CCNA Aio Ai Governance Ethics Questions

75 of 85 questions · Page 1/2 · Aio Ai Governance Ethics topic · Answers revealed

1
MCQmedium

An AI risk manager is applying the NIST AI Risk Management Framework (AI RMF). In which function would the organization establish a risk management process and assign roles and responsibilities for AI oversight?

A.Map
B.Manage
C.Govern
D.Measure
AnswerC

Govern includes setting up risk management processes, roles, and responsibilities across the AI lifecycle.

Why this answer

The Govern function in the NIST AI RMF is specifically designed to establish organizational structures, policies, and accountability mechanisms for AI risk management. This includes defining roles and responsibilities, setting risk management processes, and ensuring oversight across the AI lifecycle. The other functions (Map, Measure, Manage) focus on different aspects such as understanding context, assessing risks, and treating risks, respectively.

Exam trap

Cisco often tests the misconception that 'Manage' is the catch-all function for all risk-related activities, but the trap here is that Manage specifically addresses risk treatment after assessment, while Govern is the distinct function for establishing the overarching risk management process and accountability structure.

How to eliminate wrong answers

Option A is wrong because the Map function focuses on understanding the AI system's context, including its intended use, stakeholders, and potential impacts, not on establishing governance structures or assigning roles. Option B is wrong because the Manage function deals with prioritizing, responding to, and treating identified risks after they have been assessed, not with setting up the initial risk management process or assigning oversight roles. Option D is wrong because the Measure function involves quantitative and qualitative assessment of AI risks, including metrics and monitoring, but does not cover the establishment of governance processes or role assignment.

2
MCQmedium

A company is training a large language model and wants to reduce its carbon footprint. Which practice is MOST effective for reducing training energy consumption while maintaining model quality?

A.Increase the batch size to the maximum the GPU memory allows
B.Use a larger model architecture to achieve higher accuracy faster
C.Use mixed-precision training and prune unnecessary parameters
D.Train the model on CPUs instead of GPUs
AnswerC

Mixed-precision training reduces compute and memory usage, and pruning reduces model size, both lowering energy consumption.

Why this answer

Green AI practices include using more efficient hardware (like GPUs with lower power draw), model pruning, and early stopping. Using CPUs is slower and less efficient. Increasing batch size without tuning can hurt convergence.

Using a larger model increases energy. Training on renewable energy reduces the carbon impact but does not reduce energy consumption itself.

3
MCQmedium

A healthcare AI startup is developing a model to predict patient readmission risk. The company wants to ensure the model's decisions can be understood by clinicians. Which explainability technique provides local, model-agnostic explanations by fitting a simple surrogate model around a prediction?

A.SHAP values
B.LIME
C.Attention visualisation
D.Model cards
AnswerB

LIME trains a local surrogate model (e.g., linear model) to approximate the complex model's behavior near a specific prediction.

Why this answer

LIME (Local Interpretable Model-agnostic Explanations) is the correct technique because it generates local explanations by fitting a simple, interpretable surrogate model (e.g., linear regression or decision tree) around a specific prediction. It is model-agnostic, meaning it works with any black-box classifier, and it perturbs the input data near the instance of interest to understand which features most influenced the prediction.

Exam trap

Cisco often tests the distinction between local vs. global explanations and model-agnostic vs. model-specific techniques, so candidates may confuse SHAP (which is also local and model-agnostic) with LIME because both provide feature importance, but SHAP does not use a surrogate model.

How to eliminate wrong answers

Option A is wrong because SHAP values provide both local and global explanations based on cooperative game theory (Shapley values), but they are not a surrogate model; they compute additive feature importance scores directly from the model's output. Option C is wrong because attention visualization is a technique specific to neural network architectures (e.g., transformers) and is not model-agnostic; it relies on internal attention weights, which are not available for arbitrary models. Option D is wrong because model cards are documentation artifacts that describe a model's intended use, performance, and limitations; they do not generate local explanations for individual predictions.

4
Multi-Selectmedium

A company wants to adopt green AI practices to reduce the environmental impact of training large models. Which TWO actions are most effective?

Select 2 answers
A.Use efficient model architectures (e.g., pruning, quantization)
B.Use larger datasets to improve accuracy
C.Train models only on weekends
D.Train models in the cloud to offload energy costs
E.Use energy-efficient hardware (e.g., TPUs or optimized GPUs)
AnswersA, E

Efficient architectures reduce computational requirements.

Why this answer

Using energy-efficient hardware (A) and selecting efficient model architectures (E) directly reduce energy consumption. Cloud optimization (B) may help but is less direct; training on weekends (C) does not affect total energy; using larger datasets (D) increases energy use.

5
MCQmedium

A company wants to reduce the carbon footprint of training large AI models. Which practice is MOST effective for achieving 'Green AI'?

A.Train on larger datasets to improve accuracy
B.Prune the model to reduce its size before training
C.Use more powerful GPUs to speed up training
D.Use older, less efficient hardware to save on manufacturing emissions
AnswerB

Pruning reduces the number of parameters and computations, directly lowering energy consumption.

Why this answer

Green AI practices focus on reducing computational and environmental costs. Using model pruning reduces model size and computational requirements. Using more GPUs increases energy consumption.

Training with larger datasets increases compute. Using older hardware is often less energy-efficient.

6
MCQeasy

A company is considering using an open-source large language model for a commercial application. Which intellectual property consideration is MOST important when deciding between open-source and proprietary models?

A.The model's license terms and any restrictions on commercial use
B.The model's accuracy on benchmark tasks
C.The size of the model's parameter count
D.The model's training data provenance
AnswerA

The license defines what you can and cannot do with the model commercially, which is the primary IP consideration.

Why this answer

Understanding the model's license is critical because open-source licenses can have restrictions on commercial use, attribution requirements, or copyleft provisions that affect how the model can be used and distributed. The other options are less directly relevant to the open vs proprietary decision.

7
MCQhard

A financial institution is deploying an AI system to approve personal loans. To comply with the EU AI Act's high-risk AI requirements, the bank must ensure meaningful human oversight. Which implementation BEST satisfies this requirement?

A.Require a human to review and approve every loan decision before it becomes final
B.Use a separate AI model to audit the primary AI's decisions weekly
C.Allow applicants to appeal AI decisions through a customer service process
D.Provide a dashboard showing the AI's confidence score for each application
AnswerA

Human-in-the-loop with mandatory approval ensures that the human can override the AI's decision, fulfilling the oversight requirement.

Why this answer

The EU AI Act requires that high-risk AI systems allow for human oversight, including the ability to override or reverse the system's decisions. A mandatory human review before final approval ensures that the human can intervene. The other options either do not provide effective oversight or allow for rubber-stamping.

8
Multi-Selectmedium

A financial institution wants to use AI for loan approvals and must comply with fair lending laws. Which TWO practices should the institution adopt to mitigate bias and ensure compliance?

Select 2 answers
A.Remove all features except credit score to avoid bias
B.Use a black-box model without explainability to protect intellectual property
C.Use only demographic features to ensure equal treatment
D.Apply fairness-aware machine learning techniques during model training
E.Conduct disparate impact analysis on model outcomes
AnswersD, E

Fairness-aware algorithms can reduce bias during training.

Why this answer

To mitigate bias, using fairness-aware algorithms and conducting disparate impact analysis are direct steps. Using only demographic data is illegal (redlining). Removing all features reduces model utility.

A black-box model without explanation would hinder compliance.

9
MCQmedium

A company using an AI-based hiring tool receives a candidate request for explanation of an automated rejection. Which GDPR principle is most directly relevant?

A.Right to erasure
B.Right to data portability
C.Right to access
D.Right to explanation
AnswerD

Article 22 and Recitals 71-72 of GDPR provide a right to explanation of decisions based solely on automated processing.

Why this answer

The GDPR includes a right to explanation for automated individual decision-making, including profiling. The right to access is broader. The right to erasure is about deletion.

The right to data portability is about data transfer.

10
Multi-Selectmedium

A company is developing an AI policy for internal use. According to corporate AI governance best practices, which TWO components are essential for the policy?

Select 2 answers
A.Definition of roles and responsibilities for AI development
B.Establishment of an AI ethics board
C.Vendor AI assessment procedures
D.Data minimization requirements
E.Responsible use guidelines for employees
AnswersB, E

An ethics board provides governance and oversight.

Why this answer

An AI ethics board is essential because it provides independent oversight to ensure AI systems align with ethical principles, legal requirements, and corporate values. This board reviews high-risk AI use cases, approves ethical impact assessments, and enforces accountability, which is a core requirement of AI governance frameworks like the NIST AI Risk Management Framework.

Exam trap

Cisco often tests the distinction between governance-level components (like an ethics board and responsible use guidelines) and operational or data-specific practices, leading candidates to mistakenly select role definitions or vendor assessments as essential policy components.

11
MCQmedium

A company is evaluating fairness metrics for a hiring model. They want to ensure that the model has similar true positive rates (TPR) across demographic groups. Which fairness metric should they use?

A.Calibration
B.Individual fairness
C.Demographic parity
D.Equalized odds
AnswerD

Equalized odds requires equal true positive rates and equal false positive rates across groups.

Why this answer

Equalized odds requires that the true positive rate and false positive rate are equal across groups. Demographic parity requires equal selection rates. Individual fairness requires similar individuals to be treated similarly.

