AAIA Exam Dumps - ISACA Advanced in AI Audit (AAIA)

The F1 score is the harmonic mean of precision and recall, offering a balanced measure of model accuracy, especially when there is an imbalance in the classes (e.g., more “no-maintenance” than “needs-maintenance” outcomes). According to the AAIA™ Study Guide, the F1 score is used to evaluate how well the model identifies true positives while balancing the risk of false positives and false negatives.

“An F1 score summarizes the model's ability to correctly identify relevant events—in this case, true maintenance needs. A 76% F1 score means the model is relatively balanced and effective at catching maintenance requirements without generating too many false alerts.”

Thus, D is correct. Option A misrepresents recall as predictive accuracy. Option B misinterprets accuracy. Option C has no direct basis in the excerpt.

The AAIA™ Study Guide advises that if an AI model presents a risk that exceeds the organization's predefined risk tolerance—especially in cases of ethical harm or bias—deployment should be delayed until proper safeguards are in place. This approach prevents legal exposure and preserves stakeholder trust.

“When AI risks exceed acceptable thresholds, organizations must suspend implementation until corrective action reduces the risk to within tolerance levels. Proceeding without mitigation violates sound governance principles.”

While improving data (B) may help, it does not address the immediate governance concern. Risk tolerance (D) should not be adjusted to fit flawed systems. Thus, A is the correct course.

If training and testing sets are not separated, the model evaluates itself on the same data it was trained on, creating a false sense of accuracy. The result isoverfitting(option A): the model learns the training data too well and fails to generalize to new data.

AAIA emphasizes that proper data splitting is foundational to machine learning evaluation. Overfitting undermines real-world performance, creates untrustworthy predictions, and hides bias or errors.

Model drift (B) occurs after deployment. Hallucinations (C) relate more to generative models. Underfitting (D) occurs when the model is too simple, not from lack of dataset separation.

Thus, overfitting is the direct and greatest risk when training and testing sets are not segregated.

In the case of a potential data exposure through AI model outputs, the first and most responsible action from an auditing and risk standpoint is to halt further risk propagation. According to the AAIAâ„¢ Study Guide, immediate containment is vital, especially when regulatory and reputational risks are high.

“Upon detection of a data breach risk, AI models should be immediately disabled from public or partner use, and all relevant parties should be notified as part of a responsible disclosure and containment strategy.”

While options A and D are longer-term remediation steps and B is investigative, none of them provide the urgent containment that is best practice in such a breach context.

Clustering, especially in sensitive domains like healthcare, can inadvertently expose confidential patient data if the resulting groups are too specific or reveal underlying health conditions. The AAIAâ„¢ Study Guide warns that clustering can increase privacy risks when small, homogenous groups are formed that effectively re-identify individuals or reveal sensitive traits.

“Clustering results must be carefully reviewed to prevent indirect re-identification or unintended exposure of sensitive traits. Ethical handling of aggregated patient data is essential to protect individual privacy.”

While A and B involve general concerns, and C focuses on performance, D directly addresses the most significant privacy threat: exposure through cluster outputs.

Ensuring that input data is appropriate and relevant (option D) is the most critical factor in preventing hallucinations—where generative models produce fabricated or misleading outputs. The AAIA™ Study Guide notes, “Generative models are highly sensitive to input data; inaccurate, irrelevant, or inappropriate inputs increase the likelihood of nonsensical or incorrect outputs.”

While bias detection, data quality audits, and anonymization are important, ensuring the relevance and suitability of input data is foundational for reliable generative AI performance.

When training data validation is inconsistent, the most severe risk is that the AI model may learn from incorrect, incomplete, biased, or corrupted data. This directly leads to a degradation of system reliability (option C), which manifests as inaccurate predictions, higher error rates, bias, or unstable behavior.

AAIA emphasizes that data validation prior to retraining is one of the most important controls because model behavior is fully dependent on training data integrity. If the quality and correctness of the data cannot be guaranteed, the resulting model outputs become unreliable, which can undermine compliance, operational decisions, and user trust.

Option A is less critical because increased complexity is not the core risk. Option B is important but secondary; documentation issues do not inherently degrade model reliability. Option D is an efficiency issue, not a risk to output integrity.

Therefore, compromised reliability due to poor-quality training data is the most significant risk.

An AI acceptable use policy (AUP) defines how AI tools and technologies should be ethically and responsibly used within an organization. According to the AAIAâ„¢ Study Guide, the primary goal of an AUP is to prevent misuse and promote adherence to ethical, legal, and operational standards.

“An AI acceptable use policy provides governance over how AI tools may be used, especially regarding data handling, fairness, and prohibited uses. It aligns employee actions with organizational values and compliance requirements.”

Monitoring procedures (B), training (C), and taxonomy explanations (D) may be included in broader AI documentation, but the AUP’s core purpose is ethical usage governance.