QUESTION 21
An organization shares an Al model with external partners. One partner reports that sensitive data has been inadvertently exposed through the model’s outputs. Which of the following is the IS auditor’s BEST recommendation?
A. Audit the data pipelines of all partners to identify the source of the leak.
B. Limit the model’s outputs to anonymized results while investigating further.
C. Retrain the model immediately and implement privacy-preserving techniques.
D. Disable the shared model and notify partners of the potential breach.
Correct Answer: B
QUESTION 22
An Al social media platform uses an algorithm to increase user engagement that could unintentionally promote divisive content. Which of the following is the BEST course of action to mitigate this risk?
A. Introduce controls allowing individuals to customize content preferences.
B. Suspend the algorithm until concerns are addressed.
C. Regularly audit and adjust algorithms to reduce biases.
D. Obtain users’ consent for the content they wish to view.
Correct Answer: C
QUESTION 23
When using off-the-shelf Al models, which of the following is the MOST appropriate way for organizations to approach vendor management?
A. Use the vendor only if the contract has been reviewed by the information security department.
B. Ensure a minimum of three quotes have been obtained for market research and comparison.
C. Only use models from vendors with globally recognized accreditation.
D. Establish responsibility and clear terms for model updates and support.
Correct Answer: D
QUESTION 24
Which of the following is MOST important to consider when deciding whether to implement an Al solution?
A. The ethical implications of Al
B. The speed of Al implementation
C. The space required for Al hardware
D. The cost of Al implementation
Correct Answer: A
QUESTION 25
When auditing the transparency of an Al system, which of the following would be the MOST effective way to understand the model’s decision-making process?
A. Assessing the computational cost of the model
B. Reviewing the explainability of Al outputs
C. Analyzing the complexity of the algorithms used
D. Evaluating the diversity of the training data set
Correct Answer: B
QUESTION 26
Which of the following is the GREATEST challenge facing IS auditors evaluating the explainability of generative Al models?
A. Differences of opinion regarding model types
B. Performance issues due to excessive computation
C. Difficulties in preventing the input of biased data
D. Algorithms changing as Al continues to learn
Correct Answer: D
QUESTION 27
Which of the following key performance indicators (KPIs) are MOST important when evaluating whether an Al model meets business objectives?
A. Number of users interacting with the Al model
B. Al model accuracy in predicting actual outcomes
C. Cost of resources required for Al model training
D. Frequency of Al model retraining
Correct Answer: B
QUESTION 28
In order to streamline operations, a bank has deployed an Al application to automatically detect and prevent further fraud on accounts. However, customers have voiced concerns that their usual transactions are being rejected. Which of the following is the MOST likely cause of the false positives?
A. The hyperparameters are not optimized.
B. Consent is not properly managed.
C. Compute scale training was not performed.
D. Data versioning controls were not developed.
Correct Answer: A
QUESTION 29
A car manufacturer uses an Al model to predict maintenance needs for its vehicles. Which of the following techniques can an IS auditor apply to MOST effectively verify the Al model’s decisions to stakeholders?
A. Using K-means algorithms to group vehicles based on mileage or engine temperature for maintenance patterns
B. Using neural network visualization to show how the Al model processes data through its layers
C. Utilizing support vector machines (SVM) to classify vehicles based on maintenance urgency
D. Using local interpretable model-agnostic explanation (LIME) to analyze how specific features contribute to predictions
Correct Answer: D
QUESTION 30
When converting data categories before training an Al model, which of the following scenarios represents the GREATEST risk?
A. Creating dummy variables for the data attribute product flavor for the options vanilla, chocolate, strawberry, banana
B. One-hot encoding the data attribute customer rewards category for the options economy, business, first class
C. Creating dummy variables for the data attribute dog breed for the options labrador, terrier, beagle
D. One-hot encoding the data attribute car colors for the options red, blue, green, black, white
Correct Answer: D
QUESTION 31
An IS auditor is auditing a financial system in which a generative Al tool is used to identify trends in batches of 4,000 rows, while the generative Al tool has a limit of 3,000 tokens. Which of the following is the GREATEST concern?
