Was :
$142.2
Today :
$79
Was :
$160.2
Today :
$89
Was :
$178.2
Today :
$99
What Is the AAIR Certification Exam?
The AAIR certification exam is a standardized assessment designed to measure a candidate's knowledge, competencies, and practical understanding within a defined professional field. It serves as the primary requirement for earning the ISACA Advanced in AI Risk™ (AAIR™), a credential that represents a recognized level of proficiency in its respective industry. Depending on the field, this may involve theoretical knowledge, applied problem-solving, regulatory understanding, or hands-on procedural competence.
The exam is typically developed and maintained by an accrediting body or professional organization that sets the standards for the ISACA Advanced in AI Risk™ (AAIR™). This ensures that anyone who earns the credential has met a consistent benchmark, regardless of where they studied or gained their experience. For many professionals, the AAIR Certification Exam represents a formal checkpoint in their career, one that confirms readiness to take on greater responsibility within their chosen field.
Why the ISACA Advanced in AI Risk™ (AAIR™) Certification Matters?
Certifications like the ISACA Advanced in AI Risk™ (AAIR™) exist because industries need a reliable way to verify competence beyond a resume or a job title. Earning this credential signals to employers, clients, and colleagues that a professional has invested time in building a structured foundation of knowledge and has been evaluated against an established standard.
Beyond individual recognition, the ISACA Advanced in AI Risk™ (AAIR™) certification often supports broader professional development. It can influence hiring decisions, contribute to internal advancement, or serve as a prerequisite for more specialized roles within the field. In many industries, certifications also help standardize expectations across organizations, making it easier for professionals to move between employers or sectors while carrying a credential that is widely understood and respected.
Who Should Take the AAIR Exam?
The AAIR exam is generally relevant to individuals who are either entering a field or looking to formalize skills they have already developed through experience. This can include early-career professionals seeking a credential to support their first steps into the industry, as well as experienced practitioners who want official recognition of knowledge gained on the job.
Students preparing to enter the workforce may also pursue the AAIR exam as a way to strengthen their qualifications before graduating or applying for their first roles. In some fields, employers actively encourage or require staff to pursue this certification as part of ongoing professional development, particularly in industries where standards, safety, or compliance play a significant role in daily responsibilities.
Knowledge and Skills Evaluated in the ISACA Advanced in AI Risk
The ISACA Advanced in AI Risk is built to evaluate both foundational knowledge and the practical judgment needed to apply that knowledge in real situations. Candidates are generally expected to understand core principles and terminology relevant to their field, along with the reasoning behind established procedures, standards, or best practices.
Depending on the industry, this may include understanding regulatory requirements, following established protocols, applying analytical or technical methods, or exercising sound judgment in situations that require careful decision-making. Rather than testing isolated facts in a vacuum, the ISACA Advanced in AI Risk tends to reward candidates who can connect concepts to realistic scenarios, reflecting the kind of thinking expected in day-to-day professional practice.
AAIR Exam Preparation Resources
Preparing for the AAIR certification exam becomes more effective when using high-quality and up-to-date study materials. MyCertsHub provides resources designed to help candidates build knowledge, practice consistently, and become familiar with the actual exam format.
Effective preparation for the AAIR certification exam usually begins with a clear understanding of the exam's objectives and structure. Reviewing official guidelines or documentation published by the certifying body provides the most accurate picture of what will be covered and how heavily different areas are weighted.
From there, many candidates benefit from building a structured study plan that breaks preparation into manageable sections over a set period of time. A well-organized AAIR Study Guide can help sequence this material logically, especially for those approaching a topic for the first time. Consistent review, paired with realistic practice, tends to produce better retention than concentrated last-minute studying.
Practical experience, where applicable to the field, also plays an important role in preparation. Working through AAIR Practice Questions and a AAIR practice test can help candidates identify gaps in their understanding and become familiar with the format and pacing of the actual exam. In fields where hands-on skill is assessed, supplementing study with real-world practice or supervised experience often makes the difference between recognizing correct information and genuinely understanding it.
