of issues. Reference: ExamsEmpire Demo
,,,,, answer,A. Static code analysis before training,text,0,0,,1,,,,,,,, answer,B. Real-time monitoring dashboards and alert systems,text,1,0,,2,,,,,,,, answer,C. Peer review of model source code,text,0,0,,3,,,,,,,, answer,D. Server capacity testing,text,0,0,,4,,,,,,,, question,10.Which elements are fundamental to a robust AI policy framework in a regulated enterprise environment? (choose two),multi_choice,multi_choice,1,10,,,,Explanation: Bias mitigation procedures and open-source toolkit recommendations are key for robust policy frameworks. Reference: ExamsEmpire Demo
,,,,, answer,A. Clearly defined procedures for bias mitigation,text,1,0,,1,,,,,,,, answer,B. Open-source AI toolkit recommendations,text,1,0,,2,,,,,,,, answer,C. Monitoring requirements for third-party models,text,0,0,,3,,,,,,,, answer,D. Flexible data-sharing protocols with no restrictions,text,0,0,,4,,,,,,,, question,"11.When using off-the-shelf AI models, which of the following is the MOST appropriate way for organizations to approach vendor management?",single_choice,single_choice,1,11,,,,"Explanation: Clear contractual terms for updates and support are critical for managing third-party AI risks. Reference: ISACA AAIA Study Guide, Vendor Management
",,,,, answer,A. Ensure a minimum of three quotes have been obtained for market research and comparison.,text,0,0,,1,,,,,,,, answer,B. Establish responsibility and clear terms for model updates and support.,text,1,0,,2,,,,,,,, answer,C. Only use models from vendors with globally recognized accreditation.,text,0,0,,3,,,,,,,, answer,D. Use the vendor only if the contract has been reviewed by the information security department.,text,0,0,,4,,,,,,,, question,12.An organization uses an AI image generation platform to create promotional materials. An IS auditor identifies that the platform includes copyrighted images in its training data. Which of the following is the auditor's BEST recommendation to address this issue?,single_choice,single_choice,1,12,,,,"Explanation: Using platforms that certify the provenance and licensing of training data helps avoid copyright and legal risks. Reference: ISACA AAIA Study Guide, Intellectual Property and Data Licensing
",,,,, answer,A. Implement a manual review process to ensure no copyrighted images are used in generated outputs.,text,0,0,,1,,,,,,,, answer,B. Use a platform that certifies the provenance and licensing of its training data.,text,1,0,,2,,,,,,,, answer,C. Label all AI-generated images to disclaim the possibility of third-party content.,text,0,0,,3,,,,,,,, answer,D. Suspend the use of the platform until the training data is sanitized.,text,0,0,,4,,,,,,,, question,13.Which of the following is MOST important to consider when auditing an organization's AI procedures?,single_choice,single_choice,1,13,,,,"Explanation: Data validation and filtration prevent data poisoning, which can compromise model reliability. Reference: ISACA AAIA Study Guide, AI Data Integrity
",,,,, answer,A. Frequency of AI system updates to enhance security,text,0,0,,1,,,,,,,, answer,B. Employee training on recognized AI best practices,text,0,0,,2,,,,,,,, answer,C. Backup and recovery in the event of an AI data breach,text,0,0,,3,,,,,,,, answer,D. AI data validation and filtration to prevent data poisoning,text,1,0,,4,,,,,,,, question,14.A retail organization uses an AI model to analyze customers' purchase history in order to offer personalized discounts. Which of the following practices represents the MOST ethical use of customer data?,single_choice,single_choice,1,14,,,,"Explanation: Using customer data only with explicit consent and opt-out options aligns with ethical and legal standards. Reference: ISACA AAIA Study Guide, Informed Consent and Customer Privacy
",,,,, answer,A. Utilizing customer purchase data only after obtaining explicit consent and allowing customers to opt out,text,1,0,,1,,,,,,,, answer,B. Retaining and analyzing all available customer data to ensure unbiased recommendations,text,0,0,,2,,,,,,,, answer,C. Providing the public with access to review and audit the data set of collected customer information,text,0,0,,3,,,,,,,, answer,D. Sharing customer purchase data with third-party vendors to improve advertising and communication,text,0,0,,4,,,,,,,, question,15.The GREATEST benefit of using AI auditing techniques over traditional methods is that AI auditing techniques can:,single_choice,single_choice,1,15,,,,"Explanation: AI auditing techniques excel at identifying complex data patterns, which is their primary advantage over manual or traditional audit approaches. Reference: ISACA AAIA Study Guide, Advantages of AI-Enabled Audit Approaches
