Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. IAPP
  5. AIGP

IAPP AIGP Exam Questions
Artificial Intelligence Governance Professional (Page 6 )

Updated On: 21-Feb-2026
Page 6 of 40
PDF with 192 Questions

Within an established AI governance infrastructure, what might be the most effective governance action to handle third-party AI systems deemed to be high-risk?

  1. Align organizational impact assessment activities with relevant regulatory or legal requirements.
  2. Re-evaluate the purchase of the third-party AI system deemed to be high-risk, and consider other vendors.
  3. Establish policies for handling third-party system failures that include consideration of redundancy mechanisms for vital third-party AI system.
  4. Delegate the power, resources and authorization among executive leadership to perform risk management to each appropriate level throughout the management chain.

Answer(s): A

Explanation:

Aligning impact assessment activities with regulatory and legal requirements ensures that high-risk third-party AI systems are evaluated rigorously and managed in compliance with relevant standards.



CASE STUDY

Please use the following to answer the next question:

A premier payroll services company that employs thousands of people globally, is embarking on a new hiring campaign and wants to implement policies and procedures to identify and retain the best talent. The new talent will help the company's product team expand its payroll offerings to companies in the healthcare and transportation sectors, including in Asia.

It has become time consuming and expensive for HR to review all resumes, and they are concerned that human reviewers might be susceptible to bias.

To address these concerns, the company is considering using a third-party AI tool to screen resumes and assist with hiring. They have been talking to several vendors about possibly obtaining a third-party AI-enabled hiring solution, as long as it would achieve its goals and comply with all applicable laws.

The organization has a large procurement team that is responsible for the contracting of technology solutions. One of the procurement team's goals is to reduce costs, and it often prefers lower-cost solutions. Others within the company deploy technology solutions into the organization's operations in a responsible, cost-effective manner.

The organization is aware of the risks presented by AI hiring tools and wants to mitigate them. It also questions how best to organize and train its existing personnel to use the AI hiring tool responsibly. Their concerns are heightened by the fact that relevant laws vary across jurisdictions and continue to change.

Which of the following measures should the company adopt to best mitigate its risk of reputational harm from using the AI tool?

  1. Test the AI tool pre- and post-deployment.
  2. Ensure the vendor provides indemnification for the AI tool.
  3. Require the procurement and deployment teams to agree upon the AI tool.
  4. Continue to require the company's hiring personnel to manually screen all applicants.

Answer(s): A

Explanation:

Testing the AI tool before and after deployment helps identify biases and errors early, reducing the risk of reputational harm by ensuring the system performs fairly and reliably.



You are a privacy program manager at a large e-commerce company that uses an AI tool to deliver personalized product recommendations based on visitors' personal information that has been collected from the company website, the chatbot and public data the company has scraped from social media.

A user submits a data access request under an applicable US state privacy law, specifically seeking a copy of their personal data, including information used to create their profile for product recommendations.

What is the most challenging aspect of managing this request?

  1. Some of the visitor's data is synthetic data that the company does not have to provide to the data subject.
  2. The data subject's data is structured data that can be searched, compiled and reviewed only by an automated tool.
  3. The data subject is not entitled to receive a copy of their data because some of it was scraped from public sources.
  4. Some of the data subject's data is unstructured data and you cannot untangle it from the other data, including information about other individuals.

Answer(s): D

Explanation:

Unstructured data that cannot be easily separated from information about other individuals makes fulfilling the data access request complex while ensuring privacy for others.



An artist has been using an AI tool to create digital art and would like to ensure that it has copyright protection in the United States.

Which of the following is most likely to enable the artist to receive copyright protection?

  1. Ensure the tool was trained using publicly available content.
  2. Obtain a representation from the AI provider on how the tool works.
  3. Provide a log of the prompts the artist used to generate the images.
  4. Update the images in a creative way to demonstrate that it is the artist's.

Answer(s): D

Explanation:

Copyright protection typically requires a human author's creative input, so modifying AI-generated images in a creative way demonstrates the artist's originality needed for copyright.



A French medical research center wishes to develop an AI-based system which will predict the risk of serious diseases based on the patient's genetic data. In order to do so it contracts with a tech company and provides it with patients' data previously obtained by the center during the research.

To guarantee compliance when processing special categories of personal data, the medical research center must ensure that:

  1. The AI-based system is designed for the purposes of preventive medicine.
  2. The patients' health and genetic data is anonymized.
  3. The patients have given explicit consent to using the data.
  4. The tech company is located in the EU and is not cloud-based.

Answer(s): C

Explanation:

Processing special categories of personal data, like health and genetic data, requires explicit consent from patients to ensure compliance with data protection laws.






Post your Comments and Discuss IAPP AIGP exam dumps with other Community members:

Join the AIGP Discussion