A long-tenured engineer has accumulated access across six business units through internal transfers. A recent audit flagged the account as having excessive privileges, but managers insist the access is "needed for cross-functional projects." What should you do FIRST? A. Disable unused entitlements based on the last 90 days of activity logs B. Initiate a formal access recertification with each respective data owner C. Implement a role-based access control model to replace direct grants D. Escalate to HR to enforce a job description review Come back for the answer tomorrow, or study more now!

A business unit requests permanent retention of all customer transaction records "in case we ever need them." Legal has not issued a hold, and the current retention schedule requires deletion after seven years. As the data owner's advisor, what is the BEST response? A. Honor the request since longer retention reduces legal discovery risk B. Enforce the existing retention schedule and require a formal exception with risk acceptance C. Migrate the records to cold storage to balance cost and accessibility D. Defer to Legal before taking any action on the records Come back for the answer tomorrow, or study more now!

Your organization is migrating critical workloads to a hybrid cloud. The network team proposes extending the existing flat internal VLAN into the cloud VPC to simplify routing and accelerate the cutover. As the security architect, what is the BEST response? A. Approve, provided IPsec tunnels encrypt all inter-site traffic B. Require micro segmentation aligned to a Zero Trust reference architecture C. Mandate east-west IDS sensors before the migration begins D. Defer until a cloud access security broker (CASB) is deployed Come back for the answer tomorrow, or study more now!

Your firm is procuring a third-party LLM to summarize client contracts containing privileged legal data. The vendor's standard agreement permits using customer inputs to improve their model. What should the security architect recommend FIRST? A. Negotiate a contract addendum prohibiting input use for model training B. Conduct a data flow and risk assessment to classify exposure boundaries C. Require the vendor to deploy a tenant-isolated model instance D. Implement DLP controls to redact privileged content before submission Come back for the answer tomorrow, or study more now!

Your company adopts Zero Trust and replaces the legacy VPN with identity-based access for remote workers. Six weeks in, helpdesk tickets spike: users complain that access to internal apps breaks unpredictably throughout the day. What is the MOST likely root cause? A. Insufficient bandwidth at the identity provider B. Continuous authentication is re-evaluating trust signals and revoking sessions C. DNS resolution failures between the client and the policy enforcement point D. Certificate pinning conflicts with the new SSO provider Come back for the answer tomorrow, or study more now!