",,,,, answer,A. Eliminate the need for human intervention.,text,0,0,,1,,,,,,,, answer,B. Ensure full compliance with regulations.,text,0,0,,2,,,,,,,, answer,C. Identify complex data patterns.,text,1,0,,3,,,,,,,, answer,D. Significantly reduce data bias.,text,0,0,,4,,,,,,,, question,"16.An IS auditor notes the combined number of records utilized within the training, validation, and testing data sets exceeds the total number of records in the original data set. Which of the following is MOST important for the auditor to determine?",single_choice,single_choice,1,16,,,,"Explanation: If the combined size of the training, validation, and testing sets exceeds the original data size, it suggests that records may have been reused across sets, leading to data leakage and overly optimistic performance metrics. Reference: ISACA AAIA Study Guide, Data Partitioning and Leakage Risks
",,,,, answer,"A. Whether the training, validation, and testing data sets were created in the correct order",text,0,0,,1,,,,,,,, answer,B. Whether data leakage occurred from utilizing overlapping records in the data sets,text,1,0,,2,,,,,,,, answer,C. Whether a sufficient number of records were utilized in the training data set,text,0,0,,3,,,,,,,, answer,D. Whether the validation data set utilized the same number of records as the training data sets,text,0,0,,4,,,,,,,, question,17.Which of the following is the GREATEST challenge facing IS auditors evaluating the explainability of generative AI models?,single_choice,single_choice,1,17,,,,"Explanation: Algorithms that change as AI continues to learn make explainability and auditability difficult. Reference: ISACA AAIA Study Guide, AI Explainability and Dynamic Models
",,,,, answer,A. Differences of opinion regarding model types,text,0,0,,1,,,,,,,, answer,B. Difficulties in preventing the input of biased data,text,0,0,,2,,,,,,,, answer,C. Performance issues due to excessive computation,text,0,0,,3,,,,,,,, answer,D. Algorithms changing as AI continues to learn,text,1,0,,4,,,,,,,, question,"18.An organization is adopting AI for its procurement and inventory teams, raising concern from stakeholders that they will lose their jobs due to AI. Which of the following is the BEST way for the IS auditor to assess whether the potential negative impacts were minimized?",single_choice,single_choice,1,18,,,,"Explanation: Reviewing human-centered design practices ensures ethical and responsible AI adoption, minimizing negative workforce impacts. Reference: ISACA AAIA Study Guide, Human-Centered AI and Workforce Impacts
",,,,, answer,A. Review human-centered design practices to determine how they were considered.,text,1,0,,1,,,,,,,, answer,B. Review the AI roadmap for short-term and long-term milestones.,text,0,0,,2,,,,,,,, answer,C. Review how the project management team collected feedback in engagement activities.,text,0,0,,3,,,,,,,, answer,D. Review the current state assessment of how AI may impact the organization.,text,0,0,,4,,,,,,,, question,19.Which of the following is the MOST important course of action for an organization prior to allowing end users to utilize an AI tool?,single_choice,single_choice,1,19,,,,"Explanation: An AI usage policy sets the foundation for safe, ethical, and effective AI deployment. Reference: ISACA AAIA Study Guide, Policy Frameworks for End-User AI Interaction
",,,,, answer,A. Develop an AI policy with guidelines on appropriate use.,text,1,0,,1,,,,,,,, answer,B. Determine the impact to the disaster recovery plan (DRP).,text,0,0,,2,,,,,,,, answer,C. Implement baseline performance metrics.,text,0,0,,3,,,,,,,, answer,D. Ensure a cybersecurity insurance clause is in place to include the use of AI.,text,0,0,,4,,,,,,,, question,"20.Which of the following correctly summarizes the conclusions of the model card excerpt provided? Model Card ��� Electrical Grid Predictive Maintenance Model: Description: AI model designed to predict maintenance needs for electrical grid components, reduce unplanned downtime, and improve grid reliability. Inputs: Real-time sensor data, historical maintenance records, and operational logs. Outputs: Maintenance needs predictions for 60 & 90 days. Evaluation: Approach: Cross-validation and validation of accuracy, precision, and recall. Results: Accuracy 72%; Precision 60%; Recall 95%; ",single_choice,single_choice,1,20,,,,"Explanation: The F1 score summarizes the model's ability to correctly identify true maintenance needs, balancing precision and recall. Reference: ISACA AAIA Study Guide, Understanding Evaluation Metrics and Model Cards