Calibration ensures predicted probabilities match actual outcomes for each group. The scenario specifies TPR, which is part of equalized odds.

12
MCQmedium

A hospital wants to train a diagnostic model using data from multiple hospitals without sharing raw patient data. Which technique allows model training across decentralised data while preserving privacy?

A.Differential privacy applied to the combined dataset
B.Centralising all data in one location and anonymising it
C.Federated learning
D.Using pseudonymisation and then pooling the data
AnswerC

Federated learning enables collaborative model training without sharing raw data, keeping data at each hospital.

Why this answer

Federated learning trains a shared model by aggregating updates from local data without moving the data itself, preserving privacy. Differential privacy adds noise but doesn't decentralise data. Data centralisation violates privacy.

Anonymisation alone doesn't allow collaborative training.

13
Multi-Selecthard

A company is forming an AI ethics board to oversee the development of a high-stakes AI system for bail decision recommendations. Which THREE responsibilities should the board primarily undertake?

Select 3 answers
A.Review model outputs for disparate impact across demographic groups
B.Market the AI system to potential clients
C.Establish human-in-the-loop requirements for high-risk decisions
D.Define fairness criteria and acceptable bias thresholds
E.Write the production code for the AI model
AnswersA, C, D

The board should audit and review model behaviour for ethical compliance.

Why this answer

An AI ethics board should define fairness criteria, review models for bias, and establish a human oversight process. Designing the algorithm is a technical task for engineers. Marketing the system is a business function, not an ethics board duty.

14
MCQeasy

An AI ethics board is reviewing a model that recommends criminal sentencing lengths. They want to ensure that the model's false positive rates for different demographic groups are equal. Which fairness metric should they use?

A.Calibration
B.Individual fairness
C.Equalized odds
D.Demographic parity
AnswerC

Equalized odds requires both false positive rates and true positive rates to be equal across groups.

Why this answer

Equalized odds requires that the model's true positive rates and false positive rates are equal across groups. Demographic parity only requires equal selection rates. Individual fairness ensures similar individuals are treated similarly but does not define group rates.

Calibration ensures predicted probabilities match actual outcomes for each group but does not enforce equal error rates.

15
MCQhard

A data scientist is evaluating a binary classifier for a hiring tool. They compute demographic parity and find that the selection rate for Group A is 0.2 and for Group B is 0.4. Which action would MOST directly address this disparity?

A.Use a different evaluation metric such as equalized odds
B.Remove the sensitive attribute from the training data
C.Collect more data for Group A to increase its representation
D.Retrain the model with a fairness constraint that enforces demographic parity
AnswerD

Enforcing demographic parity during training directly addresses the disparate selection rates.

Why this answer

Demographic parity requires equal selection rates. Retraining with a fairness constraint that enforces demographic parity directly adjusts the model to achieve equal rates. Rebalancing the dataset (if the disparity stems from imbalanced labels) might help, but it does not guarantee parity.

Modifying thresholds can also achieve parity, but post-processing without retraining may degrade other metrics; retraining with constraint is more direct.

16
Multi-Selectmedium

A company is adopting the EU AI Act's risk-based approach. They are classifying an AI system used for credit scoring. Which TWO risk tiers apply to credit scoring according to the Act?

Select 1 answer
A.Limited risk
B.Minimal risk
C.General purpose AI
D.High risk
E.Unacceptable risk
AnswersD

Credit scoring is explicitly listed as a high-risk AI system in Annex III.

Why this answer

Under the EU AI Act, credit scoring systems are classified as high risk because they determine access to financial resources and can significantly impact individuals' lives. This classification is based on the system's use in evaluating creditworthiness, which falls under Annex III's list of high-risk AI applications. Therefore, Option D is correct.

Exam trap

Cisco often tests the misconception that credit scoring is only 'limited risk' due to its commonality, but the Act explicitly lists it as high risk because of its impact on individuals' financial access and potential for bias.

17
MCQeasy

Which NIST AI RMF function involves identifying the context, risks, and potential impacts of an AI system, including mapping the AI lifecycle and stakeholders?

A.Manage
B.Measure
C.Map
D.Govern
AnswerC

Map is the function for understanding the AI system's context, risks, and impacts.

Why this answer

The AI RMF's four functions are: Govern, Map, Measure, Manage. Map focuses on context and risk identification. Govern sets policies.

Measure evaluates metrics. Manage addresses risks through controls.

18
MCQeasy

A company wants to train a language model on sensitive customer data without transferring the raw data to a central server. Which privacy-preserving technique should they use?

A.Federated learning
B.Differential privacy
C.Data minimisation
D.Anonymisation
AnswerA

Federated learning trains the model locally and only shares aggregated updates, keeping raw data on the device.

Why this answer

Federated learning is the correct technique because it trains a shared model across decentralized edge devices holding local data, without transferring raw customer data to a central server. Only model updates (gradients) are sent to the aggregation server, preserving data locality and reducing exposure. This directly addresses the requirement of avoiding raw data transfer while still enabling collaborative model training.

Exam trap

Cisco often tests the distinction between techniques that prevent raw data transfer (federated learning) versus techniques that protect data after it has been transferred (differential privacy, anonymisation), leading candidates to confuse privacy-preserving computation with output privacy.

How to eliminate wrong answers

Option B (Differential privacy) is wrong because it adds noise to query outputs or training data to protect individual records, but it does not prevent raw data from being transferred to a central server; it only limits information leakage from the released model. Option C (Data minimisation) is wrong because it is a principle of collecting only necessary data, not a technical mechanism for training a model without transferring raw data to a central location. Option D (Anonymisation) is wrong because it irreversibly removes personally identifiable information from the dataset before transfer, but the raw (anonymised) data still must be sent to a central server, violating the requirement of no raw data transfer.

19
MCQhard

A company trains a large language model on a dataset that includes copyrighted books. Under current legal interpretations, which statement about copyright infringement is MOST accurate?

A.Training on copyrighted data is generally permissible under the EU AI Act.
B.Training on copyrighted data is always covered by fair use in the US.
C.Training on copyrighted data is allowed as long as the model is not used commercially.
D.Training on copyrighted data without permission likely infringes copyright, though fair use may be a defense.
AnswerD

Copyright law protects original works; using them for training without permission is prima facie infringement, but fair use may apply.

Why this answer

Training on copyrighted works without permission is generally considered copyright infringement, unless a specific exception applies (e.g., fair use in the US). Fair use is determined on a case-by-case basis and is not automatically granted. Using only public domain works avoids infringement.

The EU AI Act does not provide blanket permission.

20
MCQmedium

A hospital is implementing an AI system to analyze patient X-rays for potential fractures. The hospital must comply with HIPAA regulations. Which privacy-preserving technique allows the model to be trained on data from multiple hospitals without sharing raw patient data?

A.Federated learning
B.Differential privacy
C.Data anonymisation
D.Data pseudonymisation
AnswerA

Federated learning trains models locally and only shares model parameters, not raw patient data, thus preserving privacy across hospitals.

Why this answer

Federated learning trains model copies across multiple sites and aggregates only model updates (gradients) to a central server, keeping patient data local. Differential privacy adds noise to data but does not inherently prevent data sharing. Anonymisation and pseudonymisation still require sharing data, albeit de-identified.

21
Multi-Selectmedium

A company is implementing an AI ethics board. Which TWO responsibilities should the board typically have?

Select 2 answers
A.Approving or rejecting high-risk AI initiatives
B.Writing code for fairness algorithms
C.Reviewing AI projects for ethical compliance and potential biases
D.Developing marketing strategies for AI products
E.Conducting daily data privacy audits
AnswersA, C

The board should have authority to approve or reject high-risk initiatives to ensure responsible AI deployment.

Why this answer

An AI ethics board should oversee AI projects for ethical compliance and approve high-risk AI initiatives. Implementing technical models and auditing data privacy are operational tasks not typically under the board's direct purview.

22
MCQmedium

A city government uses an AI system to allocate limited social services resources. To ensure fairness, they want to implement human oversight for high-stakes decisions. Which mechanism allows a human to review and potentially override the AI's decision before it is executed?

A.Human-on-the-loop
B.Human-in-command
C.Human-in-the-loop
D.Automated decision-making without human intervention
AnswerC

HITL ensures that a human reviews and can override each AI decision before it takes effect.

Why this answer

Human-in-the-loop (HITL) is the correct mechanism because it requires a human to review and approve or reject the AI's decision before it is executed. This ensures that for high-stakes decisions, such as allocating limited social services, a human can intervene to prevent unfair or erroneous outcomes, directly addressing the fairness requirement.

Exam trap

Cisco often tests the distinction between 'Human-in-the-loop' (pre-execution review) and 'Human-on-the-loop' (monitoring with automatic execution), leading candidates to confuse the timing of human intervention.

How to eliminate wrong answers

Option A is wrong because 'Human-on-the-loop' refers to a system where a human monitors AI decisions and can intervene during execution, but the decision is typically executed automatically unless the human steps in—this does not guarantee pre-execution review. Option B is wrong because 'Human-in-command' is a broader concept where a human has overall control and responsibility for the system's operation, but it does not specify a mandatory review step before each high-stakes decision is executed. Option D is wrong because 'Automated decision-making without human intervention' explicitly removes human oversight, which contradicts the requirement to implement human oversight for fairness.

