AIGP IAPP Artificial Intelligence Governance Professional Free Practice Exam Questions (2026 Updated)

According to the Canadian Artificial Intelligence and Data Act, high-impact AI systems must notify the Minister of Innovation, Science and Industry upon initial deployment. This requirement ensures that the authorities are aware of the deployment of significant AI systems and can monitor their impacts and compliance with regulatory standards from the outset. This initial notification is crucial for maintaining oversight and ensuring the responsible use of AI technologies. Reference: AIGP Body of Knowledge, domain on AI laws and standards.

Importers of high-risk AI systems into the EU havespecific responsibilitiesunder the EU AI Act. They arenotthe parties responsible for affixing the CE marking or providing technical documentation—but they must verify that these have been done by the provider.

From theAI Governance in Practice Report2025:

“Importers must verify that the appropriate conformity assessment has been carried out, the technical documentation is available, and the CE marking has been affixed.” (p. 34–35)

Thus:

A. Provide technical documentation– done by theprovider.

B. Affix the CE marking–provider'sresponsibility.

C. Verify the Declaration of Conformity–importer obligation.

D. Conduct a DPIA– relevant under data protection laws,not requiredunder the EU AI Act forimporters.

The AI risk that would not have been identified during the procurement process based on the categories of information requested by the third-party consultant is security. The consultant focused on accuracy rates, diversity of training data, and system functionality, which pertain to performance and fairness but do not directly address the security aspects of the AI system. Security risks involve ensuring that the system is protected against unauthorized access, data breaches, and other vulnerabilities that could compromise its integrity. Reference: AIGP Body of Knowledge on AI Security and Risk Management.

Risk impact estimation occurs in the design phase of the AI life cycle. This step involves evaluatingpotential risks associated with the AI system and estimating their impacts to ensure that appropriate mitigation strategies are in place. It helps in identifying and addressing potential issues early in the design process, ensuring the development of a robust and reliable AI system. Reference: AIGP Body of Knowledge on AI Design and Risk Management.

Testing results need to bedocumented thoroughlyto ensuretraceability, accountability, and compliance. This is central to enabling audits, investigations, or regulatory inquiries into the system’s development and performance.

From theAI Governance in Practice Report2025:

“Documentation and recordkeeping are essential components… to demonstrate AI system compliance, trace system behavior, and support audits and conformity assessments.” (p. 34–35)

“Maintaining audit trails across development and deployment enables transparency and accountability.” (p. 12)

AandBare benefits, but not theprimary governance justification.

D– Limiting future testing is not a recommended goal.

The core ethical concern when deploying diagnostic AI in a healthcare setting is ensuringfairness and accuracy across diverse patient populations. If the AI is trained on a dataset that isnot representativeof the population it will serve, it risks reinforcing health disparities and leading to misdiagnoses.

From theAI Governance in Practice Report2025:

“Training datasets lacking in diversity can produce outputs that systematically underperform for certain groups… this can lead to inaccurate or biased outcomes in healthcare settings.” (p. 41)

“Bias, discrimination and fairness challenge… inadequate or nonrepresentative training data can result in AI systems that propagate historical disparities.” (p. 42)

While physician oversight may reduce risk,biased data can still shape clinical decision-making.

A– Economic benefit is not central to ethical risk here.

C– Important but less critical than data representativeness.

D– Error rate matters but is addressed via validation; it’s not the core ethical issue.

Theprimary considerationin selecting any AI system, especially aproprietary model, is itsfit for business purpose. Whether it serves the intended goals is foundational before evaluating technical or governance features.

From theAI Governance in Practice Report2025:

“AI governance starts with defining the corporate strategy for AI… and aligning systems with business purpose and operational context.” (p. 11)

B, C, Dare relevant for evaluation, but onlyafterconfirming business applicability.

The most comprehensive way to identify a full range of risks — legal, ethical, operational, and societal — for a new AI model is through aformal impact assessment, such as aData Protection Impact Assessment (DPIA)orAlgorithmic Impact Assessment.

From theAI Governance in Practice Report2025:

“Risk-based approaches are often distilled into organizational risk management efforts, which put impact assessments at the heart of deciding whether harm can be reduced.” (p. 29)

“DPIAs… help organizations identify, analyze and minimize data-related risks and demonstrate accountability.” (p. 30)

A. Environmental scanis too general.

B. Red teamingis useful for adversarial risk but not broad.

C. Integration testingfocuses on technical/system compatibility, not overall risk.

Anonymization is a privacy-enhancing technique that involves removing or permanently altering personal data elements to prevent the identification of individuals. In this case, the company obfuscated all personal data elements before training the model, which aligns with the definition of anonymization. This ensures that the data cannot be traced back to individuals, thereby protecting their privacy while still allowing the company to derive value from the dataset. Reference: AIGP Body of Knowledge, privacy-enhancing techniques section.

