isaca aaia practice test

Which of the following should be done FIRST when an attacker exfiltrates sensitive information from
an AI model?

• A. Implement rate limiting and query restrictions to reduce exploitation attempts.
• B. Isolate impacted systems until the attack vector is identified.
• C. Rebuild the AI model using a more secure architecture.
• D. Inform regulators and affected stakeholders of a potential data breach.

Which of the following is the MOST important purpose of conducting a risk assessment for AI models
within an organization?

• A. Categorizing data used by the AI model
• B. Defining mitigation strategies for AI deployment
• C. Monitoring AI model performance on an ongoing basis
• D. Determining whether AI model outputs align with established use cases

An organization is adopting AI for its procurement and inventory teams, raising concern from
stakeholders that they will lose their jobs due to AI. Which of the following is the BEST way for the IS
auditor to assess whether the potential negative impacts were minimized?

• A. Review human-centered design practices to determine how they were considered.
• B. Review the AI roadmap for short-term and long-term milestones.
• C. Review how the project management team collected feedback in engagement activities.
• D. Review the current state assessment of how AI may impact the organization.

An IS auditor is looking to expedite reporting for an audit with complex issues. Which of the
following would be the MOST effective way for the auditor to use generative AI?

• A. Developing action items discussed in closing meetings for management action plans
• B. Developing a draft of an executive summary based on detailed findings and audit scope
• C. Revising audit conclusions with precise verbiage to describe the audit observations
• D. Revising audit background and scope information based on new information from management

Which of the following is the PRIMARY purpose of an AI acceptable use policy?

• A. Establishing guidance on the ethical use of AI
• B. Outlining AI usage monitoring procedures
• C. Educating employees on where to find and how to use AI tools
• D. Explaining the distinction between different types of AI

While evaluating a complex machine learning (ML) model used for regulatory compliance in a
financial institution, which of the following should the IS auditor do to BEST ensure transparency?

• A. Document sources and data processes.
• B. Create dashboards to show outputs.
• C. Provide periodic model audit reports.
• D. Use tools that explain model decisions.

Which of the following is the GREATEST challenge facing IS auditors evaluating the explainability of
generative AI models?

• A. Differences of opinion regarding model types
• B. Difficulties in preventing the input of biased data
• C. Performance issues due to excessive computation
• D. Algorithms changing as AI continues to learn

For a sales promotion, an AI system sorts customer attributes into several categories by analyzing
transaction history. Verifying which of the following would BEST validate the effectiveness of this
process?

• A. Stress tests are regularly conducted to maintain consistent AI performance.
• B. The applied methodology adequately reflects business objectives.
• C. Sensitive attributes are converted to other data types prior to input.
• D. Sampling of AI output is conducted to identify unusual decisions.

A bank uses a video-based know your customer (KYC) verification process. Cybercriminals exploit this
process by using deepfake technology to impersonate bank customers. Which of the following
countermeasures is the BEST way for the bank to mitigate this risk?

• A. Requesting additional identity and address documents for verification
• B. Leveraging AI-based liveness detection during video verification
• C. Encrypting all customer data and communication
• D. Discontinuing the use of the video-based verification process

Which of the following key performance indicators (KPIs) are MOST important when evaluating
whether an AI model meets business objectives?

• A. Cost of resources required for AI model training
• B. Number of users interacting with the AI model
• C. Frequency of AI model retraining
• D. AI model accuracy in predicting actual outcomes