Your organization wants to integrate a third-party pre-trained ML model into an internal application. The vendor provides the model weights but no documentation on the training data sources. As the security lead, what is the MOST appropriate action BEFORE integration? A. Run the model in an isolated sandbox and monitor its behavior B. Require a software bill of materials covering the model and its provenance C. Scan the model file for embedded malware before deployment D. Limit the model's runtime permissions to read-only data access Come back for the answer tomorrow, or study more now!

During a ransomware incident, the IR team contains affected systems and begins recovery from backups. Mid-recovery, the CFO authorizes paying the ransom to accelerate restoration. As the incident commander, what should you do FIRST? A. Comply with the CFO's directive and coordinate the payment through counsel B. Halt recovery and escalate to the executive crisis team and legal for a documented decision C. Continue recovery from backups and refuse the payment on policy grounds D. Engage law enforcement to evaluate the legality of the ransom payment Come back for the answer tomorrow, or study more now!

A vendor proposes a new SaaS platform that processes regulated customer data. Procurement wants to sign by quarter-end, and the vendor's SOC 2 Type II report is six months old. As the security architect, what is the MOST appropriate next step? A. Accept the SOC 2 report and proceed with contract execution B. Require the vendor to complete your standard security questionnaire C. Perform a risk assessment mapped to your control requirements D. Demand a fresh penetration test before signing Come back for the answer tomorrow, or study more now!

Your company adopts Zero Trust and replaces the legacy VPN with identity-based access for remote workers. Six weeks in, helpdesk tickets spike: users complain that access to internal apps breaks unpredictably throughout the day. What is the MOST likely root cause? A. Insufficient bandwidth at the identity provider B. Continuous authentication is re-evaluating trust signals and revoking sessions C. DNS resolution failures between the client and the policy enforcement point D. Certificate pinning conflicts with the new SSO provider Come back for the answer tomorrow, or study more now!

Your SOC integrates an AI-driven SOAR platform that auto-remediates low-severity alerts. After three months, analysts notice the model's false positive rate has doubled and it is closing legitimate incidents without investigation. What should the SOC manager address FIRST? A. Revert to manual triage until the model is retrained on updated threat data B. Evaluate the model for drift and establish ongoing performance monitoring baselines C. Escalate to the vendor and demand a root cause analysis under the SLA D. Increase analyst headcount to manually review all auto-closed incidents Come back for the answer tomorrow, or study more now!