Benefits of Earning the ISACA Advanced in AI Risk™ (AAIR™) Certification
Successfully earning the ISACA Advanced in AI Risk™ (AAIR™) certification offers benefits that extend well beyond passing a single exam. It provides documented proof of competence that can be referenced on a resume, professional profile, or internal performance review, offering a clear, third-party validation of skill and knowledge.
The credential can also strengthen professional credibility when working with clients, patients, stakeholders, or colleagues who may not be positioned to evaluate technical or specialized knowledge directly. Over time, this recognition often contributes to expanded career opportunities, whether through new responsibilities, higher-level roles, or eligibility for additional certifications that build on this foundational credential.
Prepare for the AAIR Exam with MyCertsHub
Preparing for the AAIR exam is a process that benefits from organized, consistent effort rather than rushed, last-minute review. MyCertsHub is designed to support that process by offering study resources, practice materials, and educational content that help candidates understand what the ISACA Advanced in AI Risk covers and how to approach their preparation thoughtfully.
Whether someone is just beginning to explore the ISACA Advanced in AI Risk™ (AAIR™) or is in the final stages of reviewing material before their exam date, MyCertsHub aims to serve as a dependable resource throughout that journey. Every candidate's path to certification looks a little different, and the goal remains the same: to provide clear, genuinely useful information that supports real understanding of the subject matter.
Isaca AAIR Sample Question Answers
Question # 1
An organization's third-party AI vendor experiences a data breach that exposes the training data
used for the organization's AI model. What is the FIRST action the organization should take?
A. Notify affected customers immediately. B. Activate the incident response plan, assess the scope and impact of the breach on theorganization's AI system and data, and coordinate with the vendor. C. Terminate the vendor contract. D. Suspend the AI system and retrain the model.
Answer: B
Explanation:
Option A: A is incorrect. Customer notification is required but should occur after impact assessment and
in accordance with regulatory timelines, not as the immediate first action.
Option B (CORRECT): B is correct. The first action in any incident is to activate the incident response
process, assess scope and impact, and coordinate with the affected party (the vendor). These steps
provide the information needed for all subsequent decisions, including notifications and system actions.
Option C: C is incorrect. Contract termination is a significant decision that should follow impact
assessment, not precede it.
Option D: D is incorrect. System suspension and retraining may be necessary but should follow impact
assessment, not precede understanding of the breach scope.
Question # 2
A threat modeling exercise for a generative AI chatbot identifies that malicious users could use
prompt injection to cause the chatbot to reveal system prompts, bypass safety filters, and produce
harmful content. Which combination of controls is MOST effective?
A. Rate limiting and IP blocking. B. Input validation and sanitization, output filtering, hardened system prompt design, andhuman review escalation triggers for anomalous outputs. C. End-to-end encryption and access logging. D. Regular retraining with adversarial examples and user authentication.
Answer: B
Explanation:
Option A: A is incorrect. Rate limiting and IP blocking address volumetric attacks and access controls
but do not address the content-level prompt injection threat.
Option B (CORRECT): B is correct. Prompt injection requires a layered defense: input validation
leakage risk; human escalation catches what automated controls miss. Defense-in-depth is required for
generative AI threats.
Option C: C is incorrect. Encryption protects data in transit; logging is detective. Neither prevents prompt
injection attacks.
Option D: D is incorrect. Retraining with adversarial examples and authentication are useful but are
incomplete without input/output controls as the primary preventive layer.
Question # 3
An organization wants to implement a Key Performance Indicator (KPI) for its AI risk management
program. Which of the following BEST serves as an AI risk program KPI?
A. Number of AI models in production. B. Percentage of high-risk AI systems with completed annual risk assessments. C. Total number of AI incidents reported in the past year. D. Average cost per AI model retraining cycle
Answer: B
Explanation:
Option A: A is incorrect. Model count is an inventory metric, not a program performance indicator.