23
MCQhard

A data scientist is training a large language model and wants to reduce the carbon footprint. Which practice is MOST effective for reducing energy consumption during training?

A.Use FP32 precision instead of mixed precision
B.Apply model pruning and knowledge distillation
C.Use more GPUs in parallel to finish training faster
D.Increase the number of training epochs for better accuracy
AnswerB

Pruning removes unnecessary weights and distillation trains a smaller student model, both reducing the computational load and energy footprint.

Why this answer

Model pruning reduces the number of parameters in the model, and knowledge distillation trains a smaller student model to mimic a larger teacher model. Both techniques directly reduce the computational operations (FLOPs) required during training and inference, leading to significant energy savings. In contrast, using FP32 or increasing epochs increases energy consumption, and adding more GPUs increases total power draw even if wall-clock time decreases.

Exam trap

Cisco often tests the misconception that 'finishing faster always saves energy,' but the trap here is that using more GPUs increases total power draw, and the energy equation (power × time) often results in higher overall consumption due to parallelization overhead and idle power.

How to eliminate wrong answers

Option A is wrong because FP32 precision uses 32-bit floating-point numbers, which require more memory bandwidth and compute operations than mixed precision (FP16/FP32), thereby increasing energy consumption. Option C is wrong because using more GPUs in parallel increases the total power draw (e.g., from 300W to 1200W for 4 GPUs), and the energy consumed is power × time; even if training finishes faster, the total energy often increases due to overhead and idle power. Option D is wrong because increasing the number of training epochs directly multiplies the total number of forward and backward passes, linearly increasing energy consumption without any efficiency gain.

24
Multi-Selecteasy

A startup is training a large language model and wants to reduce its environmental impact. Which TWO practices are considered green AI?

Select 2 answers
A.Train on the largest possible dataset
B.Use energy-efficient hardware (e.g., TPUs)
C.Use redundant backup servers
D.Increase batch size to maximum
E.Optimize model architecture for lower computational cost
AnswersB, E

Energy-efficient hardware reduces power consumption.

Why this answer

Option B is correct because using energy-efficient hardware such as Tensor Processing Units (TPUs) or specialized AI accelerators reduces the power consumption per floating-point operation, directly lowering the carbon footprint of training large language models. This aligns with green AI principles by optimizing the energy-to-performance ratio.

Exam trap

Cisco often tests the misconception that maximizing hardware utilization (e.g., large batch sizes or datasets) is inherently green, when in fact green AI focuses on minimizing total energy consumption and carbon emissions, not just throughput or utilization metrics.

25
MCQeasy

A data scientist discovers that a model trained to predict loan defaults is denying loans at a higher rate for a particular demographic group. Which type of bias is MOST likely present?

A.Confirmation bias
B.Selection bias
C.Algorithmic bias
D.Historical bias
AnswerD

Historical bias is present when the training data encodes past societal biases, which the model then amplifies.

Why this answer

Historical bias occurs when the training data reflects past societal inequalities, leading the model to learn and perpetuate those patterns. In this case, if historical loan data shows higher denial rates for a demographic group due to past discriminatory practices, the model will replicate that bias in its predictions. This is the most likely cause because the model is not inherently biased but inherits bias from the data it was trained on.

Exam trap

The trap here is that candidates may confuse 'algorithmic bias' (a general term) with the specific root cause, failing to recognize that historical bias is the precise type when the bias originates from the training data rather than the algorithm itself.

How to eliminate wrong answers

Option A is wrong because confirmation bias refers to a human tendency to favor information that confirms preexisting beliefs, not a data-driven model bias in loan predictions. Option B is wrong because selection bias arises from non-random sampling of data (e.g., only including certain loan applicants), which is not described in the scenario where the model is trained on historical data. Option C is wrong because algorithmic bias is a broad term that can include historical bias, but the question asks for the most likely specific type, and historical bias directly explains the root cause in the training data.

26
MCQeasy

A company deploys an AI chatbot that generates product descriptions. The company wants to be transparent about AI-generated content. Which practice should they follow?

A.Clearly label AI-generated content as such
B.Publish a model card, but not label individual outputs
C.Add an invisible watermark but do not inform users
D.Do not disclose that content is AI-generated to avoid user confusion
AnswerA

Transparency requires disclosure that content is AI-generated.

Why this answer

Option A is correct because transparency about AI-generated content is a core principle of AI governance and ethics. Labeling AI-generated outputs as such allows users to make informed decisions about the content they consume, aligning with responsible AI practices.

Exam trap

The trap here is that candidates may think transparency is achieved through documentation alone (like model cards) or through hidden mechanisms, but Cisco tests that direct, user-visible labeling of AI-generated content is the ethical standard.

How to eliminate wrong answers

Option B is wrong because publishing a model card alone does not provide transparency for individual outputs; users need to know which specific content is AI-generated. Option C is wrong because an invisible watermark without informing users defeats the purpose of transparency, as users are unaware of the AI's involvement. Option D is wrong because intentionally hiding AI-generated content to avoid confusion violates ethical guidelines and erodes trust, as users have a right to know when content is AI-generated.

27
MCQhard

A healthcare AI system diagnosing diabetic retinopathy from retinal images shows high accuracy overall but significantly lower recall for patients with darker skin tones. Which fairness metric would BEST capture this disparity by comparing true positive rates across groups?

A.Calibration
B.Demographic parity
C.Equalised odds
D.Individual fairness
AnswerC

Equalised odds directly compares true positive rates and false positive rates across groups, making it the correct metric to detect the described recall disparity.

Why this answer

Equalised odds requires that the true positive rate and false positive rate be equal across groups. Demographic parity only checks outcome rates, not error types. Individual fairness compares similar individuals.

Calibration checks confidence alignment.

28
MCQhard

A financial institution deploys an AI model for loan approval. To meet regulatory requirements under the EU AI Act for high-risk AI systems, they must ensure human oversight. Which implementation best satisfies the requirement for meaningful human intervention?

A.Audit model decisions quarterly for bias
B.Allow users to appeal decisions through a customer service hotline
C.Display a confidence score for each decision
D.Provide a human reviewer with the ability to override the model's decision before finalization
AnswerD

This ensures a human can intervene in individual cases, meeting the oversight requirement.

Why this answer

Human-in-the-loop oversight with an override mechanism allows a qualified human to review and override automated decisions, satisfying the EU AI Act's requirement for high-risk systems.

29
Multi-Selecthard

A healthcare AI system is subject to GDPR because it processes patient data. Which THREE requirements must the system satisfy?

Select 3 answers
A.Right to explanation of decisions
B.Explicit consent from all data subjects
C.Meaningful information about the logic involved in automated decision-making
D.Data minimization principles
E.Data retention period of at least 10 years
AnswersA, C, D

Article 22 and Recital 71 provide a right to explanation for automated decisions.

Why this answer

Option A is correct because Article 22 of the GDPR grants data subjects the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significant effects. For healthcare AI systems, this means patients have the right to obtain an explanation of the decision reached by the algorithm, such as how a diagnosis or treatment recommendation was derived. This requirement ensures transparency and accountability in high-stakes automated decisions.

Exam trap

Cisco often tests the misconception that GDPR mandates explicit consent for all healthcare AI processing, when in fact other lawful bases (e.g., vital interests, public health) can apply, and the right to explanation is a distinct requirement focused on automated decision-making logic.

30
MCQmedium

A data scientist needs to explain why a black-box model denied a loan application. Which explainability technique generates local feature importance values using a simpler interpretable model around the prediction?

A.Model card
B.LIME
C.Attention visualisation
D.SHAP values
AnswerB

LIME fits a simple model (e.g., linear) locally to approximate the black-box model's decision boundary for a specific instance.

Why this answer

LIME (Local Interpretable Model-agnostic Explanations) is the correct technique because it generates local feature importance values by fitting a simpler, interpretable model (e.g., linear regression or decision tree) around the prediction of the black-box model. This allows the data scientist to explain why a specific loan application was denied by identifying which features (e.g., income, credit score) most influenced that particular decision. Unlike global methods, LIME focuses on the local neighborhood of the instance, making it ideal for explaining individual predictions.

Exam trap

Cisco often tests the distinction between local vs. global explainability methods, and the trap here is that candidates may confuse SHAP values (which also provide local feature importance) with LIME, failing to recognize that LIME uniquely uses a simpler interpretable surrogate model trained around the prediction, while SHAP uses game-theoretic contributions without a surrogate model.

How to eliminate wrong answers

Option A is wrong because a model card is a documentation artifact that summarizes a model's intended use, performance, and limitations at a global level, not a technique for generating local feature importance values for a single prediction. Option C is wrong because attention visualization is specific to neural network architectures (e.g., transformers) and provides insight into which parts of the input the model 'attends to,' but it is not a model-agnostic method for generating local feature importance with a simpler interpretable model. Option D is wrong because SHAP values, while they do provide local feature importance, are based on cooperative game theory (Shapley values) and do not use a simpler interpretable model around the prediction; instead, they compute additive feature contributions directly from the model's output.

31
MCQmedium

Under the EU AI Act, an AI system that uses subliminal techniques to materially distort a person's behaviour, causing psychological or physical harm, would be classified under which risk tier?