",,,,, answer,A. The AI model correctly predicts maintenance needs 95% of the time.,text,0,0,,1,,,,,,,, answer,B. The electrical grid uptime is expected to be 72% of the time.,text,0,0,,2,,,,,,,, answer,C. Grid failure is predicted to occur after 90 days.,text,0,0,,3,,,,,,,, answer,D. F1 indicates that the model identifies true maintenance needs 76% of the time.,text,1,0,,4,,,,,,,, question,1.Which of the following is an IS auditor's MOST important course of action when determining whether source data should be entered into approved generative AI tools to assist with an audit?,single_choice,single_choice,1,1,,,,"Explanation: The most critical concern is the reliability and appropriateness of the information being entered and processed. Auditors must ensure that audit data is valid, confidential, and that generated outputs are factual and verifiable. Inputting sensitive or unverified data may lead to regulatory violations or audit inaccuracies. Reference: ISACA AAIA Study Guide, Auditor Responsibility and AI Input Validation
",,,,, answer,A. Validate that the tool is leveraging the latest model.,text,0,0,,1,,,,,,,, answer,B. Validate that the tool provides a privacy notice.,text,0,0,,2,,,,,,,, answer,C. Determine whether any AI model hallucinations have occurred.,text,0,0,,3,,,,,,,, answer,D. Determine whether the information is reliable.,text,1,0,,4,,,,,,,, question,2.An IS auditor notes that an AI model achieved significantly better results on training data than on test data. Which of the following problems with the model has the IS auditor identified?,single_choice,single_choice,1,2,,,,"Explanation: Overfitting occurs when a model performs very well on training data but poorly on unseen data, indicating that the model has learned patterns specific to the training set rather than generalizing effectively. Overfitting limits the model's applicability to real-world scenarios. Reference: ISACA AAIA Study Guide, Overfitting, Underfitting, and Generalization
",,,,, answer,A. Underfitting,text,0,0,,1,,,,,,,, answer,B. Overfitting,text,1,0,,2,,,,,,,, answer,C. Generalization,text,0,0,,3,,,,,,,, answer,D. Bias,text,0,0,,4,,,,,,,, question,3.The PRIMARY purpose of maintaining an audit trail in AI systems is to:,single_choice,single_choice,1,3,,,,"Explanation: Audit trails in AI systems document the inputs, processes, and outputs of AI decisions, allowing stakeholders and auditors to trace how decisions were made. Maintaining audit logs is critical to explainability and accountability. Reference: ISACA AAIA Study Guide, Auditability and Logging Mechanisms
",,,,, answer,A. Facilitate transparency and traceability of decisions.,text,1,0,,1,,,,,,,, answer,B. Analyze model accuracy and fairness.,text,0,0,,2,,,,,,,, answer,C. Measure computational efficiency.,text,0,0,,3,,,,,,,, answer,D. Ensure compliance with regulatory standards for AI.,text,0,0,,4,,,,,,,, question,4.An organization uses an AI image generation platform to create promotional materials. An IS auditor identifies that the platform includes copyrighted images in its training data. Which of the following is the auditor's BEST recommendation to address this issue?,single_choice,single_choice,1,4,,,,"Explanation: Ensuring that AI tools are trained on properly licensed and documented data sets is critical to avoiding copyright infringement and legal exposure. The AAIA Study Guide emphasizes using platforms with certified and traceable training data to meet ethical and legal standards. Reference: ISACA AAIA Study Guide, Ethical and Legal Considerations in AI
