100+ Free ISO 42001 Foundation Practice Questions

Pass your PECB ISO/IEC 42001 Foundation (AI Management System) exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately

Not published Pass Rate

100+ Questions

100% Free

1 / 100

Question 1

Score: 0/0

In ISO/IEC 42001, Annex B provides guidance on AI impact categories. Which of the following is an example of an AI system impact category addressed in Annex B?

Effects on individuals, society, environment, and human rights resulting from AI system deployment

Total cost of AI infrastructure over a 5-year period

Time required to achieve ISO 42001 certification

Number of model parameters and computational requirements

to track

Same family resources

Explore More PECB Certifications

Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.

2026 Statistics

Key Facts: ISO 42001 Foundation Exam

70%

Passing Score

PECB

~40

Exam Questions

60 minutes

Annex A Controls

ISO/IEC 42001:2023

Annex A Control Objectives

ISO/IEC 42001:2023

Dec 2023

Standard Published

ISO/IEC JTC 1/SC 42

3 years

Certification Validity

PECB

PECB ISO/IEC 42001 Foundation is a 60-minute closed-book exam with approximately 40 multiple-choice questions, requiring 70% to pass. Published in December 2023, ISO/IEC 42001 is the world's first international management system standard for AI governance. The Foundation exam covers two competency domains: (1) fundamental AIMS principles and concepts including AI system definitions, transparency, accountability, fairness, human oversight, and explicability; and (2) ISO/IEC 42001 requirements — Clauses 4-10 using the Harmonized Structure, Annex A's 38 controls across 9 objectives (AI policy, internal organization, resources, AI lifecycle, data, system information, AI use, and third-party relationships), the Statement of Applicability, and the PDCA continual improvement cycle. No prerequisites — ideal for IT, governance, compliance, and AI professionals beginning their AI governance journey.

Sample ISO 42001 Foundation Practice Questions

Try these sample questions to test your ISO 42001 Foundation exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1What is the primary purpose of ISO/IEC 42001:2023?

A.To specify requirements for establishing, implementing, maintaining, and continually improving an AI management system (AIMS)

B.To provide technical specifications for machine learning model architecture

C.To define international standards for robotics hardware safety

D.To regulate the export of artificial intelligence software products

Explanation: ISO/IEC 42001:2023 specifies requirements for organizations to establish, implement, maintain, and continually improve an Artificial Intelligence Management System (AIMS). It provides a structured framework for responsible AI development and deployment, similar to how ISO 27001 does for information security.

2Which term describes the overarching system an organization establishes to govern its AI activities under ISO/IEC 42001?

A.Artificial Intelligence Management System (AIMS)

B.Machine Learning Operations Platform (MLOps)

C.Data Ethics Committee (DEC)

D.AI Governance Framework (AGF)

Explanation: ISO/IEC 42001 uses the term Artificial Intelligence Management System (AIMS) to describe the holistic management framework. An AIMS encompasses policies, objectives, processes, procedures, and resources needed to manage AI risks and opportunities across the organization.

3ISO/IEC 42001 follows the same high-level structure as many other ISO management system standards. What is this common framework called?

A.Harmonized Structure (formerly Annex SL)

B.ISO Common Framework (ICF)

C.Management System Integration Template (MSIT)

D.PDCA Cycle

Explanation: ISO/IEC 42001 uses the Harmonized Structure (previously called Annex SL), which is the common framework shared by ISO 9001, ISO 14001, ISO 27001, and other management system standards. This structure ensures consistent clauses 4-10 across all standards, making integration easier.

4In ISO/IEC 42001, Clause 4 requires an organization to determine the context of its AI activities. Which of the following is NOT a component of Clause 4?

A.Understanding the organization and its context

B.Understanding the needs and expectations of interested parties

C.Conducting an AI system impact assessment

D.Determining the scope of the AIMS

Explanation: Conducting an AI system impact assessment is addressed under Clause 6 (Planning), specifically in the context of risk and impact management. Clause 4 covers understanding the organization and its context, identifying interested parties and their needs, and defining the AIMS scope.

5Under ISO/IEC 42001 Clause 5, which of the following is a specific obligation of top management with respect to the AIMS?

A.Establishing the AI policy and ensuring it aligns with the organization's strategic direction

B.Approving every individual AI model before deployment

C.Maintaining the Statement of Applicability

D.Personally conducting all AI risk assessments

Explanation: Clause 5 (Leadership) requires top management to establish an AI policy that is appropriate to the organization's purpose, aligns with its strategic direction, and provides a framework for setting AI objectives. Top management must demonstrate commitment but delegates operational tasks.

