Practice AI0-001 AI Security, Ethics and Governance questions with full explanations on every answer.
Start practicing
AI Security, Ethics and Governance — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
A healthcare organization deploys an AI system to analyze medical images and detect anomalies. During a routine audit, the security team discovers that the AI model occasionally returns results that include data from patients who have opted out of data sharing. Which security control should be implemented to prevent this violation?
2A financial institution is implementing an AI-based fraud detection system. The compliance officer is concerned about potential bias in the model that could lead to unfair treatment of certain customer groups. Which governance practice should be prioritized to address this concern?
3A company uses a machine learning model to recommend products to customers. The marketing team notices that the model is recommending high-profit items more frequently than low-profit items, even when customers are likely to prefer the latter. This behavior is causing customer dissatisfaction. Which approach would best align the model with customer preferences while maintaining profitability?
4An AI system used for resume screening is found to consistently rank male candidates higher than female candidates with similar qualifications. The HR director wants to remediate this bias without significantly reducing model accuracy. Which technique should be applied?
5A company is developing an AI chatbot for customer service. The legal team is concerned that the chatbot might generate responses that violate privacy regulations. Which governance mechanism should be implemented to mitigate this risk?
6A self-driving car company is testing an AI model for pedestrian detection. During simulation, the model fails to detect pedestrians in low-light conditions. The safety team wants to improve robustness without retraining the entire model from scratch. Which approach is most appropriate?
7An e-commerce company uses an AI system to set dynamic prices for products. A customer complains that the price they see is higher than the price shown to a friend for the same product at the same time. The company wants to ensure pricing fairness. Which ethical principle should guide the redesign of the pricing algorithm?
8Which TWO of the following are best practices for securing an AI model against adversarial attacks?
9Which THREE of the following are key components of an AI governance framework?
10Which TWO of the following are effective techniques to detect data poisoning attacks in a training dataset?
11A healthcare organization is deploying an AI system to analyze patient records and recommend treatment plans. To comply with data privacy regulations, what is the most important security measure to implement?
12A financial institution uses an AI model to approve loan applications. The model was trained on historical data that included biased lending practices. The bank's ethics committee wants to mitigate bias without removing protected attributes. Which approach best balances fairness and model performance?
13A company is developing an AI chatbot for customer service. They want to ensure the bot does not generate offensive or harmful responses. Which governance practice should be implemented first?
14An AI system used for autonomous driving is found to have a lower accuracy in detecting pedestrians with darker skin tones. The development team wants to address this ethical issue. Which action is most effective?
15Which TWO practices are most effective for ensuring the security of an AI model against adversarial attacks?
16A security analyst reviews the log file from an AI model server. What is the most likely cause of the crash?
17You are a security engineer at a large e-commerce company that uses an AI-based recommendation system. The system is deployed on a Kubernetes cluster and uses a TensorFlow model served via REST API. Recently, the security team detected unusual API calls that caused the model to return incorrect recommendations. Analysis shows that the inputs were crafted to maximize prediction error. The team suspects an adversarial attack. You need to implement a solution that detects and mitigates such attacks in real-time without requiring model retraining. Which approach should you take?
18You are an AI governance officer at a bank that uses a machine learning model to predict credit risk. The model was developed by an external vendor and uses a proprietary algorithm. The bank's compliance team has determined that the model must be explainable to meet regulatory requirements. However, the vendor claims the model is a 'black box' and cannot provide explanations. You need to ensure compliance while maintaining the model's performance. What is the best course of action?
19A security analyst notices that an AI model used for facial recognition is returning unusually high confidence scores for certain individuals while consistently misidentifying others. Which type of attack is most likely occurring?
20A bank deploys an AI system to approve loan applications. During testing, the model denies a disproportionate number of applicants from a particular demographic group, even after controlling for credit history. Which ethical principle is being violated?
21An organization implements AI governance following the NIST AI Risk Management Framework. They need to ensure that all model decisions are logged with sufficient detail for later audit. Which logging requirement is most critical for traceability?
22A healthcare organization uses an AI model to predict patient readmission risk. To comply with patient privacy regulations, they apply differential privacy during training. What is the primary trade-off of using differential privacy?
23A cybersecurity analyst monitors an AI chatbot that frequently produces offensive responses when given specific prompts. The development team suspects an adversarial attack. Which mitigation strategy is most effective against such prompt injection attacks?
24A company's AI governance board requires each model to have a model card documenting intended use, performance metrics, and limitations. What is the primary purpose of a model card?
25A data scientist trains a sentiment analysis model on user reviews. To ensure transparency, they want to explain why the model classified a particular review as negative. Which explainability technique should they use?
26An AI system in a self-driving car misinterprets a stop sign due to a small sticker placed on it. This is an example of which security vulnerability?
27A multinational corporation deploys an AI recruitment tool that must comply with GDPR's right to explanation. Which practice best ensures the tool meets this requirement?
28Which TWO of the following are effective techniques for detecting bias in an AI model?
29Which THREE of the following are key components of an AI governance framework?
30Which TWO of the following are common threats to AI model security?