",,,,, answer,A. Implement a manual review process to ensure no copyrighted images are used in generated outputs.,text,0,0,,1,,,,,,,, answer,B. Use a platform that certifies the provenance and licensing of its training data.,text,1,0,,2,,,,,,,, answer,C. Label all AI-generated images to disclaim the possibility of third-party content.,text,0,0,,3,,,,,,,, answer,D. Suspend the use of the platform until the training data is sanitized.,text,0,0,,4,,,,,,,, question,5.Which of the following testing techniques would BEST validate whether an organization's data governance program effectively ensures data quality and integrity for AI model training and deployment?,single_choice,single_choice,1,5,,,,"Explanation: Assessing data lineage provides insight into the origin, flow, and transformation of data across its lifecycle, which is crucial for validating data governance. Reference: ISACA AAIA Study Guide, Data Quality, Integrity, and Governance Practices
",,,,, answer,A. Performing a business impact analysis (BIA) to assess the consequences of AI model failure,text,0,0,,1,,,,,,,, answer,B. Reviewing the organization���s AI software development life cycle documen,text,0,0,,2,,,,,,,, answer,C. Conducting a penetration test to identify vulnerabilities in the model,text,0,0,,3,,,,,,,, answer,D. Assessing data lineage to verify the traceability of data sources,text,1,0,,4,,,,,,,, question,6.Which of the following key performance indicators (KPIs) are MOST important when evaluating whether an AI model meets business objectives?,single_choice,single_choice,1,6,,,,"Explanation: The primary goal of any AI system is to provide predictions or classifications that support business decisions. Model accuracy���especially when validated against actual outcomes���is the most reliable indicator. Reference: ISACA AAIA Study Guide, AI Metrics and Business A",,,,, answer,A. Cost of resources required for AI model training,text,0,0,,1,,,,,,,, answer,B. Number of users interacting with the AI model,text,0,0,,2,,,,,,,, answer,C. Frequency of AI model retraining,text,0,0,,3,,,,,,,, answer,D. AI model accuracy in predicting actual outcomes,text,1,0,,4,,,,,,,, question,7.The PRIMARY purpose of utilizing neural networks in AI is to:,single_choice,single_choice,1,7,,,,"
Explanation: Neural networks are designed to mimic the way the human brain processes information, enabling AI systems to identify complex patterns and make decisions based on data inputs. Reference: ISACA AAIA Study Guide, Neural Networks and Deep Learning
",,,,, answer,A. Improve the user interface.,text,0,0,,1,,,,,,,, answer,B. Increase computational power.,text,0,0,,2,,,,,,,, answer,C. Mimic human decision making.,text,1,0,,3,,,,,,,, answer,D. Minimize maintenance costs.,text,0,0,,4,,,,,,,, question,"8.For a sales promotion, an AI system sorts customer attributes into several categories by analyzing transaction history. Verifying which of the following would BEST validate the effectiveness of this process?",single_choice,single_choice,1,8,,,,"Explanation: The effectiveness of an AI-driven business process depends on how well it supports defined business objectives. Validating that AI methodology aligns with intended outcomes is part of performance auditing. Reference: ISACA AAIA Study Guide, Evaluating AI Alignment with Business Objectives
",,,,, answer,A. Stress tests are regularly conducted to maintain consistent AI performance.,text,0,0,,1,,,,,,,, answer,B. The applied methodology adequately reflects business objectives.,text,1,0,,2,,,,,,,, answer,C. Sensitive attributes are converted to other data types prior to input.,text,0,0,,3,,,,,,,, answer,D. Sampling of AI output is conducted to identify unusual decisions.,text,0,0,,4,,,,,,,, question,9.The BEST way to prevent sensitive information disclosure by large language model (LLM) chatbots is through:,single_choice,single_choice,1,9,,,,"Explanation: Data masking is a critical technique that prevents the exposure of personally identifiable information (PII) or confidential content by obscuring or replacing sensitive parts of the data during training or interaction. Reference: ISACA AAIA Study Guide, Data Privacy and Information Protection in AI Systems
",,,,, answer,A. Manual monitoring,text,0,0,,1,,,,,,,, answer,B. Access controls,text,0,0,,2,,,,,,,, answer,C. Data sanitization,text,0,0,,3,,,,,,,, answer,D. Data masking,text,1,0,,4,,,,,,,, question,10.Which of the following is the PRIMARY purpose of an AI acceptable use policy?,single_choice,single_choice,1,10,,,,"Explanation: An AI acceptable use policy defines how AI tools and technologies should be ethically and responsibly used within an organization. Reference: ISACA AAIA Study Guide, Policies, Standards, and Ethical Frameworks for AI