6What does the AI policy required by ISO/IEC 42001 Clause 5 specifically address that differentiates it from a general IT policy?

A.The organization's commitments regarding responsible AI development, use, and governance

B.Employee personal data handling procedures in HR systems

C.Software development lifecycle milestones for all applications

D.Network security patch schedules and firewall configurations

Explanation: The AI policy under Clause 5 of ISO/IEC 42001 must specifically articulate the organization's commitments to responsible AI — covering transparency, accountability, human oversight, fairness, and ethical use. It is AI-specific and frames the entire AIMS objective structure.

7ISO/IEC 42001 Clause 6 requires organizations to determine risks and opportunities. Which concept is UNIQUE to ISO 42001 compared to other ISO management system standards?

A.Conducting an AI system impact assessment

B.Planning actions to address identified risks

C.Documenting risk treatment decisions

D.Defining measurable objectives

Explanation: The AI system impact assessment is a concept unique to ISO/IEC 42001. It requires organizations to assess the broader societal, ethical, and organizational impacts of their AI systems — including bias, transparency, safety, and human rights considerations — beyond standard IT risk assessment.

8An AI system impact assessment (ASIA) under ISO/IEC 42001 is primarily designed to identify which type of potential harms?

A.Financial losses from server downtime and hardware failure

B.Legal liability from intellectual property copyright infringement only

C.Broader societal, ethical, and human rights impacts of deploying the AI system

D.Technical vulnerabilities in the organization's cloud infrastructure

Explanation: The AI system impact assessment in ISO/IEC 42001 is designed to evaluate broader impacts: bias and discrimination, loss of human oversight, privacy impacts, safety risks, environmental impacts, and effects on society. It goes well beyond technical IT risk to include ethical and human rights dimensions.

9Clause 7 of ISO/IEC 42001 addresses Support. Which of the following best describes what 'competence' means in this context?

A.The ability of persons working under the organization's control to perform AI-related tasks effectively

B.The computational performance of the organization's GPU infrastructure

C.Legal authorization granted by regulators to operate AI systems

D.The AI system's accuracy metrics on benchmark datasets

Explanation: In ISO/IEC 42001 Clause 7, competence refers to the knowledge, skills, and experience required by persons working for the organization who affect AIMS performance. Organizations must determine what competence is needed, ensure people have it, and retain documented evidence of this competence.

10Under ISO/IEC 42001 Clause 7, which documented information is specifically required regarding communication?

A.The organization must determine what, when, with whom, and how to communicate about the AIMS

B.Full technical documentation of all AI model training datasets

C.A public disclosure report published annually to shareholders

D.A customer-facing marketing plan for AI products

Explanation: Clause 7.4 of ISO/IEC 42001 requires the organization to determine what to communicate, when to communicate, with whom (internal and external stakeholders), and how to communicate about the AIMS. This ensures accountability and transparency without mandating a specific communication format.

About the ISO 42001 Foundation Exam

The PECB ISO/IEC 42001 Foundation certification validates fundamental knowledge of artificial intelligence management systems and the ISO/IEC 42001:2023 standard. It is the entry-level credential in the PECB ISO 42001 certification path, covering the AIMS framework, Clauses 4-10, Annex A controls (9 objectives, 38 controls), AI risk and impact assessment, responsible AI principles, and AI governance roles.

Questions

40 scored questions

Time Limit

60 minutes

Passing Score

70%

Exam Fee

Included with PECB training bundle (approx. $399 USD standalone) (PECB)

ISO 42001 Foundation Exam Content Outline

~45%

Fundamental Principles and Concepts of an AIMS

AI system definitions (ISO/IEC 22989); AIMS purpose and structure; PDCA cycle; responsible AI principles: transparency, accountability, fairness, human oversight, explicability, robustness; AI risk and impact categories; ISO/IEC 42001 relationships to ISO 27001, ISO/IEC 22989, ISO/IEC 23894, and the EU AI Act

~55%

ISO/IEC 42001 AIMS Requirements

Clauses 4-10: context and interested parties; leadership and AI policy; planning (AI objectives, risk assessment, AI system impact assessment); support (competence, awareness, communication, documented information); operation (operational controls, change management); performance evaluation (monitoring, internal audit programme, management review); improvement (nonconformity, corrective action, continual improvement). Annex A: 9 control objectives (A.2 AI policy through A.10), 38 individual controls, Statement of Applicability (SoA), control selection and justification

How to Pass the ISO 42001 Foundation Exam

What You Need to Know

Passing score: 70%
Exam length: 40 questions
Time limit: 60 minutes
Exam fee: Included with PECB training bundle (approx. $399 USD standalone)

