ISACA Advanced in AI Audit (AAIA) - Isaca Actual Exam Questions
Last updated on April 30, 2026
When an IS auditor uses generative AI with external RAG (retrieval-augmented generation) to gather evidence during an audit, which of the following poses the GREATEST data security risk?
Sensitive internal context may be included in queries sent to external services.
Personal information may be shared based on model training data.
External search engines only respond to public data.
The model might fail to retrieve data from the vector.
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
An IS auditor is interviewing management about implemented controls around machine learning (ML) models deployed in the production environment. Which of the following schedules for reviewing the performance of a deployed model would be of GREATEST concern to the auditor?
After changes to hardware and software platforms
After functionality changes
One time prior to migrating to production
On an annual recurring basis
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
An IS auditor is evaluating an organization’s data governance controls for its AI system. Which of the following represents the GREATEST risk in this context?
Inconsistent data management practices
Lack of procedures for automated data backup
Limited frequency of AI system performance and data accuracy reviews
Inadequate controls over data accuracy and privacy compliance
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
Which of the following testing techniques would BEST validate whether an organization's data governance program effectively ensures data quality and integrity for AI model training and deployment?
Performing a business impact analysis (BIA) to assess the consequences of AI model failure
Reviewing the organization’s AI software development life cycle documentation
Conducting a penetration test to identify vulnerabilities in the model
Assessing data lineage to verify the traceability of data sources
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
Which of the following is MOST important to consider when evaluating ethical risk related to data used for training an AI model?
Ability to generate diverse outputs
Sensitivity and origin of training data
Frequency of model updates
Cleaning and validation methods for training data
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
Finish Practice?
Are you sure you want to finish? This will end your practice session.