",,,,, answer,A. Establishing guidance on the ethical use of AI,text,1,0,,1,,,,,,,, answer,B. Outlining AI usage monitoring procedures,text,0,0,,2,,,,,,,, answer,C. Educating employees on where to find and how to use AI tools,text,0,0,,3,,,,,,,, answer,D. Explaining the distinction between different types of AI,text,0,0,,4,,,,,,,, question,11.Which of the following is MOST important to review in order to gain assurance that an AI model is performing without biases?,single_choice,single_choice,1,11,,,,"Explanation: Bias in AI models is most commonly introduced through the training data. Reviewing and auditing this data is critical to ensuring that outputs do not disproportionately affect specific groups or skew results. Reference: ISACA AAIA Study Guide, Bias and Fairness in AI Systems
",,,,, answer,A. AI training data,text,1,0,,1,,,,,,,, answer,B. AI development environment,text,0,0,,2,,,,,,,, answer,C. AI model adaptability,text,0,0,,3,,,,,,,, answer,D. AI model temperature,text,0,0,,4,,,,,,,, question,12.An organization is using information gathered from customer accounts to train its AI chatbot. Which of the following is the GREATEST risk associated with this practice?,single_choice,single_choice,1,12,,,,"Explanation: The use of customer data in AI training presents a significant privacy risk, especially when the data is not properly anonymized or when consent has not been explicitly obtained. Reference: ISACA AAIA Study Guide, Privacy Risks and Data Minimization
",,,,, answer,A. Disclosure of personal information,text,1,0,,1,,,,,,,, answer,B. AI bias,text,0,0,,2,,,,,,,, answer,C. Transparency,text,0,0,,3,,,,,,,, answer,D. AI model hallucinations,text,0,0,,4,,,,,,,, question,13.Which of the following do supervised AI learning models PRIMARILY use to train algorithms?,single_choice,single_choice,1,13,,,,"Explanation: Supervised learning uses labeled data to train models. Labeled data includes input features and the correct output, enabling the model to learn the mapping function accurately. Reference: ISACA AAIA Study Guide, Types of AI Learning Models
",,,,, answer,A. Unlabeled data sets,text,0,0,,1,,,,,,,, answer,B. Clustered data sets,text,0,0,,2,,,,,,,, answer,C. Labeled data sets,text,1,0,,3,,,,,,,, answer,D. Randomized data sets,text,0,0,,4,,,,,,,, question,14.An IS auditor uses an internally developed generative AI tool to prepare a status update for audit stakeholders. Which of the following is the auditor���s MOST appropriate course of a,single_choice,single_choice,1,14,,,,"Explanation: Auditors must ensure the AI-generated output is reliable, factually accurate, and complete. Accountability for audit content remains with the auditor. Reference: ISACA AAIA Study Guide, Auditor Responsibility and Validation in AI-Aided Tasks
",,,,, answer,A. Compare results with a publicly available generative AI tool to ensure outputs are similar.,text,0,0,,1,,,,,,,, answer,B. Assess whether the information provided is complete and accurate.,text,1,0,,2,,,,,,,, answer,C. Regenerate the results to ensure similar outputs are provided.,text,0,0,,3,,,,,,,, answer,D. Share and review the results with management.,text,0,0,,4,,,,,,,, question,15.Which of the following is the GREATEST risk associated with using AI in audit planning?,single_choice,single_choice,1,15,,,,"Explanation: Incomplete or inaccurate data is the most significant risk in AI-driven audit planning. If the data input into AI tools is missing, outdated, or inconsistent, the model's suggestions for risk prioritization or control testing will be flawed. Reference: ISACA AAIA Study Guide, Data Integrity and Planning Risks
",,,,, answer,A. Increased planning costs,text,0,0,,1,,,,,,,, answer,B. Scope creep,text,0,0,,2,,,,,,,, answer,C. Incomplete data,text,1,0,,3,,,,,,,, answer,D. Limited knowledge,text,0,0,,4,,,,,,,, question,"16.In the context of an AI implementation, which of the following actions is MOST critical for an organization's change management program?",single_choice,single_choice,1,16,,,,"Explanation: A comprehensive, AI-specific risk assessment is the most critical component of a change management program to ensure that updates, retraining, or parameter adjustments do not introduce vulnerabilities or unintended consequences. Reference: ISACA AAIA Study Guide, Change Management and AI Risk Control