A.Unacceptable risk
B.Limited risk
C.High risk
D.Minimal risk
AnswerA

Systems that employ subliminal techniques to distort behaviour causing harm are banned under the unacceptable risk category.

Why this answer

The EU AI Act categorises such systems as 'unacceptable risk' and prohibits them outright. High risk includes critical infrastructure, education, employment, etc. Limited risk involves transparency obligations.

Minimal risk covers all other systems.

32
MCQeasy

A company is developing an AI policy. Which of the following should be included to ensure accountability for AI-driven decisions?

A.A set of acceptable use cases for the AI
B.A description of the model architecture used
C.A list of approved training data sources
D.Designated roles for human oversight and decision authority
AnswerD

Clear assignment of human oversight roles ensures that someone is accountable for the AI's outputs.

Why this answer

Option D is correct because accountability for AI-driven decisions requires clear assignment of human roles with oversight and decision authority. This ensures that there is a responsible party who can review, override, or be held liable for the AI's outputs, which is a core principle of AI governance frameworks such as the NIST AI Risk Management Framework.

Exam trap

Cisco often tests the distinction between governance components (scope, data, architecture) and the specific accountability mechanism of human oversight, leading candidates to confuse 'acceptable use' with 'who is responsible'.

How to eliminate wrong answers

Option A is wrong because acceptable use cases define scope, not accountability; they do not assign responsibility for decisions. Option B is wrong because describing the model architecture is a technical documentation detail, not a governance mechanism for accountability. Option C is wrong because listing approved training data sources addresses data provenance and bias, but does not establish who is responsible for the AI's decisions.

33
MCQmedium

A healthcare AI startup is developing a model to predict patient readmission risk. The model will be used to allocate post-discharge resources. Which regulatory framework primarily governs the use of patient data in this scenario?

A.GDPR
B.CCPA
C.HIPAA
D.EU AI Act
AnswerC

HIPAA governs the use and disclosure of protected health information (PHI) by covered entities and business associates in the US.

Why this answer

HIPAA (Health Insurance Portability and Accountability Act) is the correct regulatory framework because the scenario involves a healthcare AI startup using protected health information (PHI) to predict patient readmission risk. HIPAA governs the use, disclosure, and safeguarding of PHI by covered entities and their business associates, which includes AI models processing patient data for post-discharge resource allocation.

Exam trap

Cisco often tests the distinction between data privacy regulations (HIPAA, GDPR, CCPA) and AI-specific regulations (EU AI Act), trapping candidates who assume the EU AI Act governs all AI data use when the underlying data type (healthcare PHI) dictates the primary framework.

How to eliminate wrong answers

Option A is wrong because GDPR is a European Union regulation that applies to personal data of EU residents, but the scenario does not specify that the patients are in the EU or that the startup operates under EU jurisdiction; HIPAA is the primary U.S. healthcare data privacy law. Option B is wrong because CCPA is a California state law focused on consumer privacy and data rights for California residents, not specifically tailored to healthcare data or patient readmission models; it does not preempt HIPAA for protected health information. Option D is wrong because the EU AI Act governs the development and deployment of AI systems based on risk categories, but it does not directly regulate the use of patient data; data privacy for healthcare remains under GDPR or local health data laws, not the AI Act itself.

34
Multi-Selectmedium

Under the EU AI Act, an AI system used for credit scoring is classified as high-risk. Which THREE obligations apply to the deployer of such a system?

Select 3 answers
A.Register the system with a central EU database
B.Publish the model's source code publicly
C.Provide transparency information to affected individuals
D.Conduct a fundamental rights impact assessment
E.Ensure human oversight of the system's decisions
AnswersC, D, E

Deployers must inform individuals that an AI system is making decisions affecting them.

Why this answer

Option C is correct because Article 13 of the EU AI Act requires deployers of high-risk AI systems to provide clear and meaningful transparency information to affected individuals, including the system's capabilities, limitations, and the logic behind decisions. This obligation ensures that individuals subject to automated credit scoring understand how their data is being used and can exercise their rights under the regulation.

Exam trap

The trap here is that candidates often confuse deployer obligations with provider obligations, mistakenly assigning registration and code publication duties to the deployer instead of the provider.

35
MCQmedium

A hospital wants to train a diagnostic AI model using data from multiple hospitals without sharing raw patient data. Which privacy-preserving technique allows collaborative training while keeping data local?

A.Differential privacy
B.Federated learning
C.Data anonymisation
D.Data pseudonymisation
AnswerB

Federated learning trains models on local data and only shares model updates, keeping raw data on-site.

Why this answer

Federated learning is the correct technique because it enables multiple hospitals to collaboratively train a shared diagnostic AI model without exchanging raw patient data. Instead, each hospital trains a local model on its own data, and only encrypted model updates (e.g., gradients or weights) are sent to a central server for aggregation. This keeps all sensitive patient information local, directly addressing the requirement of data locality while still benefiting from collective learning.

Exam trap

Cisco often tests the distinction between techniques that modify data before sharing (like anonymisation or pseudonymisation) versus techniques that keep data local and share only model parameters (like federated learning), so the trap here is assuming that anonymising or pseudonymising data satisfies the 'keep data local' requirement when it actually still involves data leaving the hospital.

How to eliminate wrong answers

Option A is wrong because differential privacy adds noise to data or model outputs to protect individual privacy, but it does not keep data local; it can be applied to centralized or federated settings, but alone it does not enable collaborative training without sharing raw data. Option C is wrong because data anonymisation removes or masks personally identifiable information (PII) from a dataset, but the anonymised data is still shared with other parties, which violates the requirement to keep raw patient data local. Option D is wrong because data pseudonymisation replaces identifiers with pseudonyms, but the pseudonymised data is still shared and can potentially be re-identified, failing to meet the strict local data constraint.

36
MCQmedium

A data scientist needs to explain why a specific loan application was rejected by a tree-based model. The model is complex and not inherently interpretable. Which method should the data scientist use to provide a local explanation for this single prediction?

A.LIME
B.SHAP values
C.Model cards
D.Attention visualization
AnswerA

LIME creates a simple, interpretable model around the prediction to explain the decision locally, making it ideal for this task.

Why this answer

LIME (Local Interpretable Model-agnostic Explanations) is the correct choice because it is specifically designed to provide local explanations for individual predictions by approximating the complex model with a simpler, interpretable surrogate model around that specific instance. For a tree-based model that is not inherently interpretable, LIME can explain why a single loan application was rejected by perturbing the input and observing the changes in predictions, making it ideal for this use case.

Exam trap

Cisco often tests the distinction between local vs. global interpretability methods, and the trap here is that candidates may choose SHAP values (Option B) because they are also popular for explanations, but SHAP is more suited for global feature importance and can be overkill or less intuitive for a single-instance explanation compared to LIME's direct local surrogate approach.

How to eliminate wrong answers

Option B is wrong because SHAP values, while also providing local explanations, are based on cooperative game theory and compute Shapley values, which can be computationally expensive for complex tree-based models and may not be as straightforward for a single-prediction explanation as LIME's perturbation-based approach. Option C is wrong because model cards are documentation artifacts that describe the overall model's intended use, performance, and limitations, not a method for generating local explanations for individual predictions. Option D is wrong because attention visualization is a technique used primarily in neural network models (e.g., transformers) to highlight which parts of the input the model focuses on, and it is not applicable to tree-based models like decision trees or random forests.

37
MCQeasy

A data scientist notices that a hiring model systematically scores female candidates lower than male candidates with similar qualifications. The training data was collected from past hiring decisions where the company historically hired more men. Which type of AI bias is most directly demonstrated?

A.Selection bias
B.Algorithmic bias
C.Confirmation bias
D.Historical bias
AnswerD

Historical bias stems from data that mirrors past discriminatory practices.

Why this answer

The correct answer is D, historical bias, because the model's lower scoring of female candidates stems directly from training data that reflects past hiring decisions where the company historically hired more men. This bias is embedded in the data itself, not introduced by the algorithm or data collection method. Historical bias occurs when the training data encodes societal or organizational prejudices from the past, which the model then perpetuates.

Exam trap

Cisco often tests the distinction between historical bias (data-driven) and algorithmic bias (model-driven), and the trap here is that candidates confuse 'algorithmic bias' as the catch-all term, missing that the root cause is the historical data, not the algorithm's logic.

How to eliminate wrong answers

Option A is wrong because selection bias refers to systematic error in how data is sampled or collected (e.g., non-random sampling), not to bias inherited from historical outcomes in the training data. Option B is wrong because algorithmic bias is a broader term that includes any bias introduced by the algorithm's design or optimization process, but here the root cause is the historical data, not the algorithm itself. Option C is wrong because confirmation bias is a human cognitive bias where people favor information that confirms their preexisting beliefs, and it does not apply to a machine learning model's training process.

38
Multi-Selecthard

A company is deploying an AI system that falls under the EU AI Act's high-risk category. Which THREE requirements must the company fulfill?

Select 3 answers
A.Ensure human oversight to prevent or minimise risks
B.Obtain explicit consent from all affected individuals
C.Open-source the model's code to the public
D.Create and maintain technical documentation including the system's intended purpose
E.Establish a risk management system throughout the AI system's lifecycle
AnswersA, D, E

Human oversight is mandatory for high-risk AI systems.

