Free Practice Questions for IAPP AIGP Exam

The IEEE 7000-2021 Standard focuses on a value-based engineering methodology foraddressing ethicalconcerns during system design. This standard guides engineers and organizations in integrating ethical considerations into the design and development processes of AI systems, ensuring that these technologies are developed responsibly and align with human values. Reference: AIGP Study Material, section on risk management frameworks and standards.

The correct answeris Engagementof a cross-functional team. Effective AI governance requires collaboration among various organizational functions including legal, compliance, IT, ethics, and data science.

From the AIGP Body of Knowledge:

“AI governance cannot be siloed—it requires input and oversight from across departments... A cross-functional team ensures that ethical, technical, legal, and operational risks are all appropriately managed.”

Also confirmed in the ILT Participant Guide:

“Cross-functional teams allow organizations to bring in different perspectives... Legal, compliance, and technical experts must work together to ensure responsible AI outcomes.”

===========

The EU AI Act categorizes certain applications of AI as high-risk due to their potential impact on fundamental rights and safety. High-risk applications include those used in critical areas such as employment, education, and essential public services. A government-run social scoring tool, which assesses individuals based on their social behavior or perceived trustworthiness, falls under this category because of its profound implications for privacy, fairness, and individual rights. This contrasts with other AI applications like resume scanning tools or customer service chatbots, which are generally not classified as high-risk under the EU AI Act.

The correct answer isA. While educating technical staff is important, expectingall technical employees to be retooled as AI developersis unrealistic and not aligned with scalable governance practices.

From the AIGP ILT Guide:

"Training approaches should berole-specificand align with the individual's function and responsibilities... Organizations typically do not expect every technical role to participate in model development."

The AI Governance in Practice Report2025supports tailored approaches:

“Cross-functional training should be specific to the individual's role and exposure to AI risk... Role-based education supports scalability and comprehension.”

Thus,broad development training for all technical employeesis the least practical and least likely approach.

===========

The correct answer isB – Procedural. TheOECD Framework for Classifying AI Systemscategorizescodes of conduct and collective agreementsasprocedural toolsbecause they guide internal governance and decision-making processes.

From the AIGP ILT Participant Guide – Global Governance Models:

“Procedural tools include internal codes of conduct, collective agreements, and procedural audits that guide governance without necessarily involving technical measurement.”

AI Governance in Practice Report2025elaborates:

“These procedural tools support internal accountability mechanisms and ethics compliance frameworks… they are part of soft governance.”

These toolsdo not measure or analyze technical performance, hence they arenot technical or analytic.

===========

The NIST AI Risk Management Framework outlines several characteristics of trustworthy AI, including being secure and resilient, explainable and interpretable, and accountable and transparent. While being tested and effective is important, it is not explicitly listed as a characteristic of trustworthy AI in the NIST framework. The focus is more on the system's ability to function safely, securely, and transparently in a way that stakeholders can understand and trust. Reference: AIGP Body of Knowledge, NIST AI RMF section.

The correct answeris.CThis action ties directly into principlesof dataminimization, purpose limitation,and lawfulnessof processing, which are central to privacy and AI governance.

From the AIGP Body of Knowledge, Section on Privacy Considerations:

“Personal data must only be processed for specified and lawful purposes. Organizations must consider whether they have a legal basis for processing such data under data protection laws like the GDPR or CCPA.”

Additionally, AI Governance in Practice Report2025emphasizes:

“One of the most significant challenges when designing and developing AI systems is ensuring the data used is appropriate for the intended purpose… Managing unnecessary data, especially data that may contain sensitive attributes, can increase risk.”

===========

The correct answer isC. ISO/IEC 22989 and 42001 focus onterminology, risk, and management systems, butdo not specifically address procurement-related concerns with third-party vendors.

From the AIGP Body of Knowledge – Standards Section:

“ISO/IEC 22989 defines terminology and foundational concepts. ISO/IEC 42001 provides a management system standard for AI. They are not procurement-focused documents.”

Also confirmed in the AI Governance in Practice Report2025:

“These standards help establish common language and risk governance procedures. Procurement governance typically falls under separate frameworks or sector-specific guidance.”

Thus,procurement governance (Option C)is not a central use case for these standards.

===========

The correct answer isD. Transparency obligations under data protection laws, such as GDPR and most AI governance frameworks, require thatusers whose data is being processedbe directly informed.

From the AIGP ILT Guide (Privacy Module):

“The user privacy notice must be updated to explain the nature of automated processing, the logic involved, and the significance and consequences for the data subject.”

Also, per AI Governance in Practice Report2025(Part III):

“Transparency obligations apply throughout the lifecycle of AI… Individuals must be informed about automated decision-making and profiling that may impact them.”

Unlike internal policies or general privacy notices,the user privacy noticeprovides direct transparency to theindividual data subjectsaffected by AI processing.

===========