Option B (CORRECT): B is correct. The percentage of high-risk AI systems with completed annual risk
assessments directly measures the effectiveness of the risk management program — a true KPI. It
tracks whether the program is executing its core governance function.
Option C: C is incorrect. Incident count is a KRI (risk indicator) not a KPI (performance indicator) — it
measures risk events, not program effectiveness.
Option D: D is incorrect. Retraining cost is a financial metric, not a risk program performance indicator.
Question # 4
An organization wants to implement a Key Performance Indicator (KPI) for its AI risk management
program. Which of the following BEST serves as an AI risk program KPI?
A. Number of AI models in production. B. Percentage of high-risk AI systems with completed annual risk assessments. C. Total number of AI incidents reported in the past year. D. Average cost per AI model retraining cycle
Answer: B
Explanation:
Option A: A is incorrect. Model count is an inventory metric, not a program performance indicator.
Option B (CORRECT): B is correct. The percentage of high-risk AI systems with completed annual risk
assessments directly measures the effectiveness of the risk management program — a true KPI. It
tracks whether the program is executing its core governance function.
Option C: C is incorrect. Incident count is a KRI (risk indicator) not a KPI (performance indicator) — it
measures risk events, not program effectiveness.
Option D: D is incorrect. Retraining cost is a financial metric, not a risk program performance indicator.
Question # 5
An organization's AI risk register lists a risk as 'AI model produces discriminatory outputs for loan
applicants.' The risk owner marks it as 'accepted' without implementing any controls. The risk level
is rated 'High.' What is the MOST significant concern with this risk treatment decision?
A. The risk register format does not include space for detailed justification. B. High risks should not be accepted without formal board or executive approval anddocumented justification. C. The risk owner should have transferred the risk to the AI vendor. D. The risk should have been avoided rather than accepted.
Answer: B
Explanation:
Option A: A is incorrect. Register format is an administrative concern, not the significant governance
issue here.
Option B (CORRECT): B is correct. Risk acceptance for high-rated risks requires explicit executive or
board authorization, documented justification, and defined acceptance criteria. Informal acceptance by
the risk owner of a high risk without these elements is a governance failure.
Option C: C is incorrect. Risk transfer may not be appropriate or available, and does not address the
governance failure of informal high-risk acceptance.
Option D: D is incorrect. Risk avoidance may or may not be appropriate — but the issue identified is the
process failure, not the choice of treatment.
Question # 6
An organization's AI system for medical image analysis is involved in a patient safety incident. TheAI model provided a false negative diagnosis. Post-incident analysis reveals the model's trainingdata lacked representation of the patient demographic involved. Root cause analysis identifiesthree contributing factors: training data gap, absence of model revalidation post-deployment, andno clinical override mechanism. Which control would have been MOST effective at preventingpatient harm?
A. Enhanced model monitoring for performance drift. B. A mandatory clinical review requirement where a qualified physician confirms or overrides allAI diagnoses before clinical action. C. Retraining the model on a more diverse dataset. D. Implementing a third-party model audit before deployment.
Answer: B
Explanation:
Option A: A is incorrect. Performance drift monitoring is a detective control. It would identify degradation
over time but would not have prevented this specific patient harm incident.
Option B (CORRECT): B is correct. Given the three identified failure modes, the mandatory clinical
override mechanism directly addresses patient safety at the point of care. It is a preventive control that
would have caught the false negative before clinical action, regardless of training data gaps or
monitoring failures. Governance before technology — human oversight is the critical safety control.
Option C: C is incorrect. Retraining would address the training data gap prospectively but would not
have prevented the incident described.
Option D: D is incorrect. Pre-deployment audit would have identified risks but, like retraining, is
retrospective relative to this incident.
Question # 7
An organization's AI system for medical image analysis is involved in a patient safety incident. TheAI model provided a false negative diagnosis. Post-incident analysis reveals the model's trainingdata lacked representation of the patient demographic involved. Root cause analysis identifiesthree contributing factors: training data gap, absence of model revalidation post-deployment, andno clinical override mechanism. Which control would have been MOST effective at preventingpatient harm?
