ISACA · AI-Fundamentals
Validates foundational knowledge of artificial intelligence, covering AI concepts, principles, potential uses, essential algorithms and software for AI applications, and AI-associated risks and ethical requirements.
Questions
600
Duration
120 minutes
Passing Score
65%
Difficulty
FoundationalLast Updated
Feb 2026
Prepare for the ISACA AI Fundamentals Certificate with practice questions covering AI concepts, machine learning basics, ethics, governance, risk, controls, and common business applications. The content is designed for learners who need a clear foundation before working with AI assurance or governance topics.
Use each explanation to connect terminology with practical controls and organizational responsibilities. That approach is especially useful for ISACA-style questions, where the best answer often reflects risk awareness, accountability, and responsible use rather than technical novelty.
The ISACA Artificial Intelligence Fundamentals Certificate validates foundational knowledge of artificial intelligence, covering core AI concepts, principles, practical applications, essential algorithms, and the risks and ethical considerations that accompany AI adoption. The credential is designed to help professionals navigate the rapidly evolving AI landscape by building a solid understanding of technologies such as machine learning, neural networks, large language models, computer vision, robotic process automation (RPA), and generative AI. It bridges conceptual understanding with applied knowledge, ensuring candidates can identify AI use cases, understand how AI tools and algorithms function, and align AI practices with governance and regulatory frameworks.
As part of ISACA's expanding AI credentialing ecosystem, the AI Fundamentals Certificate serves as a foundational entry point into more advanced ISACA AI credentials, including the Advanced in AI Audit (AAIA) and the Advanced in AI Security Management (AAISM). The certificate is globally recognized and backed by ISACA's reputation as a trusted authority in IT governance, risk, and security — an organization with over 185,000 members across more than 190 countries.
This certificate is well-suited for students, recent graduates, and early-career professionals who are new to AI and want to establish a verifiable baseline of AI knowledge. It is equally valuable for experienced IT professionals, auditors, risk managers, compliance officers, and business analysts who need to understand AI concepts and their organizational implications without necessarily working in a technical AI role.
Professionals seeking to transition into AI-adjacent roles — such as AI governance, IT audit with an AI focus, or risk and compliance in organizations adopting AI — will find this credential a practical starting point. Teams and organizations looking to upskill staff on AI fundamentals and demonstrate collective AI competency to stakeholders will also benefit from this certificate.
There are no formal prerequisites for the ISACA AI Fundamentals Certificate. Registration is open on a continuous basis with no eligibility restrictions, and candidates can schedule their exam as early as 48 hours after payment of registration fees.
While no prior AI or IT experience is required, candidates will benefit from basic familiarity with IT concepts and business processes. ISACA recommends using its official study guide and the self-guided online course — which includes performance-based labs covering topics such as machine learning models, security implementations of AI, and robotic process automation — to build the foundational knowledge needed to pass the exam.
The exam is a computer-based, remotely proctored, multiple-choice assessment consisting of 60 questions, with a time limit of 120 minutes. It is delivered online through ISACA's remote proctoring platform and can be scheduled at any time, providing candidates with scheduling flexibility. No in-person testing center is required.
The passing score is 65% (39 out of 60 questions correct). The exam registration fee is US $120 for ISACA members and US $144 for non-members. Eligibility established at registration is valid for twelve months, and candidates may schedule their testing appointment up to 90 days in advance.
The ISACA AI Fundamentals Certificate positions holders as credibly literate in AI at a time when organizations across every sector are integrating AI into operations, governance, and risk management. It provides a competitive edge for roles such as IT auditor, risk manager, compliance analyst, AI governance consultant, and business analyst — particularly as organizations seek professionals who can evaluate AI systems, identify associated risks, and ensure responsible AI deployment. The certificate also serves as a stepping stone to advanced ISACA AI credentials such as the AAIA (Advanced in AI Audit) and AAISM (Advanced in AI Security Management).
Certified professionals consistently earn salary premiums over non-certified peers. ISACA's research indicates that certified IT professionals earn an average of 15% more, and certified auditors can command 10–20% higher compensation than non-certified counterparts according to industry salary guides. ISACA's broader credentialing community of 185,000+ professionals spans more than 190 countries, providing global recognition and networking value for this foundational AI credential.
