Question #1 of 5 Question ID: 1506484

Which of the following Artificial Intelligence/Machine Learning (AI/ML) Risk and Security
(AIRS) classifications would most likely include learning limitations?

A) AI/ML attacks.
B) Compliance.
C) Testing and trust.
D) Inadequate governance.

Explanation

Inadequate governance (also known as data-related risks) includes learning limitations and
data quality. AI/ML systems are generally unable to apply judgment and to understand
context; such systems "learn" based only on the data provided during training.
Unfortunately, it is impractical to consider every conceivable situation.

(Book 5, Module 90.1, LO 90.a)

Question #2 of 5 Question ID: 1506487

Which of the following interpretable AI/ML systems is potentially the most accurate one?

A) Linear systems.
B) Rule-based systems.
C) Decision trees.
D) Bayesian rule lists.

Explanation

An example of a newer and potentially more accurate and sophisticated type of

interpretable AI/ML system is a scalable Bayesian rule list. More traditional and well-
known interpretable systems include linear systems, decision trees, and rule-based
systems with few learned coefficients or Boolean rules.

(Book 5, Module 90.2, LO 90.c)

Question #3 of 5 Question ID: 1506485

Which component of artificial intelligence (AI) governance is fundamental and is the initial
step to creating overall AI governance within an entity?

A) Framework.
B) Policies.
C) Definitions.
D) Inventory.

Explanation

As the initial step in creating AI governance, a clear definition of what is and what is not AI
is fundamental for an entity.

(Book 5, Module 90.1, LO 90.b)

Question #4 of 5 Question ID: 1506483

Which of the following Artificial Intelligence/Machine Learning (AI/ML) Risk and Security
(AIRS) classifications would most likely include training data poisoning?

A) Testing and trust.

B) Data-related risks.
C) AI/ML attacks.
D) Compliance.

Explanation

AI/ML attacks include data privacy attacks, training data poisoning, adversarial inputs, and
model extraction. Inadequate governance (also known as data-related risks) include
learning limitations and data quality.

(Book 5, Module 90.1, LO 90.a)

Question #5 of 5 Question ID: 1506486

Using the lines-of-defense model frequently used by financial institutions, which line covers
assurance?

A) Third line.
B) First line.
C) Second line.
D) Fourth line.

Explanation

The three-lines-of-defense model covers front line groups dealing with business risks (first
line), other risk oversight and independent challenge groups (second line) and assurance
(third line).

(Book 5, Module 90.1, LO 90.b)