A. Enhanced model monitoring for performance drift. B. A mandatory clinical review requirement where a qualified physician confirms or overrides allAI diagnoses before clinical action. C. Retraining the model on a more diverse dataset. D. Implementing a third-party model audit before deployment.
Answer: B
Explanation:
Option A: A is incorrect. Performance drift monitoring is a detective control. It would identify degradation
over time but would not have prevented this specific patient harm incident.
Option B (CORRECT): B is correct. Given the three identified failure modes, the mandatory clinical
override mechanism directly addresses patient safety at the point of care. It is a preventive control that
would have caught the false negative before clinical action, regardless of training data gaps or
monitoring failures. Governance before technology — human oversight is the critical safety control.
Option C: C is incorrect. Retraining would address the training data gap prospectively but would not
have prevented the incident described.
Option D: D is incorrect. Pre-deployment audit would have identified risks but, like retraining, is
retrospective relative to this incident.
Question # 8
An organization's AI incident response plan does not address AI-specific scenarios such as model
failure, adversarial attack, or AI-generated misinformation. What is the PRIMARY risk of this gap?
A. The organization may face difficulty obtaining cyber insurance. B. When an AI-specific incident occurs, response teams will lack guidance, leading to delayed,inadequate, or inconsistent responses that increase harm. C. Regulatory auditors will penalize the organization for missing documentation. D. The AI vendor may not provide support during an AI incident.
Answer: B
Explanation:
Option A: A is incorrect. Insurance is a financial risk management tool, not the primary risk from missing
incident response plans.
Option B (CORRECT): B is correct. Without AI-specific incident response guidance, teams responding
to novel AI incidents (adversarial attacks, model failures, bias events) will face confusion, delays, and
inconsistency — directly increasing the scope of harm. Effective incident response requires pre-planned,
AI-specific playbooks.
Option C: C is incorrect. Regulatory penalties are a consequence, not the primary operational risk.
Option D: D is incorrect. Vendor support gaps are a third-party risk, not the primary risk from internal
incident response gaps.
Question # 9
Which type of AI control is MOST effective at preventing unauthorized model manipulation before it
occurs?
A. Detective control B. Corrective control C. Preventive control D. Compensating control
Answer: C
Explanation:
Option A: A is incorrect. Detective controls identify issues after they have occurred, not before.
Option B: B is incorrect. Corrective controls address issues after they are detected, not before.
Option C (CORRECT): C is correct. Preventive controls stop unauthorized actions before they occur.
ISACA consistently emphasizes preventive controls as most effective because they prevent harm rather
than detecting or correcting it after the fact.
Option D: D is incorrect. Compensating controls provide alternative risk mitigation when primary controls
are not feasible — they are not inherently preventive.
Question # 10
An AI risk assessment identifies that an AI model has a 15% probability of producing biased
outputs that could result in discriminatory hiring outcomes. The organization's risk appetite states
that discrimination risk must be kept below 5%. Which risk treatment option BEST addresses this
situation?
A. Risk acceptance — document the 15% probability and monitor outcomes. B. Risk avoidance — discontinue the use of AI for hiring decisions. C. Risk mitigation — implement bias detection controls, diverse training data, and humanreview requirements to reduce the probability below 5%. D. Risk transfer — purchase AI liability insurance to cover discrimination claims
Answer: C
Explanation:
Option A: A is incorrect. Accepting a risk that exceeds the stated risk appetite is a governance violation
without explicit board approval.
Option B: B is incorrect. Risk avoidance is appropriate when the risk cannot be reduced to appetite
levels, which has not been established here.
Option C (CORRECT): C is correct. Risk mitigation is the appropriate treatment when the current risk
level (15%) exceeds the risk appetite (5%) but the business objective (AI-assisted hiring) has value. Bias
detection, diverse data, and human review are recognized controls that can reduce the risk to the target
level.