",,,,, answer,A. Ensuring the organization has a dedicated AI governance committee,text,0,0,,1,,,,,,,, answer,"B. Reviewing documentation for AI system changes, updates, and patches",text,0,0,,2,,,,,,,, answer,C. Conducting a comprehensive risk assessment specific to AI-related changes,text,1,0,,3,,,,,,,, answer,D. Verifying that all employees have completed mandatory AI ethics training,text,0,0,,4,,,,,,,, question,17.Which of the following is the PRIMARY reason IS auditors must be aware that generative AI may return different investment recommendations from the same set of data?,single_choice,single_choice,1,17,,,,"Explanation: Generative AI systems produce outputs using probabilistic computations, so outputs can vary with each run based on stochastic sampling techniques. Reference: ISACA AAIA Study Guide, Stochastic Behavior in Generative Models
",,,,, answer,A. Limitations can arise in the quantification of risk profiles.,text,0,0,,1,,,,,,,, answer,B. Neural node access varies each time the process is executed.,text,0,0,,2,,,,,,,, answer,C. Computational logic is based on probabilities.,text,1,0,,3,,,,,,,, answer,D. Servers are reconfigured periodically.,text,0,0,,4,,,,,,,, question,18.An IS auditor is auditing an AI system that predicts inventory needs. The system recently failed to predict a stock outage for a key product. Which of the following audit tests would BEST validate the system's accuracy?,single_choice,single_choice,1,18,,,,"Explanation: The best way to validate the accuracy of a predictive AI system is to use historical testing with past sales data (back-testing). This method reveals any gaps or biases in the model by comparing predictions to known outcomes. Reference: ISACA AAIA Study Guide, AI Model Validation Techniques
",,,,, answer,A. Unit testing of the forecasting algorithm,text,0,0,,1,,,,,,,, answer,B. Load testing during peak sales periods,text,0,0,,2,,,,,,,, answer,C. Sensitivity analysis on input variables,text,0,0,,3,,,,,,,, answer,D. Historical testing with past sales data,text,1,0,,4,,,,,,,, question,19.Which of the following strategies used by modelers to enhance data accuracy has the GREATEST risk of bias and information loss?,single_choice,single_choice,1,19,,,,"Explanation: Imputing missing values using the mean, median, or mode can reduce data variability and reinforce existing biases. Reference: ISACA AAIA Study Guide, Data Imputation and Transformation Risks
",,,,, answer,"A. Filling blank attributes in records with the mean, median, or mode within a grouping",text,1,0,,1,,,,,,,, answer,B. Identifying and deleting duplicate entries in the data set,text,0,0,,2,,,,,,,, answer,C. Separating multiple data attributes within one field into individual attribute columns,text,0,0,,3,,,,,,,, answer,D. Placing numerical data into bins or buckets for a manageable quantity of correlations and result analyses,text,0,0,,4,,,,,,,, question,20.An organization's system development process has been enhanced with AI. Which of the following features presents the GREATEST risk?,single_choice,single_choice,1,20,,,,"Explanation: Allowing AI to autonomously generate code without human review introduces significant risks, including security vulnerabilities, logic errors, and noncompliance with organizational development standards. Reference: ISACA AAIA Study Guide, AI in Software Development and Associated Risks
",,,,, answer,A. The AI allocates resources for new system development projects.,text,0,0,,1,,,,,,,, answer,B. Non-technical users are validating AI results.,text,0,0,,2,,,,,,,, answer,C. The AI personalizes applications for the user.,text,0,0,,3,,,,,,,, answer,D. All codes are generated by AI without human oversight.,text,1,0,,4,,,,,,,, question,"21.When utilizing a machine learning (ML) model to predict whether a wind turbine electricity generator will fail, which model evaluation metric should be the PRIMARY focus?",single_choice,single_choice,1,21,,,,"Explanation: In predictive maintenance use cases, Recall is the most appropriate metric because it measures the proportion of true positives correctly identified. Reference: ISACA AAIA Study Guide, Evaluation Metrics and Predictive Accuracy