Why this answer

The EU AI Act for high-risk systems requires risk management, human oversight, and transparency documentation. Open-sourcing the model is not required; obtaining consent is not a specific requirement for high-risk systems.

39
MCQmedium

A healthcare AI system uses patient data to predict disease risk. To comply with HIPAA and reduce the risk of re-identification, which technique should be applied to the training data before model development?

A.Pseudonymisation by replacing patient names with random IDs
B.Data augmentation to create synthetic samples
C.Differential privacy with a carefully chosen epsilon
D.Data minimisation by removing all features except age and gender
AnswerC

Differential privacy adds controlled noise to protect individual records, meeting HIPAA's de-identification standards with formal guarantees.

Why this answer

Differential privacy (Option C) is the correct technique because it adds calibrated noise to the training data or model outputs, providing a mathematical guarantee against re-identification even if an attacker has auxiliary information. This directly addresses HIPAA's requirement to protect patient privacy while preserving statistical utility for disease risk prediction.

Exam trap

Cisco often tests the misconception that pseudonymisation (Option A) is equivalent to de-identification under HIPAA, when in fact it is a reversible process that fails against linkage attacks, making differential privacy the only mathematically rigorous option.

How to eliminate wrong answers

Option A is wrong because pseudonymisation by replacing names with random IDs is a reversible or linkable technique; it does not prevent re-identification when combined with quasi-identifiers (e.g., ZIP code, birth date) and is not considered sufficient for HIPAA de-identification. Option B is wrong because data augmentation creates synthetic samples to improve model generalisation, not to protect privacy; it does not reduce re-identification risk and may even leak information if synthetic data is too similar to real records. Option D is wrong because data minimisation by removing all features except age and gender removes too much clinically relevant information, rendering the model useless for disease risk prediction, and still leaves quasi-identifiers that can be used for re-identification (e.g., age + gender + location).

40
MCQhard

A company deploys an AI system for loan approvals. The EU AI Act classifies this as high-risk. Which human oversight requirement applies?

A.Human-in-command approach
B.Human-in-the-loop (HITL) mechanism
C.Human-on-the-loop oversight
D.Automated decision-making without human review
AnswerB

Article 14 requires human oversight, and HITL ensures that a human can intervene or reverse decisions.

Why this answer

The EU AI Act requires human-in-the-loop (HITL) oversight for high-risk AI systems like loan approval, meaning a human must be able to intervene and override the system's decisions during operation. This ensures that automated decisions can be reviewed and corrected in real-time, preventing fully autonomous outcomes in critical areas such as credit scoring.

Exam trap

Cisco often tests the distinction between 'human-in-the-loop' (direct intervention during operation) and 'human-on-the-loop' (monitoring after the fact), leading candidates to confuse the two for high-risk systems where real-time override is mandatory.

How to eliminate wrong answers

Option A is wrong because 'human-in-command' is not a defined term under the EU AI Act; the correct terminology is human-in-the-loop, human-on-the-loop, or human-in-charge for general oversight roles. Option C is wrong because human-on-the-loop oversight involves monitoring system outputs at a higher level without direct real-time intervention, which is insufficient for high-risk loan approvals where immediate human override must be possible. Option D is wrong because automated decision-making without human review directly violates the EU AI Act's requirement for human oversight in high-risk systems, as it removes any possibility of human intervention or accountability.

41
Multi-Selecthard

A bank wants to ensure its credit scoring model is fair across demographic groups. The model currently uses features like zip code, income, and credit history. To mitigate potential bias, which TWO actions should the data science team prioritize?

Select 2 answers
A.Analyze the model for disparate impact using statistical tests
B.Review features like zip code for potential proxy discrimination
C.Remove all features that could be correlated with protected attributes
D.Implement a fairness metric like demographic parity or equalized odds
E.Apply differential privacy to the training data
AnswersA, B

Disparate impact analysis helps identify whether the model adversely affects a protected group.

Why this answer

Option A is correct because analyzing the model for disparate impact using statistical tests (e.g., the 80% rule or chi-square test) directly measures whether the model produces systematically different outcomes for protected groups. This is a foundational step in fairness auditing, as it quantifies bias before any mitigation is applied, aligning with regulatory expectations like the Equal Credit Opportunity Act (ECOA).

Exam trap

Cisco often tests the distinction between detection and mitigation steps, so candidates mistakenly pick a mitigation action (like D) or a privacy technique (like E) as a first priority, overlooking that bias must first be measured and understood.

42
MCQmedium

A social media platform uses an AI system to moderate content. The system incorrectly flags legitimate posts as hate speech, disproportionately affecting minority groups. Which type of bias is likely present?

A.Algorithmic bias
B.Historical bias
C.Selection bias
D.Confirmation bias
AnswerA

The model's algorithm or training process causes systematic errors against certain groups.

Why this answer

The AI system's output (incorrectly flagging legitimate posts as hate speech) is a direct result of the model's design, training data, or deployment choices, which is the definition of algorithmic bias. This bias disproportionately affects minority groups because the algorithm's decision-making process systematically produces unfair outcomes for those groups, even if the training data itself was not historically biased.

Exam trap

Cisco often tests the distinction between 'algorithmic bias' (bias introduced by the model's design or deployment) and 'historical bias' (bias present in the training data), so candidates mistakenly choose historical bias when the question describes a system that actively produces unfair outcomes due to its own logic.

How to eliminate wrong answers

Option B (Historical bias) is wrong because historical bias refers to pre-existing societal prejudices reflected in the training data, not the algorithm's own flawed decision-making process; the question states the system 'incorrectly flags' posts, indicating the bias is in the algorithm's logic or thresholds, not just the data. Option C (Selection bias) is wrong because selection bias occurs when the training data is not representative of the real-world population (e.g., overrepresenting certain groups), but the problem here is the algorithm's misclassification of content, not a sampling issue. Option D (Confirmation bias) is wrong because confirmation bias is a human cognitive bias where people favor information that confirms their preexisting beliefs; it does not apply to an AI system's content moderation decisions.

43
MCQhard

A company is evaluating a vendor's AI system for hiring. The vendor claims the system is fair because it achieves demographic parity. However, the company discovers that the system has significantly different false positive rates across groups. Which fairness issue does this indicate?

A.The system violates individual fairness
B.The system suffers from selection bias
C.The system violates equalised odds
D.The system is not calibrated
AnswerC

Equalised odds demands equal false positive rates across groups; significant differences indicate unfairness.

Why this answer

Equalised odds requires that a model's false positive rates and true positive rates are equal across all demographic groups. Since the vendor's system has significantly different false positive rates across groups, it violates the equalised odds fairness criterion, even if demographic parity (equal selection rates) is satisfied. This is a core fairness metric in AI governance, as it ensures that errors are distributed equitably.

Exam trap

Cisco often tests the distinction between demographic parity and equalised odds, trapping candidates who assume that equal selection rates (demographic parity) automatically guarantee fairness across all error types.

How to eliminate wrong answers

Option A is wrong because individual fairness focuses on treating similar individuals similarly, not on group-level error rates like false positives. Option B is wrong because selection bias refers to systematic errors in data collection or sampling that lead to unrepresentative training data, not to post-deployment disparities in model errors across groups. Option D is wrong because calibration measures whether predicted probabilities match actual outcomes within each group, which is a separate property from equalised odds; a model can be calibrated yet still have unequal false positive rates.

44
MCQhard

A company is training a large language model from scratch and wants to minimise its environmental impact. Which practice aligns with green AI principles?

A.Use model pruning and train on a smaller, representative dataset
B.Use more GPUs to parallelise training and reduce wall-clock time
C.Deploy the model on a cloud provider with renewable energy certificates
D.Train the model on a larger dataset to improve accuracy
AnswerA

Pruning reduces model size and computational cost; training on a smaller dataset also lowers energy consumption, aligning with green AI.

Why this answer

Green AI advocates for resource-efficient AI, including using smaller models, pruning, and efficient architectures to reduce carbon footprint. Training larger models with more data increases environmental impact, not reduces it.

45
Multi-Selectmedium

A data scientist is using differential privacy to protect individual privacy in a training dataset. Which TWO actions are correct implementations of differential privacy?

Select 2 answers
A.Train the model on a small subset of data to reduce exposure
B.Remove all personally identifiable information (PII) from the dataset
C.Aggregate data into groups before training
D.Set a privacy budget (epsilon) to limit information leakage
E.Add noise to the training data to mask individual contributions
AnswersD, E

The privacy budget epsilon quantifies the privacy guarantee and is a core concept of differential privacy.

Why this answer

Option D is correct because setting a privacy budget (epsilon) is a core mechanism in differential privacy that quantifies and limits the amount of information leaked about any individual in the dataset. By controlling epsilon, the data scientist can formally bound the privacy loss, ensuring that the model's outputs do not reveal whether any specific individual's data was included in training.

Exam trap

Cisco often tests the misconception that removing PII or using data aggregation alone constitutes differential privacy, when in fact differential privacy requires a formal mathematical framework with noise addition and a privacy budget parameter.

46
MCQeasy

Which technique adds controlled noise to query results or training data to prevent an attacker from inferring whether a specific individual's data was included in the dataset?

A.Anonymisation
B.Federated learning
C.Differential privacy
D.Pseudonymisation
AnswerC

Differential privacy injects noise into computations or outputs to bound the risk of re-identification.

