Chapter 39 Quiz

Test your understanding of AI safety, ethics, and governance. Each question has one best answer unless stated otherwise.

Question 1

Which type of bias occurs when training data does not represent the deployment population?

  • A) Historical bias
  • B) Selection bias
  • C) Measurement bias
  • D) Algorithmic bias
Show Answer **B) Selection bias.** Selection bias occurs when the training data is not representative of the population where the model will be deployed. For example, training a facial recognition system primarily on light-skinned faces leads to poor performance on dark-skinned faces.

Question 2

What does demographic parity require?

  • A) Equal accuracy across groups
  • B) Equal positive prediction rates across groups
  • C) Equal true positive rates across groups
  • D) Equal calibration across groups
Show Answer **B) Equal positive prediction rates across groups.** Demographic parity (or statistical parity) requires that $P(\hat{Y} = 1 | A = 0) = P(\hat{Y} = 1 | A = 1)$: the probability of a positive prediction should be the same regardless of group membership.

Question 3

How does equalized odds differ from equal opportunity?

  • A) Equalized odds requires equal accuracy; equal opportunity requires equal precision
  • B) Equalized odds requires equal TPR and FPR; equal opportunity requires only equal TPR
  • C) They are identical definitions
  • D) Equalized odds is for regression; equal opportunity is for classification
Show Answer **B) Equalized odds requires equal TPR and FPR; equal opportunity requires only equal TPR.** Equalized odds requires both the true positive rate and false positive rate to be equal across groups, while equal opportunity is a relaxation requiring only equal true positive rates.

Question 4

What does the impossibility theorem of Chouldechova (2017) state?

  • A) Perfect fairness is impossible in any ML system
  • B) Calibration, equalized odds, and demographic parity cannot all hold when base rates differ
  • C) No model can be both accurate and fair
  • D) Fairness metrics always conflict with privacy
Show Answer **B) Calibration, equalized odds, and demographic parity cannot all hold when base rates differ.** The impossibility theorem proves a mathematical incompatibility: when different groups have different base rates (prevalence of the positive class), it is impossible to simultaneously satisfy calibration, equalized odds, and demographic parity.

Question 5

In adversarial debiasing, what does the adversary try to predict?

  • A) The model's accuracy
  • B) The protected attribute from the model's predictions
  • C) The correct label
  • D) Whether the input is adversarial
Show Answer **B) The protected attribute from the model's predictions.** The adversary tries to infer the protected attribute (e.g., gender, race) from the model's output. The main predictor is penalized when the adversary succeeds, encouraging predictions that do not reveal group membership.

Question 6

Under the EU AI Act, which risk category does a facial recognition system for law enforcement fall into?

  • A) Minimal risk
  • B) Limited risk
  • C) High risk
  • D) Unacceptable risk (when used for real-time remote biometric identification in public spaces)
Show Answer **D) Unacceptable risk (when used for real-time remote biometric identification in public spaces).** The EU AI Act generally bans real-time remote biometric identification in public spaces, with narrow exceptions for law enforcement in specific circumstances. Other law enforcement uses of facial recognition are classified as high risk.

Question 7

What must high-risk AI systems provide under the EU AI Act?

  • A) Open-source code
  • B) Risk management, technical documentation, transparency, and human oversight
  • C) Only a user manual
  • D) A certificate from a government agency
Show Answer **B) Risk management, technical documentation, transparency, and human oversight.** High-risk systems must implement a comprehensive risk management system, maintain technical documentation, provide transparency to users, enable human oversight, and meet requirements for accuracy, robustness, and cybersecurity.

Question 8

What is $(\epsilon, \delta)$-differential privacy?

  • A) A cryptographic encryption scheme
  • B) A guarantee that the algorithm's output does not depend too much on any single training example
  • C) A method for anonymizing data by removing identifiers
  • D) A technique for adding noise to model predictions
Show Answer **B) A guarantee that the algorithm's output does not depend too much on any single training example.** Differential privacy bounds the change in output distribution when any single individual's data is added or removed: $P[\mathcal{M}(D) \in S] \leq e^\epsilon \cdot P[\mathcal{M}(D') \in S] + \delta$.