",,,,, answer,A. Precision,text,0,0,,1,,,,,,,, answer,B. Specificity,text,0,0,,2,,,,,,,, answer,C. Accuracy,text,0,0,,3,,,,,,,, answer,D. Recall,text,1,0,,4,,,,,,,, question,22.Which of the following is the MOST important risk for an IS auditor to consider when reviewing the adoption of an AI system?,single_choice,single_choice,1,22,,,,"Explanation: Bias in AI decision-making is one of the most critical risks, particularly when AI influences areas like hiring, lending, or healthcare. Reference: ISACA AAIA Study Guide, Bias and Fairness in AI
",,,,, answer,A. Costs associated with AI system maintenance,text,0,0,,1,,,,,,,, answer,B. Immaturity of AI systems in the industry,text,0,0,,2,,,,,,,, answer,C. Bias in AI system decision making,text,1,0,,3,,,,,,,, answer,D. Resistance to the use of AI technology,text,0,0,,4,,,,,,,, question,23.Which of the following is the MOST important purpose of conducting a risk assessment for AI models within an organization?,single_choice,single_choice,1,23,,,,"Explanation: Risk assessments identify potential threats and vulnerabilities in AI systems and support the development of mitigation strategies. Reference: ISACA AAIA Study Guide, Risk Assessment and Mitigation for AI Systems
",,,,, answer,A. Categorizing data used by the AI model,text,0,0,,1,,,,,,,, answer,B. Defining mitigation strategies for AI deployment,text,1,0,,2,,,,,,,, answer,C. Monitoring AI model performance on an ongoing basis,text,0,0,,3,,,,,,,, answer,D. Determining whether AI model outputs align with established use cases,text,0,0,,4,,,,,,,, question,24.Which of the following will provide the BEST evidence to support the alignment of an AI model with an organization's business objectives?,single_choice,single_choice,1,24,,,,"Explanation: An AI model inventory documents the models in use, their purposes, and how they support specific business functions. Reference: ISACA AAIA Study Guide, Evidence and Documentation of AI Strategy Alignment
",,,,, answer,A. AI model vulnerability assessment,text,0,0,,1,,,,,,,, answer,B. AI change management requests,text,0,0,,2,,,,,,,, answer,C. AI model inventory,text,1,0,,3,,,,,,,, answer,D. AI acceptable use policy,text,0,0,,4,,,,,,,, question,25.Which of the following is the MOST important course of action for an organization prior to allowing end users to utilize an AI tool?,single_choice,single_choice,1,25,,,,"Explanation: An AI usage policy sets the foundation for safe, ethical, and effective AI deployment. Reference: ISACA AAIA Study Guide, Policy Frameworks for End-User AI Interaction
",,,,, answer,A. Develop an AI policy with guidelines on appropriate use.,text,1,0,,1,,,,,,,, answer,B. Determine the impact to the disaster recovery plan (DRP).,text,0,0,,2,,,,,,,, answer,C. Implement baseline performance metrics.,text,0,0,,3,,,,,,,, answer,D. Ensure a cybersecurity insurance clause is in place to include the use of AI.,text,0,0,,4,,,,,,,, question,"26.When using off-the-shelf AI models, which of the following is the MOST appropriate way for organizations to approach vendor management?",single_choice,single_choice,1,26,,,,"Explanation: Establishing clear contractual terms regarding responsibilities for ongoing model updates, maintenance, support, and incident response is essential for managing third-party AI risks. Reference: ISACA AAIA Study Guide, Third-Party AI Risk and Contractual Obligations
",,,,, answer,A. Ensure a minimum of three quotes have been obtained for market research and comparison.,text,0,0,,1,,,,,,,, answer,B. Establish responsibility and clear terms for model updates and support.,text,1,0,,2,,,,,,,, answer,C. Only use models from vendors with globally recognized accreditation.,text,0,0,,3,,,,,,,, answer,D. Use the vendor only if the contract has been reviewed by the information security department.,text,0,0,,4,,,,,,,, question,27.Which of the following is the MOST effective way an IS auditor could use generative AI to plan an audit of a new database storing transactional data?,single_choice,single_choice,1,27,,,,"Explanation: Generative AI can assist auditors during planning by generating tailored risk profiles for technologies under review, helping prioritize audit focus and scoping. Reference: ISACA AAIA Study Guide, Generative AI Use in Planning and Scoping
",,,,, answer,A. Identifying separation of duties conflicts for database data changes,text,0,0,,1,,,,,,,, answer,B. Developing architecture diagrams,text,0,0,,2,,,,,,,, answer,C. Identifying technology-specific risk and considerations,text,1,0,,3,,,,,,,, answer,D. Summarizing meeting transcripts from interviews with database administrators (DBAs),text,0,0,,4,,,,,,,,