Option D: D is incorrect. Insurance transfers financial liability but does not reduce the probability of
discriminatory outcomes, which is what the risk appetite addresses.
Question # 11
An organization's AI system for supply chain optimization is targeted by a sophisticated adversarial
attack that subtly manipulates input data to cause the model to recommend favorable but fictitious
suppliers. This attack is designed to be undetectable by standard anomaly detection. What type of
attack is this and what control is MOST effective?
A. Prompt injection — implement input sanitization filters. B. Data poisoning — implement integrity verification of training data pipelines. C. Adversarial example attack on inference inputs — implement adversarial robustness testingand input validation controls. D. Model inversion attack — implement output filtering controls.
Answer: C
Explanation:
Option A: A is incorrect. Prompt injection attacks target LLM text inputs, not structured data
manipulation in optimization models.
Option B: B is incorrect. Data poisoning occurs during training. This attack manipulates inference inputs,
not training data.
Option C (CORRECT): C is correct. Subtle manipulation of inference-time inputs to cause specific
misclassifications is the signature of an adversarial example attack. Adversarial robustness testing
(including red-team testing with adversarial inputs) and strong input validation controls are the most
effective defenses.
Option D: D is incorrect. Model inversion attacks attempt to reconstruct training data from outputs, not
manipulate inference inputs.
Question # 12
An organization's AI risk manager wants to establish Key Risk Indicators (KRIs) for its AI systems.
Which metric BEST qualifies as an AI KRI?
A. Number of AI systems deployed in the past year. B. Percentage of AI models overdue for periodic revalidation. C. Total AI development budget utilized. D. Number of AI vendor contracts executed.
Answer: B
Explanation:
Option A: A is incorrect. Number of systems deployed is an inventory metric, not a risk indicator.
Option B (CORRECT): B is correct. The percentage of AI models overdue for revalidation is a true KRI
— it signals increasing risk exposure from models that may have drifted, degraded, or become noncompliant over time. KRIs are leading indicators of risk, not operational or financial metrics.
Option C: C is incorrect. Budget utilization is a financial metric, not a risk indicator.
Option D: D is incorrect. Contract count is a procurement metric, not a risk indicator
Question # 13
An organization maintains an AI asset registry. Which information is MOST critical to include in the
registry for AI risk governance purposes?
A. Names of software developers who built each AI system. B. System purpose, data inputs, risk classification, owner, deployment environment, and reviewschedule. C. Licensing costs and vendor contract expiry dates. D. Programming languages and frameworks used in development.
Answer: B
Explanation:
Option A: A is incorrect. Developer names are personnel records, not AI governance information.
Option B (CORRECT): B is correct. An AI asset registry serves governance purposes by documenting
what each system does, what data it uses, its risk level, who owns it, where it runs, and when it needs
review. This information enables risk-based oversight and accountability.
Option C: C is incorrect. Licensing costs are financial records. Contract expiry is vendor management
information. Neither is primary for AI risk governance. Option D: D is incorrect. Technical implementation details are developer documentation, not the primary
content of a governance-oriented AI registry.
Question # 14
An AI development team uses an open-source machine learning library. A vulnerability is
discovered in the library that could allow model manipulation. What is the MOST appropriate
immediate action?
A. Wait for the open-source community to release a patch. B. Assess the risk to the AI system, apply available patches, or implement compensatingcontrols immediately. C. Replace the AI system with a commercial alternative. D. Notify affected customers of the potential vulnerability.
Answer: B
Explanation:
Option A: A is incorrect. Waiting passively for a community patch leaves the organization exposed. An
immediate response is required.
Option B (CORRECT): B is correct. Immediate risk assessment followed by patching or compensating
controls is the appropriate response to a discovered vulnerability in a production AI dependency. This
follows standard vulnerability management principles.
Option C: C is incorrect. Replacing the entire system is a disproportionate response for a library
vulnerability. Patching is the appropriate first action.
Option D: D is incorrect. Customer notification may be required depending on risk assessment
outcomes but is not the most appropriate immediate action.