Question 9

In DP-SGD, why must per-sample gradients be clipped before adding noise?

  • A) To speed up training
  • B) To bound the sensitivity of the gradient, ensuring a known maximum contribution from any sample
  • C) To prevent gradient explosion
  • D) To improve model accuracy
Show Answer **B) To bound the sensitivity of the gradient, ensuring a known maximum contribution from any sample.** Gradient clipping bounds how much any single training example can influence the aggregate gradient. This bounded sensitivity determines how much noise is needed to achieve the desired privacy level.

Question 10

What is the primary trade-off of differential privacy in machine learning?

  • A) Speed vs. memory
  • B) Privacy vs. accuracy
  • C) Fairness vs. interpretability
  • D) Robustness vs. generalization
Show Answer **B) Privacy vs. accuracy.** The noise added to achieve differential privacy degrades the gradient signal, reducing model accuracy. Stronger privacy guarantees (lower epsilon) require more noise and result in lower accuracy.

Question 11

Which attack can determine whether a specific individual's data was used to train a model?

  • A) Adversarial attack
  • B) Membership inference attack
  • C) Data poisoning attack
  • D) Model extraction attack
Show Answer **B) Membership inference attack.** Membership inference attacks determine whether a specific data point was in the model's training set, typically by exploiting differences in the model's confidence on training vs. non-training data.

Question 12

What is a Model Card?

  • A) A GPU benchmark report
  • B) Standardized documentation of a trained model's performance, limitations, and ethical considerations
  • C) A credit card-sized hardware accelerator
  • D) A visualization of model architecture
Show Answer **B) Standardized documentation of a trained model's performance, limitations, and ethical considerations.** Model Cards (Mitchell et al., 2019) are structured documents that include model details, evaluation results disaggregated by group, ethical considerations, intended use cases, and caveats.

Question 13

Which of the following is NOT a strategy for mitigating bias?

  • A) Resampling underrepresented groups
  • B) Adversarial debiasing
  • C) Threshold adjustment post-processing
  • D) Increasing model complexity
Show Answer **D) Increasing model complexity.** More complex models are not inherently fairer and may even amplify biases by learning subtle proxy features. The other options are established bias mitigation strategies applied at the data, algorithm, and output levels respectively.

Question 14

What is proxy discrimination?

  • A) Using a proxy model to make predictions
  • B) When features correlated with a protected attribute serve as indirect proxies for discrimination
  • C) When a model uses a proxy metric instead of the true objective
  • D) Discrimination by automated proxy servers
Show Answer **B) When features correlated with a protected attribute serve as indirect proxies for discrimination.** Even when protected attributes (race, gender) are excluded from the model, other features like zip code, name, or educational institution may be correlated with protected attributes, enabling indirect discrimination.

Question 15

What is the C2PA standard?

  • A) A programming language for AI safety
  • B) A content provenance framework using cryptographic signatures to trace media origin
  • C) A fairness metric for generative AI
  • D) A privacy protocol for data sharing
Show Answer **B) A content provenance framework using cryptographic signatures to trace media origin.** The Coalition for Content Provenance and Authenticity (C2PA) provides cryptographic content credentials that record the origin, editing history, and AI generation status of media content, helping combat deepfakes.

Question 16

Approximately how many times more compute-intensive was GPT-3 training compared to BERT?

  • A) 2x
  • B) 10x
  • C) 100x
  • D) 400x
Show Answer **D) 400x.** BERT required approximately 9 PF-days of compute, while GPT-3 required approximately 3,640 PF-days, making it roughly 400 times more compute-intensive.

Question 17

What is "carbon-aware computing"?

  • A) Computing that uses carbon-based processors
  • B) Scheduling computation during periods of high renewable energy availability
  • C) Using carbon credits to offset emissions
  • D) Computing on carbon-neutral hardware
Show Answer **B) Scheduling computation during periods of high renewable energy availability.** Carbon-aware computing schedules energy-intensive tasks (like model training) during periods when the electrical grid has a higher proportion of renewable energy, reducing the carbon intensity of the computation.