31Refer to the exhibit. A security analyst reviews the monitoring log for an AI fraud detection model. Which of the following is the most likely cause of the multiple alerts?
32Refer to the exhibit. A security engineer is reviewing an AI access control policy. Which of the following is the most significant security weakness in this policy?
33Refer to the exhibit. A system administrator sees these logs from an AI inference pipeline. What is the most likely sequence of events?
34A security team discovers that an AI-based anomaly detection system frequently misclassifies benign network traffic as malicious when the source IP is from a specific geographic region. Which type of AI vulnerability is most likely being exploited?
35A healthcare organization uses an AI model to recommend treatment plans. The model was trained on data from a single hospital, and now treats patients from multiple demographics. Which ethical concern is most critical?
36An AI system used for resume screening is found to consistently reject female candidates for technical roles. The data science team retrains the model after removing the 'gender' feature, but the bias persists. What is the most likely cause?
37A company implements an AI-based chatbot for customer service. After deployment, customers report that the chatbot sometimes uses offensive language. The development team reviews the training data and finds no explicit offensive content. What is the most likely explanation?
38An organization wants to ensure its AI systems comply with new regulations requiring explanations for automated decisions. Which governance practice is most directly relevant?
39A financial institution uses an AI model to approve loans. The model uses features including credit score and ZIP code. During an audit, it is discovered that the model has a high false positive rate for loan default predictions in certain ZIP codes. What should the institution do to address this?
40A team is deploying an AI model that predicts patient readmission risk. The model was trained on data from three hospitals but will be used in a fourth hospital with different patient demographics. What is the most important security risk to assess?
41An AI development team is building a system to detect fraudulent transactions. They want to ensure the model complies with regulations requiring that individuals can question automated decisions. Which governance element is most relevant?
42A security researcher demonstrates that by adding small perturbations to an image of a stop sign, an autonomous vehicle's AI misclassifies it as a speed limit sign. This is an example of which type of attack?
43Which TWO of the following are common methods for mitigating bias in AI models?
44Which THREE of the following are key principles of AI ethics as defined by major frameworks?
45Which TWO of the following are effective defenses against adversarial evasion attacks on image classifiers?
46A bank uses an AI model to approve loans. During an audit, it is found that the model denies loans at a higher rate for a certain ethnic group. Which governance principle is primarily violated?
47A company deployed an AI chatbot that started generating offensive responses after a data update. The security team needs to quickly mitigate the issue. What should they do first?
48An organization wants to implement an AI ethics board. Which composition best ensures independence and expertise?
49A healthcare AI system misdiagnosed patients due to adversarial inputs. What security measure should be prioritized?
50Which practice best ensures AI systems comply with regulations like GDPR?
51An AI model's performance drops significantly in production compared to testing. The data shows distribution shift. What is the best first step?
52An organization uses an AI-based hiring tool. To prevent bias, they want to ensure the model's decisions are explainable. Which approach is most suitable?
53A social media company's AI recommendation system pushes extreme content to users, causing harm. Which ethical principle is most violated?
54During a red-team exercise on an AI model, testers successfully extracted training data. Which vulnerability is this?
55Which TWO are key requirements for AI governance under the EU AI Act for high-risk AI systems? (Choose two.)
56Which THREE are effective methods for ensuring data privacy in AI training? (Choose three.)
57Which TWO are common attack vectors against AI systems? (Choose two.)
58Refer to the exhibit. An auditor reports that the model's fairness check was bypassed in a recent deployment. Based on the policy, what is the most likely cause?
59Refer to the exhibit. An AI governance review finds that a model was deployed without required ethics approval. Based on the audit log, who is most responsible for the compliance failure?
60Refer to the exhibit. A security auditor identifies a critical vulnerability that could allow an attacker to manipulate model inputs to cause misclassification. Which configuration setting is most directly responsible for this vulnerability?
61A healthcare AI system used for diagnosis shows a significant accuracy difference between demographic groups. Which technique should be applied to directly reduce this bias during model training?
62Which principle ensures that AI decisions can be traced back and understood by humans?
63A financial institution uses a deep learning model for loan approvals. Under the EU AI Act, this is considered a high-risk AI system. Which mandatory requirement must the institution fulfill before deployment?
64An image classification model misclassifies a stop sign as a speed limit sign after a few pixels are altered. What is the most effective defense against such attacks?
65Which ethical concern is most directly associated with AI systems that fully automate decision-making without human oversight?
66A research lab trains a language model using DP-SGD. What primary privacy risk does this technique mitigate?
67Which AI governance framework is specifically designed by the U.S. National Institute of Standards and Technology (NIST) to help organizations manage AI risks?
68What is the primary function of an AI ethics board within an organization?
69After deploying a model for fraud detection, the data scientist observes a steady decline in precision over two months. Which issue is most likely occurring?
70Which TWO are common types of adversarial attacks on AI models?
71Which THREE are key principles of trustworthy AI according to the OECD?
72Which TWO techniques are specifically designed to protect individual privacy when training AI models?
73Refer to the exhibit. Which assessment is most critical for ethical deployment?
74Refer to the exhibit. Which model is NOT in full compliance with the policy?