A. The Al will process only a portion of the data set.
B. The Al will prioritize high-value entries.
C. The Al will reject the data set and not analyze the data.
D. The Al output will be biased toward the first 3,000 tokens.
Correct Answer: A
QUESTION 32
Which of the following is the MOST effective way an IS auditor could use generative Al to plan an audit of a new database storing transactional data?
A. Identifying separation of duties conflicts for database data changes
B. Summarizing meeting transcripts from interviews with database administrators (DBAs)
C. Developing architecture diagrams
D. Identifying technology-specific risk and considerations
Correct Answer: D
QUESTION 33
A healthcare organization uses data clustering to group patients by medical history for personalized treatment recommendations. Which of the following is the GREATEST privacy risk associated with this practice?
A. The clustering requires more data, increasing the risk of a privacy breach.
B. Clusters can reveal sensitive personal information depending on how the information is presented.
C. Clustering increases the complexity of the model, making data harder to anonymize.
D. Irrelevant features in the data may result in inaccurate or biased treatments.
Correct Answer: B
QUESTION 34
Which of the following testing techniques would BEST validate whether an organization’s data governance program effectively ensures data quality and integrity for Al model training and deployment?
A. Reviewing the organization’s Al software development life cycle documentation
B. Assessing data lineage to verify the traceability of data sources
C. Performing a business impact analysis (BIA) to assess the consequences of Al model failure
D. a Conducting a penetration test to identify vulnerabilities in the model
Correct Answer: B
QUESTION 35
Which of the following BEST detects model drift or unexpected changes in Al model outputs?
A. Al model retraining
B. Anomaly monitoring
C. Al model documentation reviews
D. Standardization of Al configurations
Correct Answer: B
QUESTION 36
Which of the following is an IS auditor MOST likely to use in order to ensure an Al model has the ability to make correct predictions?
A. Confusion matrix
B. Group analysis
C. Latency testing
D. Adversarial testing
Correct Answer: A
QUESTION 37
A generative Al system has a validation control in place to reject inappropriate questions by checking them against built-in ethical standards. Which of the following enables malicious actors to circumvent this control through prompt engineering?
A. Randomly placing keywords unrelated to the main topic
B. Submitting the same questions in a foreign language translated by another Al-based system
C. Presenting theoretical situations to justify the reason for asking the questions
D. Asking the same questions later when the algorithm has changed after further learning
Correct Answer: C
QUESTION 38
Which of the following should be done FIRST when an attacker exfiltrates sensitive information from an Al model?
A. Isolate impacted systems until the attack vector is identified.
B. Rebuild the Al model using a more secure architecture.
C. Implement rate limiting and query restrictions to reduce exploitation attempts.
D. Inform regulators and affected stakeholders of a potential data breach.
Correct Answer: A
QUESTION 39
An IS auditor uses an internally developed generative Al tool to prepare a status update for audit stakeholders. Which of the following is the auditor’s MOST appropriate course of action?
A. Share and review the results with management.
B. Compare results with a publicly available generative Al tool to ensure outputs are similar.
C. Regenerate the results to ensure similar outputs are provided.
D. Assess whether the information provided is complete and accurate.
Correct Answer: D
QUESTION 40
Which of the following controls helps mitigate the risk of competitors poisoning data utilized by a machine learning (ML) model performing sentiment analysis of product reviews?
A. Requiring customers to authenticate access to their accounts prior to writing product reviews
B. Augmenting the unbalanced product review data set with the use of oversampling by the model developer
C. Hiring a marketing firm to text links to customers requesting product reviews for monetary compensation
D. Peer reviewing code that acquires product reviews from social media posts
Correct Answer: A
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.