Free IAPP AIGP Practice Exam with Questions & Answers | Set: 3

Post-deployment AI maintenance typically includes ensuring that all model components are subject to a control framework, dedicating experts to continually monitor the model output, and evaluating the need for audits under certain standards. However, defining thresholds to conduct new impact assessments is usually part of the initial deployment and ongoing governance processes rather than a maintenance activity. Maintenance focuses more on the operational aspects of the AI system rather than setting new thresholds for impact assessments.

Developing a social media presence for a non-profit is best served by non-AI solutions. This task primarily involves content creation, community engagement, and strategic planning, which are effectively managed by human expertise and traditional marketing tools. AI is more suitable for tasks requiring automation, large-scale data analysis, and personalized recommendations, such as e-commerce personalization, forecasting cost overruns, or automating customer service responses. Reference: AIGP Body of Knowledge on AI Use Cases and Applications.

An AI system that maintains its level of performance within defined acceptable limits despite real-world or adversarial conditions is described as resilient. Resilience in AI refers to the system ' s ability to withstand and recover from unexpected challenges, such as cyber-attacks, hardware failures, or unusual input data. This characteristic ensures that the AI system can continue to function effectively and reliably in various conditions, maintaining performance and integrity. Robustness, on the other hand, focuses on the system ' s strength against errors, while reliability ensures consistent performance over time. Resilience combines these aspects with the capacity to adapt and recover.

Business A is integrating a generative AI model licensed from a third party (Business B) and is primarily concerned with the risk of toxic or obscene outputs being delivered to users. In this scenario,testing and validationof the AI model for such content risks is the most direct and effective governance strategy.

According to theAI Governance in Practice Report 2025, organizations thatdeployAI must engage inperformance monitoring protocolsand ensure systems perform adequately for theirintended purposes, including filtering harmful content:

“Operational governance… development of: →Performance monitoring protocols to ensure systems perform adequately for their intended purposes.” (p. 12)

“Product governance... includes: →System impact assessments to identify and address risk prior to product development or deployment.” (p. 11)

Furthermore, under theEU AI Act, which sets the global standard many organizations aim to align with, there is a clear obligation to test and monitor systems for potential harmful behavior:

“The act imposes regulatory obligations… such as establishing appropriate accountability structures,assessing system impact, providing technical documentation,establishing risk management protocols and monitoring performance...” (p. 7)

Option B directly reflects this best practice ofpre-deployment testing and validationto ensure that the model aligns with Business A’s minimum content safety requirements.

Let’s now evaluate the incorrect options:

A. Fine-tuning on verified user-generated textmay improve model alignment but does not guarantee that the model will generalize correctly, especially if Business A lacks access to model internals (common in third-party licensing scenarios). Fine-tuning also introduces its own risks and may be contractually restricted.

C. A user reporting featureisreactive, not preventive. While helpful for long-term monitoring and mitigation, it does not prevent the initial harm of toxic outputs, which isBusiness A ' s primary concern.

D. Requesting documentation from Business Bis useful for transparency and risk management, but it does not replaceindependent verificationthat the model meets Business A’s content safety standards.

Thus,testing the model ' s behavior for unacceptable outputs before deploymentis the most aligned approach with AI governance best practices and obligations.

Providing the loan applicants with information about the model capabilities and limitations would not directly support fairness testing by the compliance team. Fairness testing focuses on evaluating the model ' s decisions for biases and ensuring equitable treatment across different demographic groups, rather than informing applicants about the model.

The most significant risk from combining the healthcare network’s existing data with the clinical research partner data is privacy risk. Combining data sets, especially in healthcare, often involves handling sensitive information that could lead to privacy breaches if not managed properly. De-identified data can still pose re-identification risks when combined with other data sets. Ensuring privacy involves implementing robust data protection measures, maintaining compliance with privacy regulations such as HIPAA, and conducting thorough privacy impact assessments. Reference: AIGP Body of Knowledge on Data Privacy and Security.

The IEEE 7000-2021 Standard focuses on a value-based engineering methodology for addressing ethical concerns during system design. This standard guides engineers and organizations in integrating ethical considerations into the design and development processes of AI systems, ensuring that these technologies are developed responsibly and align with human values. Reference: AIGP Study Material, section on risk management frameworks and standards.

The correct answer is A because the first step in any AI project lifecycle is to clearly define the business objective and justify the use of AI. AI governance frameworks emphasize that planning begins with understanding the purpose, value, and necessity of the system before moving into design or risk assessment stages. Establishing a business case ensures alignment with organizational goals, identifies expected benefits, and evaluates whether AI is the appropriate solution. This step corresponds to the planning phase of the AI lifecycle, where objectives and intended outcomes are documented. In contrast, TEVV processes occur during development and testing, while impact assessments and redress considerations arise later as part of risk management and governance. Starting with a clear “why AI” foundation ensures responsible, efficient, and goal-oriented system development.

The correct answer is.C This action ties directly into principles of data minimization, purpose limitation, and lawfulness of processing, which are central to privacy and AI governance.

From the AIGP Body of Knowledge, Section on Privacy Considerations:

“Personal data must only be processed for specified and lawful purposes. Organizations must consider whether they have a legal basis for processing such data under data protection laws like the GDPR or CCPA.”

Additionally, AI Governance in Practice Report 2025 emphasizes:

“One of the most significant challenges when designing and developing AI systems is ensuring the data used is appropriate for the intended purpose… Managing unnecessary data, especially data that may contain sensitive attributes, can increase risk.”

===========

Conformity assessmentsare a core requirement under theEU AI Actfor high-risk systems and serve to confirm that the AI meetsregulatory, safety, and ethical standardsbefore it is put into production.

From theAI Governance in Practice Report 2025:

“Conformity assessments… ensure that systems comply with legal requirements, safety criteria, and intended purpose before being placed on the market.” (p. 34)

“They are a critical step to demonstrate safety and trustworthiness in AI deployment.” (p. 35)