75A large hospital system deploys an AI triage system for emergency rooms. The system uses patient vitals and symptoms to recommend treatment priority. Six months after deployment, complaints arise that the system frequently underestimates the severity of symptoms for patients from certain ethnic backgrounds. A data scientist runs a bias audit and finds that the model's false negative rate is 20% higher for the minority group. The hospital's AI governance board requires immediate corrective action. The data science team has limited resources and cannot retrain the entire model from scratch. They have access to the training data, which is imbalanced. The model is a gradient boosted tree. Which course of action best addresses the bias while minimizing operational impact?
76A security analyst is reviewing logs from an AI-powered recommendation system and notices an unusually high number of requests for products from a specific vendor. The analyst suspects data poisoning. Which mitigation strategy should be implemented first?
77A healthcare startup deploys an AI model to predict patient readmission rates. An internal audit reveals that the model consistently underestimates readmission risk for non-native English speakers. According to AI ethics principles, what is the most appropriate course of action?
78During a penetration test, a security engineer discovers that an AI-powered chatbot can be tricked into revealing sensitive customer data by using specially crafted prompts. What type of attack is this, and what is the best mitigation?
79A financial institution uses an AI model to approve small business loans. The model has a high approval rate for women-owned businesses but low for minority-owned businesses. The compliance officer is concerned about disparate impact. Which governance process should be implemented first?
80An organization deploys an AI system that processes personal data of EU citizens. Which regulatory framework imposes strict requirements on automated decision-making and profiling?
81Which TWO of the following are common techniques to improve the transparency and interpretability of an AI model?
82Which TWO of the following are effective defenses against adversarial examples in AI systems?
83Which THREE of the following are key principles of trustworthy AI as defined by major regulatory bodies?
84A large e-commerce company uses a recommendation engine trained on millions of user interactions. Recently, the marketing team noticed a sharp increase in click-through rates for a particular product category. Upon investigation, an engineer found that a competitor had injected fake user profiles that consistently clicked on their products, skewing the training data. The company needs to remediate the attack and prevent future occurrences. The team has limited time and budget. Which course of action should the company take first?
85A hospital deploys an AI diagnostic assistant that analyzes medical images. The system has been in use for six months, and radiologists have reported that the AI is increasingly confident in its predictions, but sometimes misses rare conditions. The AI ethics board is concerned about overreliance and potential harm from false negatives. They want to implement a governance framework that ensures appropriate human oversight. The hospital has a limited IT budget. What is the best approach?
86A social media company uses an AI content moderation system to filter hate speech. The system uses a natural language processing model trained on user reports. Recently, the model's false positive rate has increased, blocking legitimate posts. An internal audit reveals that a coordinated group of users has been falsely reporting harmless posts, causing the model to learn incorrect patterns. The company needs to address the attack and restore accuracy. The engineering team can modify the training pipeline. What is the most effective first step?
87A credit union uses an AI model to approve personal loans. The model was trained on historical data from the past five years. A recent internal review shows that the model approves loans predominantly for white applicants compared to other ethnicities, even when income and credit scores are similar. The credit union wants to comply with fair lending laws without significantly reducing overall approval rates. The data science team has access to the training data. What is the most appropriate remediation step?
88A national security agency uses AI to analyze surveillance data for threat detection. The system is deployed in a high-stakes environment where false negatives could lead to missed threats, and false positives waste analyst time. Recently, a known hacker group attempted to evade detection by subtly modifying their communication patterns over time, a form of adversarial evasion. The agency wants to harden the system while maintaining performance. The system uses a deep neural network. Which mitigation strategy is most appropriate?
89A startup develops an AI recruiting tool that screens resumes. After deployment, they receive a complaint from a candidate who claims the system rejected them due to age discrimination. The startup has no formal AI governance process. They want to quickly assess and remediate the issue. The dataset includes age as a feature. What should they do first?
90A manufacturing company uses a predictive maintenance AI system to schedule equipment repairs. The system was trained on sensor data from machinery. Recently, the system has been missing failures, leading to unexpected downtime. An investigation reveals that the sensor data from one plant has been corrupted due to a sensor malfunction. The corrupted data was used in retraining. The company needs to restore system accuracy quickly. The data science team can access the training logs. What is the best course of action?
91Which TWO of the following are essential components of a responsible AI governance framework?
92An organization implements the above access control policy for its AI model registry. During an audit, the auditor discovers that a data scientist deployed a model to production without authorization. Which of the following is the most likely cause?
93A financial services firm deploys an AI system to screen loan applications. The model was trained on historical data that reflected biased lending practices. After deployment, a regulatory body investigates and finds that the model denies loans at a disproportionately higher rate to a protected demographic group. The firm must address this issue while maintaining compliance with fair lending laws. The Chief AI Officer proposes four possible actions. Which action is the most appropriate first step?
The AI Security, Ethics and Governance domain covers the key concepts tested in this area of the AI0-001 exam blueprint published by CompTIA. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all AI0-001 domains — no account required.
The Courseiva AI0-001 question bank contains 93 questions in the AI Security, Ethics and Governance domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the AI Security, Ethics and Governance domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included