NCA-GENL domain - 10% of the exam

Trustworthy AI

Trustworthy AI is 10% of the NVIDIA-Certified Associate: Generative AI LLMs (NCA-GENL) exam. These are the objectives it covers, each with practice questions and worked explanations.

Objectives in this domain

Sample question from this domain

Free sampleTrustworthy AImedium

A financial services company is deploying a customer-facing chatbot powered by a large language model. The team wants to prevent the model from producing responses that contain account numbers, credit card details, or regulatory advice that could expose the company to liability. Which architectural approach most directly addresses both data-leakage and liability risks at the output stage?

  • AApply a retrieval-augmented generation pipeline so the model draws only from pre-approved documents, removing any need for output scanning.
  • BFine-tune the base model on a corpus of compliant responses so it learns to avoid sensitive outputs, replacing the need for runtime guardrails.
  • CEnforce strict input validation on the user's query to block prompts that mention account numbers or financial terms before they reach the model.
  • DAdd a dedicated output-validation layer that applies regex and classifier-based checks to detect and redact PII patterns and flag regulated-content categories before the response reaches the user. Correct
Understand that output-validation layers are the appropriate mechanism for enforcing PII and content-policy rules after LLM generation. Generative models are probabilistic and cannot guarantee policy compliance through training or input filtering alone. An output-validation layer intercepts each response before delivery, applying deterministic checks (regex for structured PII) and statistical classifiers (for semantic policy categories such as regulated financial advice). This provides a hard enforcement boundary independent of model behaviour, which is the foundational pattern in NeMo Guardrails-style safety architectures.

Why A is wrong: RAG limits the knowledge base used during generation, which reduces hallucination risk, but it does not guarantee that the model will never produce sensitive content or regulatory advice. A model can still compose harmful output from retrieved context, so RAG alone is insufficient for output-stage enforcement.

Why B is wrong: Fine-tuning on compliant examples can shift the model's distribution toward safer outputs, but it offers probabilistic rather than deterministic protection. Novel inputs can still elicit non-compliant responses, and fine-tuning alone cannot satisfy a hard policy requirement like blocking PII.

Why C is wrong: Input validation filters what enters the model, which is a useful safety layer, but it does not address output risk. The model can produce sensitive content from benign-looking prompts through indirect reasoning or retrieved context, so input-only controls leave the output stage unprotected.

Why D is correct: An output-validation layer is the correct mechanism for catching harmful content after generation and before delivery. Regex detects structured PII such as card numbers; classifiers handle semantic categories like financial advice. Together they enforce policies regardless of what the model produces.

Other domains in this exam

See also the NCA-GENL cert hub, the study guide, and the cheat sheet.

Examworthy is not affiliated with or endorsed by NVIDIA. Original, blueprint-aligned practice material only.