EXIN AICP Certification Sample Questions

01. An organization develops a high-risk AI system. During testing, the development team identifies various risks, including inconsistencies in data completeness and the presence of outdated records. These risks could negatively impact the model’s performance. The organization must comply with the AI Act. They use the CEN/CLC/TR 18115 framework to do so.
According to this framework,what should the organization do to address these risks?
a) Conduct a data protection impact assessment (DPIA) to address the fairness of AI decision-making
b) Encrypt all training and testing datasets using protocols to prevent unauthorized access to personal data
c) Implement general-purpose risk controls to reduce the mentioned operational and reputational risks
d) Improve the data quality by applying structured quality metrics and statistical evaluation methods

02. MedTech Diagnostics uses a high-risk AI system for diagnosing medical conditions from X-ray images. They have the following in place:
- The company has passed an external audit to ensure the AI system adheres to the AI Act's standards.
- A robust risk management framework identifies and mitigates potential issues, with contingency plans in place.
- Detailed records of the AI system's operations are securely stored for accountability and audits.
- Clear documentation and training are provided to users, explaining AI decision-making and limitations.
- All AI-generated diagnoses are reviewed by medical professionals before being finalized, integrating human judgment.
What else should the company implement?
a) They should add robust data governance procedures to maintain the reliability and fairness of their AI system.
b) They should ensure that the AI system can operate independently without any human intervention for efficiency.
c) They should implement a system to automatically override human decisions to speed up the diagnosis process.
d) They should include a feature that allows patients to directly modify their medical records based on AI
suggestions.

03. A business develops an AI system for fraud detection in financial transactions. This system analyzes transaction patterns to identify suspicious activities and prevent fraudulent behavior. Given the potential for false positives that could impact legitimate transactions and the evolving nature of fraud tactics, the business recognizes the need for effective safeguards.
The business must comply with the AI Act. To help prevent issues concerning false positives, the business uses the ISO/IEC 23894 standard.According to this standard, what should the business do to prevent these issues?
a) Enhance data privacy measures to protect sensitive information and comply with privacy regulations
b) Embed risk management into all activities to ensure comprehensive oversight and proactive risk mitigation
c) Focus on improving model accuracy to ensure reliable performance and minimize false positives
d) Implement cybersecurity measures to protect the system from external threats and unauthorized access

04. The AI Act describes several roles connected to an AI system. What is the definition of the role ‘importer of an AI system’?
a) A person or organization that places an AI system on the market but is not responsible for its original development.
b) A person or organization that designs, develops, and markets an AI system under their own name or trademark.
c) A person or organization that uses an AI system in their operations and ensures local compliance with user obligations.
d) A regulatory authority tasked with monitoring if the AI system is imported in compliance with the AI Act regulations.

05. A company developed an AI model that can be used in various industries, including healthcare and finance. Due to its wide application, the AI model carries potential risks to public health. What did the company develop, and which practices should the company implement according to the AI Act?
a) The company developed a high-risk AI system. It should implement all the requirements for high-risk AI systems as outlined in the AI Act.
b) The company developed a narrow AI model. It should ensure the model operates only within predefined parameters to prevent risks.
c) The company developed a general-purpose AI (GPAI) that carries systemic risks. It should conduct additional tests to mitigate the risks.
d) The company developed an experimental AI model. It should focus on research and development without immediate risk management.

06. A travel agency uses an AI system to develop dynamic, targeted marketing campaigns for their vacation packages. These campaigns include real-time advertisement placements on social media and travel platforms, using the individuals' browsing history.
The travel agency uses AI to infer the user’s emotional state and then suggests customized destinations and activities. The travel agency must comply with the AI Act.
What risk must the travel agency address?
a) The risk of misusing personal data. They should stop using AI-driven personalization because the AI Act forbids using personal data for targeted advertising.
b) The risk of lack of transparency. They should guarantee openness about the AI, reduce bias in suggestions, and evaluate if the advertising activities are ethical.
c) The risk of ineffective advertising activities. They should focus on updating the algorithm, because the AI Act does not cover personalized advertisements.
d) The risk of including potential biases. They should update the training data regularly to avoid suggesting irrelevant destinations or infer wrong emotional states.

07. An AI system for facial recognition is used for security purposes in public spaces. One organization is most relevant to overseeing compliance with data protection and privacy regulations, such as the General Data Protection Regulation (GDPR), for this AI system. Which organization is that?
a) The European Consumer Organization (BEUC)
b) The European Artificial Intelligence Board (EAIB)
c) The European Court of Justice (ECJ)
d) The European Data Protection Board (EDPB)

08. Under the AI Act, individuals affected by AI systems have specific rights to ensure transparency, fairness, and accountability. What is a right explicitly granted under the AI Act?
a) The right to be informed of interacting with or being affected by an AI system
b) The right to demand access to the source code of the AI system
c) The right to prohibit the use of AI in any decision-making process that involves them
d) The right to request deletion of personal data used by the AI system

09. According to the AI Act, what do accountability and compliance mean?
a) Accountability focuses on maintaining user privacy and data security, while compliance relates to the integration with existing IT infrastructure.
b) Accountability involves holding developers and operators in AI development responsible, and compliance means adhering to legal requirements.
c) Accountability is about ensuring that AI systems are profitable for developers, and compliance involves meeting user demands and preferences.
d) Accountability refers to AI users being accountable for correct use of the system, while compliance means following industry standards for AI innovation.

10. The AI Act is a piece of legislation created for the European Union (EU). In Article 1, the AI Act describes its objectives. What are the main objectives of the AI Act?
a) Harmonized rules for AI systems in the EU, prohibitions on certain AI practices, requirements for highrisk AI, transparency rules, market surveillance, and innovation support
b) Guidelines focused solely on environmental protection, with no specific rules for high-risk AI, no prohibitions, and innovation measures only for large corporations
c) Prohibitions on AI practices, rules for general-purpose AI only, transparency rules excluding high-risk AI, and support for innovation restricted to non-European entities
d) Rules for AI systems limited to safety and health, prohibitions on all AI practices, transparency rules only for high-risk AI, and innovation support excluding startups