Why this answer

Differential privacy adds calibrated noise to ensure the output does not reveal individual participation. Anonymisation removes identifiers. Pseudonymisation replaces identifiers.

Federated learning decentralises data but does not necessarily add noise.

47
MCQmedium

A data scientist is training a resume screening model to rank job applicants. The training data includes historical hiring decisions from the past 10 years. The company wants to avoid unfair bias against underrepresented groups. Which type of bias is most likely present in the training data?

A.Algorithmic bias
B.Selection bias
C.Confirmation bias
D.Historical bias
AnswerD

Historical bias is present when the training data reflects existing societal inequalities, such as discriminatory hiring practices.

Why this answer

Historical bias occurs when the training data reflects past societal biases, such as underrepresentation of certain groups in hiring. The model learns these patterns, perpetuating unfairness. Selection bias arises from non-random sampling, confirmation bias from favoring information that confirms preexisting beliefs, and algorithmic bias from model design choices.

48
MCQeasy

An organisation is developing an AI policy. According to the NIST AI RMF, which function involves establishing policies and procedures to ensure the organisation governs AI responsibly?

A.Manage
B.Measure
C.Govern
D.Map
AnswerC

Govern involves setting policies, roles, and responsibilities for AI governance.

Why this answer

The NIST AI RMF's Govern function focuses on establishing governance structures, policies, and accountability mechanisms. Map, Measure, and Manage are other functions in the framework.

49
MCQeasy

A healthcare AI system uses patient data to predict disease risk. To comply with HIPAA, which privacy technique should be applied to the training data?

A.Differential privacy
B.Anonymisation
C.De-identification (Safe Harbor method)
D.Pseudonymisation
AnswerC

HIPAA's Safe Harbor method removes 18 identifiers, meeting the de-identification standard.

Why this answer

The Safe Harbor method of de-identification, as defined by the HIPAA Privacy Rule, removes 18 specific identifiers (e.g., names, dates, geographic subdivisions smaller than a state) from the training data. This ensures the data no longer qualifies as Protected Health Information (PHI), allowing it to be used for AI model training without violating HIPAA. Unlike other techniques, Safe Harbor provides a clear, legally safe harbor from privacy breach notification requirements when properly applied.

Exam trap

Cisco often tests the distinction between de-identification (Safe Harbor) and pseudonymisation, trapping candidates who think pseudonymisation alone satisfies HIPAA because it obscures direct identifiers, when in fact pseudonymised data remains PHI and requires the same privacy protections.

How to eliminate wrong answers

Option A is wrong because differential privacy adds mathematical noise to query outputs to protect individual records, but it does not remove all 18 HIPAA-required identifiers from the training data itself, and applying it alone would not satisfy the Safe Harbor standard for de-identification. Option B is wrong because anonymisation is a broader, often irreversible process that may go beyond HIPAA's Safe Harbor requirements, but the question specifically asks for a technique to comply with HIPAA, and the Safe Harbor method is the explicit, codified standard under HIPAA, not generic anonymisation. Option D is wrong because pseudonymisation replaces identifiers with pseudonyms but retains the ability to re-identify individuals via a key, which means the data is still considered PHI under HIPAA and does not meet the de-identification standard required for compliance.

50
MCQmedium

A company uses AI to generate marketing images. They want to ensure that the images are clearly identified as AI-generated to comply with transparency obligations. Which approach is most effective?

A.Add a disclaimer in the platform's terms of service
B.Include metadata in the image file indicating it is AI-generated
C.Embed a visible watermark stating 'AI-generated' in each image
D.Rely on deepfake detection algorithms to flag the images
AnswerC

Visible watermarks are easily noticed and cannot be removed without degrading the image, ensuring clear disclosure.

Why this answer

Watermarking AI-generated content with visible or invisible markers is a direct way to disclose AI origin. Using metadata alone can be stripped; disclaimers in terms of service are not visible to users; relying on human detection is unreliable.

51
Multi-Selecthard

A company is deploying a generative AI system that produces text content. To comply with emerging transparency obligations, which THREE measures should they implement?

Select 3 answers
A.Watermark AI-generated content
B.Disclose AI involvement to users
C.Encrypt all training data
D.Provide deepfake detection tools
E.Limit model access to internal employees only
AnswersA, B, D

Watermarking helps identify AI-generated content and is a transparency best practice.

Why this answer

Watermarking AI-generated content (Option A) is correct because it embeds an imperceptible, machine-detectable signal into the output, enabling provenance verification. This directly addresses transparency obligations by allowing downstream systems to identify synthetic text, which is a key requirement in emerging AI regulations such as the EU AI Act.

Exam trap

Cisco often tests the distinction between security controls (encryption, access control) and governance/transparency measures, so candidates mistakenly select encryption or access restriction as fulfilling transparency obligations when they do not.

52
MCQhard

A model's predicted probabilities are well-calibrated overall but the model systematically assigns higher probabilities to one demographic group even when the actual outcome likelihood is the same. Which fairness issue is present?

A.Demographic parity violation
B.Equalised odds violation
C.Calibration disparity
D.Individual fairness violation
AnswerC

Calibration disparity occurs when predicted probabilities are not equally reliable across groups, as described.

Why this answer

Calibration fairness requires that for each predicted probability, the actual outcome rate is the same across groups. The scenario describes a calibration disparity. Demographic parity would involve different selection rates.

Equalised odds involves equal error rates. Individual fairness is about treating similar individuals similarly.

53
MCQmedium

An AI system trained on historical medical records shows that certain racial groups have higher predicted risk for a disease. The data reflects real-world differences in diagnosis rates due to unequal access to healthcare. Which type of bias is this?

A.Algorithmic bias
B.Selection bias
C.Historical bias
D.Confirmation bias
AnswerC

The data reflects historical disparities in healthcare access, which is a classic example of historical bias.

Why this answer

Historical bias occurs when the training data reflects past societal inequities. Selection bias would occur if the sample is not representative; confirmation bias stems from the model's own predictions; algorithmic bias arises from the model design.

54
MCQhard

An AI model for skin cancer detection achieves high accuracy but performs poorly on dark skin tones. The team wants to evaluate whether the model is calibrated across skin tones. Which fairness metric should they use?

A.Equalised odds
B.Demographic parity
C.Individual fairness
D.Calibration
AnswerD

Calibration checks that for a given predicted probability, the actual outcome rate is the same across groups.

Why this answer

Calibration is the correct metric because it directly measures whether the predicted probabilities of skin cancer match the actual outcomes across different skin tones. A model can have high overall accuracy but be miscalibrated for a subgroup if its confidence scores are systematically over- or under-confident for that group. In this scenario, the team needs to check if the model's risk scores are equally reliable for dark skin tones as for light skin tones, which is exactly what calibration assesses.

Exam trap

Cisco often tests the distinction between fairness metrics by presenting a scenario where 'accuracy' is high but subgroup performance differs, and candidates mistakenly choose equalized odds or demographic parity instead of recognizing that the core issue is confidence score reliability, i.e., calibration.

How to eliminate wrong answers

Option A is wrong because equalized odds requires that the true positive rate and false positive rate are equal across groups, which is a measure of error rate fairness, not calibration. Option B is wrong because demographic parity requires that the proportion of positive predictions is the same across groups, which can be achieved even if the model is poorly calibrated. Option C is wrong because individual fairness requires that similar individuals receive similar predictions, which is a different concept from group-level calibration across skin tones.

55
MCQeasy

A hospital wants to train a diagnostic model using patient data from multiple hospitals without sharing raw patient records. Which technique enables collaborative model training while keeping data decentralised?

A.Pseudonymisation
B.Differential privacy
C.Federated learning
D.Anonymisation
AnswerC

Federated learning trains a shared model by aggregating only model updates, never raw patient data.

Why this answer

Federated learning trains models across decentralised data without exchanging raw data. Differential privacy adds noise. Anonymisation removes identifiers.

Pseudonymisation replaces identifiers with pseudonyms.

56
MCQmedium

A company uses an AI system to screen job applicants. Under the GDPR, if the system makes automated decisions that have a legal or similarly significant effect on individuals, the data subject has the right to obtain an explanation of the decision. What is this right commonly called?

A.Right to erasure (right to be forgotten)
B.Right to explanation
C.Right to object
D.Right to data portability
AnswerB

The right to explanation is the commonly used term for the right to obtain meaningful information about the logic involved in automated decision-making.

Why this answer

The GDPR's right to explanation is not explicitly named in the regulation but is widely referred to as such in the context of automated decision-making under Article 22. The other options are other data subject rights under GDPR but do not specifically address explanation of decisions.

57
MCQeasy

An AI system used for hiring is found to have a disparate impact on a protected group. What is the first step in addressing this under the NIST AI RMF?

A.Govern - establish governance policies
B.Map - understand the use case and potential impacts
C.Manage - implement mitigation strategies
D.Measure - evaluate the fairness metrics
AnswerB

Map involves characterizing the AI system and identifying potential harms.

Why this answer

The NIST AI RMF follows a sequence of functions: Govern, Map, Measure, and Manage. When a disparate impact is discovered, the first step is to Map the context, which involves understanding the specific use case, the AI system's operational design, and the potential sources of bias. Without this foundational understanding, any subsequent governance, measurement, or mitigation efforts would be misdirected or ineffective.