Question # 15
An organization discovers that its AI model for medical diagnosis has been using a training dataset
that includes records from a clinical trial that was later found to have significant ethical violations.
The organization has already deployed the model. What is the MOST appropriate governance
action?
A. Continue operating the model since its accuracy is validated. B. Immediately suspend the model, conduct a full impact assessment, remove ethicallycompromised data from training, retrain, and revalidate before redeployment. C. Notify stakeholders of the data issue but continue operations with enhanced monitoring. D. Consult with legal counsel to assess liability and then decide on action.
Answer: B
Explanation:
Option A: A is incorrect. Accuracy validation does not excuse the use of unethically obtained data. The
ethical and legal obligations require action.
Option B (CORRECT): B is correct. The discovery of ethically compromised training data in a deployed
medical AI system requires immediate suspension and remediation. Medical diagnosis decisions based
on unethical data create patient safety, ethical, and regulatory risks that cannot be mitigated by
monitoring alone. Option C: C is incorrect. Continuing operations with monitoring allows ethically compromised decisions
to continue affecting patients — this is unacceptable.
Option D: D is incorrect. Legal consultation may be needed but is not the primary governance action.
Patient safety requires immediate operational action.
Question # 16
Which AI lifecycle phase is MOST focused on ensuring the AI system is ready for production use?
A. Design B. Training C. Testing and Validation D. Decommissioning
Answer: C
Explanation:
Option A: A is incorrect. Design is the conceptual planning phase, not readiness confirmation.
Option B: B is incorrect. Training develops the model — validation determines readiness.
Option C (CORRECT): C is correct. The Testing and Validation phase is explicitly focused on confirming
that the AI system meets performance, accuracy, fairness, and safety requirements before being
approved for production deployment.
Option D: D is incorrect. Decommissioning is the end-of-life phase, not production readiness.
Question # 17
An organization uses a third-party AI platform where model training occurs on vendorinfrastructure. What is the PRIMARY data governance risk?
A. The vendor may use the organization's training data to improve their own models. B. The vendor's infrastructure may be slower than on-premise solutions. C. The organization's employees may not be trained on the vendor platform. D. The AI model may produce less accurate results on vendor hardware.
Answer: A
Explanation:
Option A (CORRECT): A is correct. A primary data governance risk when training on vendor
infrastructure is that the vendor may use the organization's proprietary training data to improve their own
commercial models — a practice disclosed in some vendor terms. This represents a data confidentiality
and intellectual property risk.
Option B: B is incorrect. Infrastructure speed is a performance concern, not the primary data
governance risk.
Option C: C is incorrect. Employee training is a competency concern, not the primary data governance
risk.
Option D: D is incorrect. Model accuracy on different hardware is a technical concern, not the primary
data governance risk.
Question # 18
During AI deployment, a post-deployment review reveals that the model is performing well onaverage but has significantly higher error rates for a specific user subgroup (elderly customers). Noone escalated this issue during testing. What is the ROOT CAUSE of this governance failure?
A. Insufficient model accuracy during training. B. The testing and validation process lacked requirements for disaggregated performanceevaluation across demographic subgroups. C. The model was not retrained on elderly customer data. D. The business unit failed to specify performance requirements.
Answer: B
Explanation:
Option A: A is incorrect. Overall model accuracy was acceptable — the problem is differential accuracy,
not overall accuracy.
Option B (CORRECT): B is correct. The root cause is a governance gap in the testing process — the
absence of disaggregated (subgroup-level) performance evaluation requirements. Testing only
aggregate performance masks disparate impacts on subgroups, which is a well-documented AI fairness
failure mode.
Option C: C is incorrect. Retraining is a remediation action, not the root cause of the governance failure.
Option D: D is incorrect. Business unit specifications are an input, but the root cause is the testing
process's failure to require subgroup-level evaluation.
Question # 19
During AI deployment, a post-deployment review reveals that the model is performing well onaverage but has significantly higher error rates for a specific user subgroup (elderly customers). Noone escalated this issue during testing. What is the ROOT CAUSE of this governance failure?