Ensuring fairness when training an AI system largely depends on the data attributes and variability. This involves having a diverse and representative dataset that accurately reflects the population the AI system will serve. Fairness can be compromised if the data is biased or lacks variability, as the model may learn and perpetuate these biases. Diverse data attributes ensure that the model learns from a wide range of examples, reducing the risk of biased predictions. Reference: AIGP Body of Knowledge on Ethical AI Principles and Data Management.

The best human oversight mechanism for the police department to implement is for a police officer to consider the AI recommendation as part of the criminal investigation. This ensures that the AI system's output is used as a tool to aid human decision-making rather than replace it. The police officer should integrate the AI's insights with other evidence and contextual information to make informed decisions, maintaining a balance between technological aid and human judgment. Reference: AIGP Body of Knowledge on AI Integration and Human Oversight.

The third-party consultant asked each vendor for information about the diversity of their datasets to assist in ensuring the fairness of the AI system. Diverse datasets help prevent biases and ensure that the AI system performs equitably across different demographic groups. This is crucial for a law enforcement application, where fairness and avoiding discriminatory practices are of paramount importance. Ensuring diversity in training data helps in building a more just and unbiased AI system. Reference: AIGP Body of Knowledge on Ethical AI and Fairness.

Third-party risk management for AI systems should beproportional and risk-based, involvinginitial due diligenceandongoing monitoringthat reflects thelevel of risk posedby the third party's AI system.

From theAI Governance in Practice Report2025:

“Third-party due diligence assessments to identify possible external risk and inform selection.” (p. 11)

“Legal due diligence may include verification of the personal data's lawful collection by the data broker, review of contractual obligations…” (p. 19)

Afocuses too narrowly on financial stability.

Cis excessive and not scalable or aligned with best practices.

Dinappropriately separates ethical and technical risks; both must be evaluated holistically.

Deploying a challenger AI model alongside a champion model is a strategy used to compare the performance of different models in a real-world environment. This approach helps in providing a framework to consider alternatives to the champion model, automating real-time monitoring of the champion model, and performing testing on the champion model. However, retraining the champion model is not a reason to deploy a challenger model. Retraining is a separate process that involves updating the champion model with new data or techniques, which is not related to the use of a challenger model.

When designing an integrated compliance strategy for responsible AI, the least likely step would be employing a new software platform to modernize existing compliance processes. While modernizing compliance processes is beneficial, it is not as directly related to the strategic integration of ethical principles and stakeholder concerns. More critical steps include conducting assessments of existing compliance programs to identify overlaps and integration points, consulting experts on ethical principles, and launching surveys to understand stakeholder concerns. These steps ensure that the compliance strategy is comprehensive and aligned with responsible AI principles. Reference: AIGP Body of Knowledge on AI Governance and Compliance Integration.

The NIST AI Risk Management Framework’s Govern function emphasizes the importance of establishing accountability structures that empower and train cross-functional teams. This is crucial because cross-functional teams bring diverse perspectives and expertise, which are essential for effective AI governance and risk management. Training these teams ensures that they are well-equipped to handle their responsibilities and can make informed decisions that align with the organization’s AI principles and ethical standards. Reference: NIST AI Risk Management Framework documentation, Govern function section.

A greedy algorithm is one that makes the best choice at each step to achieve an immediate objective, without considering the longer-term consequences. It focuses on local optimization at each decision point with the hope that these local solutions will lead to an optimal global solution. However, greedy algorithms do not always produce the best overall solution for certain problems, but they are useful when an immediate, locally optimal solution is desired. Reference: AIGP Body of Knowledge, algorithm types section.

The primary concern for a company adopting a policy prohibiting the use of generative AI is the risk of accidental disclosure of confidential and proprietary information. Generative AI tools can inadvertently leak sensitive data during the creation process or through data sharing. This risk outweighs the other reasons listed, as protecting sensitive information is critical to maintaining the company’s competitive edge and legal compliance. This rationale is discussed in the sections on risk management and data privacy in the IAPP AIGP Body of Knowledge.

The failures in semi-autonomous vehicles due to sensors misinterpreting environmental surroundings, such as sunlight, are examples of brittleness. Brittleness in AI systems refers to their inability to handle variations in input data or unexpected conditions, leading to failures when the system encounters situations that were not adequately covered during training. These systems perform well under specific conditions but fail when those conditions change. Reference: AIGP Body of Knowledge on AI System Robustness and Failures.