Exam trap

Cisco often tests the order of the NIST AI RMF functions, and the trap here is that candidates mistakenly jump to 'Measure' or 'Manage' to fix the problem immediately, forgetting that the RMF requires a systematic 'Map' first to understand the root cause of the disparate impact.

How to eliminate wrong answers

Option A is wrong because Govern establishes overarching policies and accountability structures, but it is not the immediate first step when a specific impact is identified; the RMF prescribes Map before Govern in the operational workflow. Option C is wrong because Manage involves implementing mitigation strategies, which can only be designed after the impact has been fully understood and measured. Option D is wrong because Measure evaluates fairness metrics, but this evaluation presupposes a clear understanding of the use case and the context of the disparate impact, which is provided by the Map function.

58
Multi-Selecthard

A company is conducting a vendor AI assessment for a third-party natural language processing service. They need to ensure the vendor's AI governance practices align with their own. Which THREE areas should they evaluate?

Select 3 answers
A.The vendor's model architecture and training framework
B.The vendor's data handling and privacy practices
C.The vendor's marketing budget for AI services
D.The vendor's transparency documentation and model cards
E.The vendor's bias testing and fairness evaluation results
AnswersB, D, E

Data handling practices are critical for compliance and security.

Why this answer

Option B is correct because data handling and privacy practices are a core component of AI governance, ensuring that the vendor's use of customer data complies with regulations like GDPR or CCPA and aligns with the company's own data protection policies. During a vendor AI assessment, evaluating how the vendor collects, stores, processes, and secures data is critical to mitigate risks of data breaches, unauthorized use, or non-compliance, which directly impacts trust and legal liability.

Exam trap

Cisco often tests the distinction between technical performance metrics (like model architecture) and governance-specific evaluation areas (like transparency and bias testing), leading candidates to mistakenly select options that sound relevant but fall outside the scope of AI governance.

59
MCQmedium

A company is required to disclose that content has been generated or significantly modified by AI. Which practice directly addresses this transparency obligation?

A.Applying AI watermarking
B.Using LIME for explanations
C.Implementing federated learning
D.Publishing a model card
AnswerA

Watermarking embeds a detectable marker into AI-generated content, enabling disclosure and traceability.

Why this answer

AI watermarking directly addresses the transparency obligation by embedding a detectable signal into AI-generated content, enabling clear disclosure that the content was produced or significantly modified by AI. This practice aligns with regulatory requirements for provenance and traceability, as watermarks can be verified by automated systems or human inspection to confirm AI origin.

Exam trap

Cisco often tests the distinction between transparency of content origin (watermarking) and model transparency (model cards) or interpretability (LIME), leading candidates to confuse documentation with active disclosure mechanisms.

How to eliminate wrong answers

Option B is wrong because LIME (Local Interpretable Model-agnostic Explanations) is a technique for explaining individual model predictions, not for disclosing AI-generated content; it addresses interpretability, not transparency of content origin. Option C is wrong because federated learning is a distributed training method that keeps data local to preserve privacy, and it has no mechanism for marking or disclosing AI-generated outputs. Option D is wrong because a model card documents a model's intended use, performance, and limitations, but it does not embed a disclosure signal into the content itself; it is a static document, not a dynamic transparency mechanism for generated outputs.

60
MCQmedium

A company deploys an AI resume screening tool. It learns from historical hiring data where most successful hires were male, leading the model to favour male candidates. Which type of bias is this primarily?

A.Historical bias
B.Confirmation bias
C.Algorithmic bias
D.Selection bias
AnswerA

Historical bias is baked into training data that reflects past discriminatory practices, such as gender imbalances in hiring data.

Why this answer

The model learned from historical hiring data that already contained a gender imbalance, where most successful hires were male. This is a classic case of historical bias, where the training data reflects past societal or organizational biases, and the AI system perpetuates those biases in its predictions. The bias originates in the data, not in the model's algorithm or the sampling method.

Exam trap

Cisco often tests the distinction between historical bias and algorithmic bias, where candidates mistakenly attribute the problem to the algorithm itself rather than recognizing that the bias was already present in the training data.

How to eliminate wrong answers

Option B (Confirmation bias) is wrong because confirmation bias is a human cognitive bias where people favor information that confirms their preexisting beliefs, not a data-driven bias in an AI model. Option C (Algorithmic bias) is wrong because algorithmic bias refers to bias introduced by the model's design, optimization function, or feature weighting, whereas here the bias stems from the training data itself. Option D (Selection bias) is wrong because selection bias occurs when the training data is not representative of the target population due to non-random sampling, but the problem states the model learned from historical hiring data that accurately reflected past decisions—the bias is in the outcomes, not the sampling process.

61
Multi-Selectmedium

A hospital uses an AI system to prioritize patient treatment. They want to ensure fairness across demographic groups. Which TWO fairness metrics should they apply to evaluate the model?

Select 2 answers
A.Individual fairness
B.Equalized odds
C.Demographic parity
D.Accuracy parity
E.Calibration
AnswersB, C

Ensures equal true positive and false positive rates across groups, important for fair triage.

Why this answer

Demographic parity requires equal selection rates across groups, and equalized odds ensures equal true positive and false positive rates, both relevant for medical triage.

62
Multi-Selectmedium

An organisation is developing an AI system that will be used to evaluate teacher performance in public schools. To ensure responsible use, which TWO governance elements should be in place?

Select 2 answers
A.Implement human-on-the-loop oversight where humans only monitor outputs
B.Develop a responsible use policy for the AI system
C.Publish the entire training dataset publicly for transparency
D.Require the system to be built only with open-source models
E.Conduct a vendor AI assessment if the system is procured from a third party
AnswersB, E

A responsible use policy defines acceptable and unacceptable uses, ensuring ethical deployment.

Why this answer

Responsible use policies and vendor AI assessment are key governance elements. Using only open-source models is not a governance requirement. Human oversight should be human-in-the-loop, not just monitoring.

Publishing all training data may breach privacy.

63
MCQmedium

A financial institution needs to deploy a credit scoring model that is interpretable to regulators. The model must provide clear reasons for each decision. Which model type should the institution choose?

A.A glass-box model such as logistic regression or a decision tree
B.A gradient-boosted tree ensemble with SHAP explanations
C.A black-box model with a model card describing its behavior
D.A deep neural network with LIME explanations
AnswerA

Glass-box models are transparent by design and provide direct insight into decision logic, satisfying regulatory demands.

Why this answer

Glass-box models like logistic regression or decision trees are inherently interpretable and can provide clear, auditable reasons for each prediction. Black-box models require post-hoc explainability methods, which may not be sufficient for regulatory scrutiny.

64
MCQeasy

A data scientist needs to explain a single prediction from a complex ensemble model to a business stakeholder. Which technique generates local, interpretable explanations by perturbing input features and fitting a simple surrogate model?

A.LIME
B.Model card
C.SHAP
D.Attention visualisation
AnswerA

LIME generates local explanations by perturbing the input, observing changes in predictions, and fitting a simple interpretable model (e.g., linear) around the instance.

Why this answer

LIME (Local Interpretable Model-agnostic Explanations) explains individual predictions by perturbing inputs and learning a linear surrogate. SHAP provides Shapley values, which are also local but game-theoretic. Attention visualisation is for transformer models.

Model cards describe global model behaviour.

65
Multi-Selectmedium

A data governance team is developing an AI policy for a large corporation. Which TWO elements are essential for a responsible AI governance framework?

Select 2 answers
A.GPU cluster monitoring
B.AI ethics board
C.Single-model strategy
D.Automated model retraining pipeline
E.Vendor AI assessment
AnswersB, E

An ethics board provides governance and oversight for AI development and deployment.

Why this answer

An AI ethics board is essential for a responsible AI governance framework because it provides human oversight, ethical review, and accountability for AI decisions. This board ensures that AI initiatives align with corporate values, legal requirements, and ethical principles, such as fairness, transparency, and non-discrimination. Without an ethics board, there is no formal mechanism to challenge biased models or approve high-risk AI use cases.

Exam trap

Cisco often tests the distinction between operational/technical elements (like monitoring or retraining) and governance/ethics elements (like oversight boards and vendor assessments), so candidates mistakenly select technical options thinking they are part of governance.

66
Multi-Selectmedium

A research lab is training a large language model and wants to minimize its environmental impact. Which THREE practices are most effective for reducing the carbon footprint of model training?

Select 3 answers
A.Apply model compression techniques like pruning and quantization
B.Extend the number of training epochs to ensure convergence
C.Train the model on a data center powered by renewable energy
D.Use energy-efficient hardware such as TPUs or low-power GPUs
E.Increase the model size to achieve better accuracy faster
AnswersA, C, D

Compression reduces model size and inference cost, and can also reduce training energy.

Why this answer

Option A is correct because model compression techniques like pruning and quantization directly reduce the computational requirements of training and inference. Pruning removes redundant weights, and quantization reduces the precision of weights (e.g., from 32-bit to 8-bit), which lowers the number of operations and memory bandwidth needed, thereby decreasing energy consumption and carbon emissions.

Exam trap

Cisco often tests the misconception that 'more training' or 'bigger models' are inherently better for performance, but the trap here is that these choices increase energy use and carbon footprint, directly contradicting the goal of minimizing environmental impact.