A. Insufficient model accuracy during training. B. The testing and validation process lacked requirements for disaggregated performanceevaluation across demographic subgroups. C. The model was not retrained on elderly customer data. D. The business unit failed to specify performance requirements.
Answer: B
Explanation:
Option A: A is incorrect. Overall model accuracy was acceptable — the problem is differential accuracy,
not overall accuracy.
Option B (CORRECT): B is correct. The root cause is a governance gap in the testing process — the
absence of disaggregated (subgroup-level) performance evaluation requirements. Testing only
aggregate performance masks disparate impacts on subgroups, which is a well-documented AI fairness
failure mode.
Option C: C is incorrect. Retraining is a remediation action, not the root cause of the governance failure.
Option D: D is incorrect. Business unit specifications are an input, but the root cause is the testing
process's failure to require subgroup-level evaluation.
Question # 20
An organization's AI system for customer segmentation was developed using data from one
geographic market but is now being deployed globally. What is the PRIMARY AI lifecycle risk?
A. The system will be more expensive to operate globally. B. Training data may not represent global customer populations, leading to biased orinaccurate segmentation in new markets. C. Regulatory requirements may differ across markets. D. The vendor may not support global deployment.
Answer: B
Explanation:
Option A: A is incorrect. Operational cost is a business concern, not the primary AI lifecycle risk.
Option B (CORRECT): B is correct. AI systems trained on geographically specific data may not
generalize to different populations, cultures, and behaviors in other markets. This creates risk of biased
or inaccurate outputs, which is the primary lifecycle risk when repurposing models across markets.
Option C: C is incorrect. Regulatory differences are a compliance risk but secondary to the fundamental
model performance and bias risk from training data scope.
Option D: D is incorrect. Vendor support is a vendor management concern, not the primary AI lifecycle
risk.
Question # 21
What is the purpose of 'data lineage' in AI governance?
A. To track the geographic location where AI training data was collected. B. To document the origin, movement, transformation, and use of data throughout its lifecycle,enabling traceability and accountability. C. To record the names of data scientists who worked with the training data. D. To categorize training data by subject matter for model selection.
Answer: B
Explanation:
Option A: A is incorrect. Geographic origin is one possible metadata element but not the purpose of
data lineage.
Option B (CORRECT): B is correct. Data lineage provides a complete record of where data originated,
how it was moved, transformed, and used. This is essential for AI governance as it enables auditability,
supports bias investigation, and demonstrates compliance with data governance policies.
Option C: C is incorrect. Personnel records are not data lineage.
Option D: D is incorrect. Categorizing data by subject matter is a data classification activity, not data
lineage.
Question # 22
An organization is evaluating an AI vendor for a natural language processing system. Duringvendor due diligence, the risk team discovers the vendor's model was pre-trained on internetsourced data, which may contain biased or harmful content. The vendor offers a fine-tuned versionusing the organization's data. What is the MOST appropriate risk management action?
A. Accept the fine-tuned model and rely on the vendor's bias testing results. B. Require independent bias testing and red-team evaluation of the fine-tuned model beforedeployment, with contractual rights to ongoing auditing. C. Deploy the model in a limited pilot to assess bias in real-world conditions. D. Reject the vendor and source an alternative with no pre-training on internet data.
Answer: B
Explanation:
Option A: A is incorrect. Relying solely on the vendor's own bias testing is insufficient — vendors have
commercial incentives to present favorable results.
Option B (CORRECT): B is correct. Fine-tuning on organizational data may reduce but does not
eliminate bias from pre-training on biased internet data. Independent testing and red-team evaluation
provide assurance beyond vendor claims. Contractual audit rights protect the organization's ongoing
governance obligations.
Option C: C is incorrect. A pilot with potentially biased AI exposes real users to harm before
independent validation has been conducted.
Option D: D is incorrect. Most large language models are pre-trained on internet data. Outright rejection
may be impractical and ignores the effectiveness of fine-tuning with appropriate controls.