Keys to Passing

Complete 500+ practice questions
Score 80%+ consistently before scheduling
Focus on highest-weighted sections
Use our AI tutor for tough concepts

ISO 42001 Foundation Study Tips from Top Performers

1Memorize the 9 Annex A control objectives and what each covers — exam questions frequently reference specific control objectives (e.g., A.6 = data, A.8 = use of AI, A.9 = third parties)

2Know the count: Annex A has 9 control objectives and 38 individual controls — this is commonly tested and contrasts with ISO 27001's 93 controls

3Master the Clauses 4-10 names and what each requires: Context (4), Leadership (5), Planning (6), Support (7), Operation (8), Performance Evaluation (9), Improvement (10)

4Understand the difference between ISO/IEC 42001 (requirements, certifiable management system) and ISO/IEC 22989 (AI vocabulary), ISO/IEC 23894 (AI risk guidance), and ISO/IEC 24028 (AI trustworthiness) — distractor questions mix these

5Know the Statement of Applicability: it lists which Annex A controls apply and justifies inclusions AND exclusions — exclusions must be risk-justified

6Practice scenario questions about AI-specific risks: bias from training data (A.6), lack of human oversight (A.8), third-party AI supply chain (A.9) — these distinguish ISO 42001 from general IT risk frameworks

Frequently Asked Questions

What is the PECB ISO/IEC 42001 Foundation exam?

The PECB ISO/IEC 42001 Foundation exam is a 60-minute closed-book multiple-choice assessment with approximately 40 questions, requiring 70% to pass. It validates fundamental knowledge of AI Management Systems (AIMS) and the ISO/IEC 42001:2023 standard. It is the entry-level credential in the PECB ISO 42001 certification path, delivered online via PECB's Knowledge Certification Platform (KCP).

What is ISO/IEC 42001 and why does it matter?

ISO/IEC 42001:2023 is the world's first international management system standard specifically for artificial intelligence. Published in December 2023 by ISO/IEC JTC 1/SC 42, it provides organizations with a structured framework for establishing, implementing, maintaining, and continually improving an AI Management System (AIMS). It addresses AI-specific risks including bias, lack of transparency, loss of human oversight, and societal impacts — concerns not covered by general IT standards like ISO 27001.

What are the Annex A controls in ISO/IEC 42001?

ISO/IEC 42001 Annex A contains 38 individual controls organized across 9 control objectives: A.2 (AI policy), A.3 (internal organization), A.4 (resources for AI systems), A.5 (AI system lifecycle), A.6 (data for AI systems), A.7 (system information for AI systems), A.8 (use of AI systems), A.9 (relationships with third parties), and A.10. Organizations select applicable controls based on their risk assessment and document their decisions in a Statement of Applicability (SoA).

What is an AI system impact assessment in ISO/IEC 42001?

An AI system impact assessment (ASIA) is a structured process required by ISO/IEC 42001 Clause 6 to evaluate the broader societal, ethical, and organizational impacts of deploying an AI system. Unlike standard IT risk assessments, the ASIA specifically evaluates potential harms to individuals (privacy, autonomy, discrimination), society (public safety, fairness), and the environment (energy consumption). The results determine which Annex A controls must be implemented.

How does ISO/IEC 42001 differ from the EU AI Act?

ISO/IEC 42001 is a voluntary international management system standard that organizations choose to implement for AI governance purposes. The EU AI Act is mandatory regulation — legally binding for AI systems placed on the EU market. Organizations may use ISO 42001 AIMS implementation to demonstrate alignment with EU AI Act requirements, but the two instruments have different legal force. ISO 42001 is global and voluntary; the EU AI Act is EU-mandatory regulation.

What career paths follow ISO/IEC 42001 Foundation?

After Foundation, candidates typically pursue PECB ISO/IEC 42001 Lead Implementer (for those designing and managing AIMS implementations) or Lead Auditor (for those conducting AIMS audits). Many also complement ISO 42001 Foundation with ISO/IEC 27001 Foundation for integrated AI and information security governance. Relevant roles include AI Governance Analyst, Responsible AI Manager, Compliance Officer (AI), and AI Risk Manager.

100+ Free ISO 42001 Foundation Practice Questions

Explore More PECB Certifications

PECB / EXIN ISO/IEC 20000 Foundation

PECB Certified Data Protection Officer (GDPR CDPO)

PECB Certified DORA Lead Manager

PECB Certified ISO/IEC 27001 Foundation

PECB Certified ISO/IEC 27032 Lead Cybersecurity Manager

PECB Certified ISO/IEC 27701 Lead Auditor (PIMS)