IAPP AIGP Certification Sample Questions

01. When assessing the success of an AI system in meeting its objectives, which of the following approaches best aligns with the requirement to ensure a comprehensive evaluation while avoiding automation bias?
a) Evaluate and align pre-defined benchmarks which will provide evidence of having achieved your system goals.
b) Rely on the AI system's output to determine if the goals were achieved as this will provide a reliable and objective measure.
c) Focus on user feedback about the AI system's performance to directly measure the system’s effectiveness in meeting the objectives.
d) Conduct a thorough review that includes the AI system's input and output data, human interpretation, and potential secondary or unintended outputs.

02. Your company is developing an AI system for global markets. This system involves personal data processing and some decision making that may affect rights of the individuals. Part of your role as an AI governance professional is to ensure the AI system complies with various international regulatory requirements.
Which of the following approaches best aligns with a comprehensive understanding of and compliance with AI regulatory requirements in this scenario?
a) Focus on the EU AI Act as it is the most comprehensive regulation and its likely compliance with the act will ensure compliance with other international regulations that apply to AI.
b) Consider that if the AI system complies with local regulations of the country where the company is based, it is not necessary to comply with international regulations as AI is adaptable globally.
c) Develop a compliance strategy based on the strictest requirements in various regulations, including the EU AI Act, GDPR and HIPAA, and harmonize into a unified compliance framework.
d) Adopt a region-specific compliance strategy where the AI is modified to meet regulatory requirements of each region independently, disregarding commonalities or overlaps in international regulations.

03. Under the EU AI Act, which category includes AI systems that pose unacceptable risks and are generally prohibited?
a) High-risk AI
b) Limited-risk AI
c) Minimal-risk AI
d) Prohibited AI

04. Why must AI governance policies address third-party AI systems?
a) Liability may still attach to deployers
b) Third parties are exempt from regulation
c) Third-party models are always open source
d) External systems cannot cause harm

05. An organization establishes a cross-functional AI governance committee including legal, engineering, compliance, and HR teams. What is the primary purpose of this approach?
a) To accelerate AI deployment timelines
b) To centralize technical decision-making
c) To ensure diverse expertise and risk perspectives
d) To reduce the need for external audits

06. WonderTemp, a temporary staffing company, terminated most of its employees after implementing a virtual assistant to help write emails, policies and marketing materials, and answer client questions. Three months later, WonderTemp learns that four of its biggest clients are not renewing their contracts because the work product from WonderTemp is full of inaccuracies.
Based on these facts, what type(s) of harm has WonderTemp suffered as a result of their reliance on the virtual assistant?
a) Legal and regulatory harm.
b) Individual and societal harm.
c) Economic and reputational harm.
d) Disinformation and reportable harm.

07. Sam Simon is charged with implementing an AI governance program at his company, Spenger Inc. The company has implemented some AI systems already but has not really considered the risks involved and wants to ensure it has solid procedures and policies in place.
Sam researches how to build an AI governance program, including talking with some of the company's other risk management professionals and the legal department to determine the best way to begin. Sam knows an algorithmic impact assessment is necessary to manage AI risks and adopt responsible, ethical AI practices, but he is not sure where to begin.
Which of the following options will help ensure the assessment is both appropriate and effective. What should Sam do first?
a) Leverage an existing impact assessment and tailor it to cover any gaps for AI.
b) Make sure the organization has secured the proper funding for the AI system.
c) Notify employees who will use the system about any necessary risk mitigation.
d) Confirm whether the AI system has been approved by the appropriate regulators.

08. Which risk category addresses situations where AI systems behave in ways inconsistent with their intended objectives?
a) Data leakage risk
b) Misalignment risk
c) Availability risk
d) Vendor lock-in risk

09. A regulator has ruled that the AI model used by some features of your product should not be used in their jurisdiction. What is the most robust way of reacting to this situation?
a) Shut down the service in the jurisdiction to pressure the regulator to change their position.
b) Create a second, separate version of the application and deploy it to users in the jurisdiction.
c) Implement a feature flag to enable or disable the features based on a user’s country of origin.
d) Re-train your AI model and deploy it immediately to show you can react quickly to regulator’s requirements.

10. Before training an AI model, which activity best supports governance and risk mitigation?
a) Selecting the largest available dataset
b) Performing an AI impact assessment
c) Deploying the model in a test environment
d) Publishing a transparency notice