67
MCQmedium

A healthcare AI startup is developing a diagnostic tool that uses patient data to predict disease risk. To comply with HIPAA and minimize privacy risks while still training accurate models, which privacy-preserving technique should they prioritize?

A.Anonymization
B.Pseudonymization
C.Differential privacy
D.Data minimization
AnswerC

Differential privacy provides a mathematical guarantee against re-identification and is suitable for healthcare AI.

Why this answer

Differential privacy is the correct choice because it provides a formal mathematical guarantee that the output of a model does not reveal whether any individual's data was included in the training set. This is essential for HIPAA compliance as it prevents re-identification attacks even when an adversary has auxiliary information. Unlike anonymization or pseudonymization, differential privacy adds calibrated noise to the training process or query results, ensuring strong privacy protection while preserving model utility.

Exam trap

Cisco often tests the misconception that anonymization or pseudonymization are sufficient for HIPAA compliance in AI contexts, but the trap here is that these techniques do not protect against inference attacks or re-identification in high-dimensional data, whereas differential privacy provides a provable mathematical guarantee.

How to eliminate wrong answers

Option A is wrong because anonymization, while removing direct identifiers, is vulnerable to re-identification attacks through data linkage and does not provide a formal privacy guarantee; it is not sufficient for HIPAA compliance in high-dimensional patient data. Option B is wrong because pseudonymization replaces identifiers with pseudonyms but still allows re-identification if the pseudonym mapping is compromised or through cross-referencing, and it does not prevent inference attacks on the model's outputs. Option D is wrong because data minimization reduces the amount of data collected but does not protect the privacy of the data that is used; it is a complementary practice, not a privacy-preserving technique for training models.

68
MCQmedium

An organisation is deploying an AI system for credit scoring, which is considered high-risk under the EU AI Act. Which requirement is NOT typically mandated for high-risk systems?

A.Ensure training data is relevant and representative
B.Publish the complete source code of the AI system
C.Establish a risk management system
D.Provide human oversight mechanisms
AnswerB

The EU AI Act does not require open-sourcing proprietary code; it requires transparency documentation, not source code publication.

Why this answer

The EU AI Act requires risk management, data governance, transparency, human oversight, accuracy, and robustness for high-risk AI. However, it does not require publishing the full source code; only documentation and model cards may be required.

69
MCQmedium

During an audit of an AI system, the auditor requests documentation on the model's intended use, performance metrics, and limitations. Which tool is designed to provide this information in a standardized format?

A.SHAP values
B.LIME
C.Model card
D.Data card
AnswerC

Model cards are specifically designed to document model characteristics for transparency.

Why this answer

Model cards are standardized documentation sheets that describe a model's intended use, performance, limitations, and other details. SHAP and LIME are explainability tools. Data cards describe datasets.

70
MCQeasy

A company is deploying an AI system that screens job applications. According to the EU AI Act, this system is likely classified as high-risk because it affects employment opportunities. Which requirement must the company implement for high-risk AI systems?

A.A human-in-the-loop mechanism that enables override of the AI's decisions
B.Full transparency by publishing the model's source code and training data
C.Annual third-party audits of the model's energy consumption
D.Obtaining explicit consent from each applicant to process their data
AnswerA

High-risk systems must allow human oversight, including the ability to override or halt automated decisions.

Why this answer

The EU AI Act requires human oversight for high-risk AI systems to allow operators to override or stop the system's decisions when necessary. The other options are not mandated by the Act for high-risk systems.

71
MCQhard

A researcher is developing a generative AI model that creates realistic images. To comply with emerging transparency obligations, the researcher must ensure that AI-generated content can be identified as such. Which technique embeds a digital identifier directly into the content that survives compression and cropping?

A.Model cards
B.Watermarking AI-generated content
C.Deepfake detection software
D.Disclosure statements in metadata
AnswerB

Watermarking embeds a persistent digital signature into the content, enabling provenance tracking even after transformations.

Why this answer

Watermarking embeds a persistent digital identifier directly into the pixel data of an image, using techniques like spread-spectrum or discrete wavelet transform to survive common transformations such as JPEG compression and cropping. This makes it the correct technique for ensuring AI-generated content remains identifiable even after editing or distribution.

Exam trap

Cisco often tests the distinction between passive metadata (which is fragile) and active content-level embedding (which is resilient), leading candidates to mistakenly choose disclosure statements in metadata because they confuse 'digital identifier' with 'metadata field.'

How to eliminate wrong answers

Option A is wrong because model cards are documentation artifacts that describe a model's intended use, performance, and limitations, not a technique for embedding identifiers into content. Option C is wrong because deepfake detection software analyzes content after the fact to identify manipulation, but does not embed a persistent identifier into the content itself. Option D is wrong because disclosure statements in metadata (e.g., EXIF or XMP fields) are easily stripped or altered during compression, cropping, or re-encoding, and do not survive as robustly as a watermark embedded in the pixel data.

72
MCQmedium

A data scientist is using SHAP to explain a complex ensemble model's predictions. A business stakeholder asks why a particular prediction was made. The data scientist wants to show the most influential features for that single prediction. Which SHAP visualisation is most appropriate?

A.A SHAP summary plot showing mean absolute SHAP values across all features
B.A SHAP dependence plot for the top feature
C.A SHAP bar chart of absolute feature importance
D.A SHAP force plot for the individual prediction
AnswerD

Force plots display the contribution of each feature to a single prediction, ideal for local explanations.

Why this answer

A SHAP force plot is specifically designed to visualize the contribution of each feature to a single prediction, showing how features push the prediction from the base value (average model output) to the final prediction. This makes it the ideal choice for explaining an individual prediction to a business stakeholder, as it provides a clear, localized explanation of feature impacts.

Exam trap

Cisco often tests the distinction between global vs. local interpretability, and the trap here is that candidates confuse summary plots (global) or dependence plots (global) with force plots (local), leading them to choose a globally-focused visualization for a single-prediction explanation.

How to eliminate wrong answers

Option A is wrong because a SHAP summary plot shows global feature importance across all predictions (mean absolute SHAP values), not the contribution of features for a single prediction. Option B is wrong because a SHAP dependence plot shows how the value of a single feature affects the model's output across the dataset, not the feature contributions for a specific prediction. Option C is wrong because a SHAP bar chart of absolute feature importance aggregates feature importance globally, ignoring the direction and magnitude of feature contributions for an individual instance.

73
MCQhard

An AI team is developing a model that approves loan applications. The dataset contains historical loan decisions where a protected group was disproportionately denied loans. The team wants to ensure the model does not perpetuate this bias. Which fairness metric should be used during validation to directly measure whether the model's positive prediction rate is equal across groups?

A.Demographic parity
B.Calibration
C.Individual fairness
D.Equalised odds
AnswerA

Demographic parity ensures equal approval rates across groups, directly addressing the historical bias in approval decisions.

Why this answer

Demographic parity requires the probability of a positive prediction (loan approval) to be equal across groups. This directly addresses the concern of perpetuating historical denial rates. Equalised odds measures error rates, not positive prediction rates.

74
MCQmedium

An AI system is being deployed to detect deepfakes in video content. To comply with transparency obligations, what should the company implement?

A.A system to automatically block all deepfake content
B.A visible or invisible watermark on AI-generated videos
C.A process to report deepfake content to law enforcement
D.Encryption of the video files to prevent tampering
AnswerB

Watermarking is a common transparency measure to indicate that content is AI-generated.

Why this answer

Transparency obligations under AI governance frameworks (e.g., EU AI Act) require clear disclosure when content is AI-generated. A visible or invisible watermark directly informs viewers that the video is synthetic, fulfilling this requirement without over-blocking legitimate content. Option B is correct because it provides a verifiable, non-disruptive method of labeling AI-generated media.

Exam trap

Cisco often tests the distinction between transparency (disclosure) and security (blocking, encryption, reporting), leading candidates to confuse a governance obligation with a technical control like blocking or encryption.

How to eliminate wrong answers

Option A is wrong because automatically blocking all deepfake content would violate freedom of expression and could suppress legitimate AI-generated art, satire, or educational material; transparency does not mandate censorship. Option C is wrong because reporting to law enforcement is a reactive, post-hoc measure that does not satisfy the proactive transparency obligation to label content at the point of consumption. Option D is wrong because encryption protects integrity and confidentiality but does not disclose the synthetic origin of the content to viewers, thus failing the transparency requirement.

75
Multi-Selectmedium

A company is developing an AI-driven recruitment tool. To comply with the EU AI Act's high-risk requirements, which TWO of the following are mandatory obligations?

Select 2 answers
A.Publish the model's source code publicly
B.Conduct a data protection impact assessment (DPIA)
C.Disclose to users that they are interacting with an AI system
D.Maintain technical documentation and risk management
E.Ensure human oversight of the AI system
AnswersD, E

Technical documentation and risk management are mandatory for high-risk systems.

Why this answer

High-risk AI systems under the EU AI Act must implement human oversight mechanisms and maintain a technical documentation and risk management system. Transparency disclosure is required, but not necessarily to users in all cases (it depends on context). The other options are not mandatory for all high-risk systems.

Page 1 of 2 · 85 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Aio Ai Governance Ethics questions.