5 sample questions with answers and explanations. Start a practice session to test yourself across all 600 questions.
Preview — answers shown1. An AI governance committee is implementing the NIST AI Risk Management Framework across their organization. The committee establishes accountability structures, organizational culture, and policies before beginning technical risk assessments. Which core function of the NIST AI RMF is the committee currently executing? (Select one!)
Explanation
GOVERN is the correct function because it establishes accountability, organizational culture, policies, and structures for AI risk management before technical assessments begin. This function creates the foundational governance framework for all other activities. MAP focuses on context-setting and identifying specific risks and benefits of AI systems. MEASURE assesses and tracks identified risks using quantitative and qualitative methods. MANAGE allocates resources and implements specific risk treatment actions after risks are mapped and measured.
2. A social media company is developing an AI-powered content moderation system using a Convolutional Neural Network. The network processes images to detect prohibited content. Which architectural component is specifically designed to achieve translation invariance in CNNs? (Select one!)
Explanation
Pooling layers achieve translation invariance by downsampling feature maps, allowing the network to detect features regardless of their position in the image. Max pooling takes the maximum value in each region, making the network robust to small translations. Fully connected layers combine features but do not provide translation invariance. Activation functions introduce non-linearity but are not specifically for translation invariance. Dropout is a regularization technique that prevents overfitting, not a mechanism for spatial invariance.
3. A legal technology company develops an AI system to analyze contracts and extract key terms, obligations, and potential risks. The system must process various document formats, understand legal terminology, identify named entities such as parties and dates, classify clause types, and extract relationships between contractual obligations. Which three AI technologies would be most essential for implementing this system? (Select three!)
Multiple correct answersExplanation
Natural Language Processing provides the fundamental capability for understanding legal text, processing terminology, and analyzing linguistic structure. Named Entity Recognition identifies and classifies specific entities such as parties, dates, monetary amounts, and jurisdictions within legal documents. Text Classification categorizes different clause types such as confidentiality, liability, and termination provisions, enabling structured analysis. Convolutional Neural Networks are designed for spatial data like images and are not appropriate for sequential text analysis. Reinforcement Learning is for learning through trial and error with reward signals, not for analyzing existing contracts. Generative Adversarial Networks create synthetic data and are not needed for analyzing and extracting information from real contracts.
4. A healthcare AI system provides patient diagnosis recommendations to physicians, but a medical malpractice lawsuit arises after an incorrect diagnosis. The hospital's AI governance framework must address responsibility assignment. Which ethical principle is most directly concerned with establishing clear responsibility for AI system outcomes? (Select one!)
Explanation
Accountability is the ethical principle that establishes clear assignment of responsibility for AI system design, deployment, and outcomes. It ensures identifiable individuals or organizations are answerable for AI decisions, particularly when harm occurs. This includes physicians who use AI recommendations, developers who created the system, and healthcare organizations that deployed it. Transparency focuses on explainability and disclosure of AI use. Fairness addresses bias and discrimination. Privacy protects data confidentiality. While all principles are important, accountability specifically addresses responsibility assignment when outcomes go wrong.
5. A natural language processing system is preprocessing text data and needs to convert words to their base dictionary form. The system must ensure that "running" becomes "run" and "better" becomes "good" using morphological analysis. Which preprocessing technique should be used? (Select one!)
Explanation
Lemmatization is correct because it uses dictionary lookup and morphological analysis to convert words to their valid dictionary base forms, producing "good" from "better" through linguistic knowledge. Stemming uses rule-based suffix removal and produces stems that may not be valid words, and cannot handle irregular forms like better to good. Tokenization splits text into tokens but does not perform word normalization. Stop word removal eliminates common words but does not transform remaining words to base forms.
Certified Information Security Manager (CISM)
CISM · 1196 questions
Certified Information Systems Auditor (CISA)
CISA · 895 questions
Certified in Risk and Information Systems Control (CRISC)
CRISC · 761 questions
Certified Data Privacy Solutions Engineer (CDPSE)
CDPSE · 749 questions
IoT Fundamentals Certificate
IoT-Fund · 630 questions
IT Audit Fundamentals Certificate
IT-Audit-Fund · 627 questions
$17.99
One-time access to this exam