Question # 23
An organization is evaluating an AI vendor for a natural language processing system. Duringvendor due diligence, the risk team discovers the vendor's model was pre-trained on internetsourced data, which may contain biased or harmful content. The vendor offers a fine-tuned versionusing the organization's data. What is the MOST appropriate risk management action?
A. Accept the fine-tuned model and rely on the vendor's bias testing results. B. Require independent bias testing and red-team evaluation of the fine-tuned model beforedeployment, with contractual rights to ongoing auditing. C. Deploy the model in a limited pilot to assess bias in real-world conditions. D. Reject the vendor and source an alternative with no pre-training on internet data.
Answer: B
Explanation:
Option A: A is incorrect. Relying solely on the vendor's own bias testing is insufficient — vendors have
commercial incentives to present favorable results.
Option B (CORRECT): B is correct. Fine-tuning on organizational data may reduce but does not
eliminate bias from pre-training on biased internet data. Independent testing and red-team evaluation
provide assurance beyond vendor claims. Contractual audit rights protect the organization's ongoing
governance obligations.
Option C: C is incorrect. A pilot with potentially biased AI exposes real users to harm before
independent validation has been conducted.
Option D: D is incorrect. Most large language models are pre-trained on internet data. Outright rejection
may be impractical and ignores the effectiveness of fine-tuning with appropriate controls.
Question # 24
Which documentation is MOST critical to maintain for AI model governance throughout the AI
lifecycle?
A. Development team meeting notes. B. Model cards documenting intended use, training data, performance metrics, limitations, andrisk considerations. C. Vendor invoice records for AI training resources. D. Employee training completion records for the AI development team.
Answer: B
Explanation:
Option A: A is incorrect. Meeting notes are administrative records, not governance documentation for
the model.
Option B (CORRECT): B is correct. Model cards (or equivalent model documentation) are the primary
governance artifact for AI systems. They record intended use, training data characteristics, performance
benchmarks, limitations, and risk considerations — enabling oversight, auditability, and accountability
throughout the lifecycle.
Option C: C is incorrect. Invoice records are financial records, not AI governance documentation.
Option D: D is incorrect. Training completion records support competency management but are not
model governance documentation.
Question # 25
An organization is developing an AI system that processes sensitive customer data. During the
development phase, a developer proposes using real production data for model testing. What is
the PRIMARY risk concern and appropriate control?
A. Using production data increases model accuracy. Risk: none. B. Using production data creates privacy and security risks. Control: use anonymized orsynthetic data for testing. C. Using production data creates vendor contract risks. Control: obtain vendor approval. D. Using production data violates model development best practices. Control: retrain withsynthetic data.
Answer: B
Explanation:
Option A: A is incorrect. Using production data does create significant privacy and security risks.
Option B (CORRECT): B is correct. Using production data in a development/testing environment
creates significant privacy risks (potential data exposure, policy violations) and security risks
(development environments typically have fewer security controls than production). The appropriate
control is using anonymized or synthetic test data.
Option C: C is incorrect. Vendor contracts are secondary to the privacy and security risks of using
production data.
Option D: D is incorrect. This identifies a practice issue but misidentifies the primary risk as 'best
practice' rather than the substantive privacy and security concerns.
Feedback That Matters: Reviews of Our Isaca AAIR Dumps
Briella HowardJul 17, 2026
Completed the ISACA AAIR exam successfully after attending structured revision sessions. The Mycertshub material helped me connect audit, assurance, and risk concepts in a more practical way instead of just theory-heavy learning.
Juan José JiménezJul 16, 2026
My AAIR preparation journey felt more organized with Mycertshub. I gained a better understanding of how real audit environments apply risk and assurance principles through the scenario-based practice.
Isabella EspinozaJul 16, 2026
Consistent practice was what differentiated my ISACA AAIR exam preparation. I felt more confident on exam day because the questions made me think like an auditor rather than just memorizing definitions.