Question 18

Which argument supports open-sourcing powerful AI models?

  • A) Open models cannot be misused
  • B) Transparency enables more people to find and fix safety problems
  • C) Open models are always safer than closed models
  • D) Open models do not require documentation
Show Answer **B) Transparency enables more people to find and fix safety problems.** The argument for open models includes that broader access allows more researchers to study, audit, and improve the safety of models. However, this must be balanced against the risk of misuse.

Question 19

What is the purpose of red teaming in AI safety?

  • A) To train the model with red team data
  • B) To systematically probe AI systems for failure modes and harmful behaviors
  • C) To improve model accuracy
  • D) To test hardware reliability
Show Answer **B) To systematically probe AI systems for failure modes and harmful behaviors.** Red teaming involves adversarial testing where testers try to elicit harmful, incorrect, or dangerous behaviors from AI systems. This proactive approach identifies problems before deployment.

Question 20

What is a feedback loop in the context of AI bias?

  • A) A model that uses its own output as input
  • B) When biased predictions influence the data that feeds back into the model, amplifying bias
  • C) A technical debugging process
  • D) Recurrent neural network architecture
Show Answer **B) When biased predictions influence the data that feeds back into the model, amplifying bias.** For example, a policing model that predicts high crime in certain neighborhoods leads to more police presence there, resulting in more arrests, which "confirms" the prediction and perpetuates the cycle.

Question 21

What is individual fairness?

  • A) Every individual gets a positive prediction
  • B) Similar individuals should receive similar predictions
  • C) Each individual's data is private
  • D) Predictions are calibrated for each individual
Show Answer **B) Similar individuals should receive similar predictions.** Individual fairness (Dwork et al., 2012) requires that the distance between predictions for two individuals is bounded by a Lipschitz constant times the distance between their features: $d(\hat{y}_i, \hat{y}_j) \leq L \cdot d(x_i, x_j)$.

Question 22

Which approach to bias mitigation modifies the training data before model training?

  • A) Post-processing
  • B) In-processing
  • C) Pre-processing
  • D) Meta-processing
Show Answer **C) Pre-processing.** Pre-processing methods (resampling, reweighting, fair representation learning) modify the training data to reduce bias before the model is trained, as opposed to in-processing (modifying the training algorithm) or post-processing (modifying outputs).

Question 23

What is scalable oversight in AI safety?

  • A) Using larger GPUs for model evaluation
  • B) Developing methods to evaluate and correct AI systems that may exceed human capability at specific tasks
  • C) Scaling up human review teams
  • D) Automated monitoring of deployed models
Show Answer **B) Developing methods to evaluate and correct AI systems that may exceed human capability at specific tasks.** As AI systems become more capable, humans may struggle to evaluate the quality and safety of their outputs directly. Scalable oversight explores techniques like AI debate, recursive reward modeling, and iterated amplification.

Question 24

What does a Datasheet for Datasets document?

  • A) Hardware specifications for data storage
  • B) Motivation, composition, collection process, preprocessing, uses, and limitations of a dataset
  • C) Database schema and query patterns
  • D) Network architecture for data processing
Show Answer **B) Motivation, composition, collection process, preprocessing, uses, and limitations of a dataset.** Datasheets for Datasets (Gebru et al., 2021) are standardized documentation covering why a dataset was created, what it contains, how it was collected, who is represented, and what its known limitations are.

Question 25

What is automation bias?

  • A) Bias introduced by automated feature engineering
  • B) Users over-relying on AI outputs and failing to exercise independent judgment
  • C) Bias in automated testing pipelines
  • D) The tendency of automated systems to favor simpler solutions
Show Answer **B) Users over-relying on AI outputs and failing to exercise independent judgment.** Automation bias occurs when humans trust AI predictions too readily, even when the AI is wrong. This is particularly dangerous in high-stakes settings like healthcare and criminal justice, where human oversight is critical.