During a confirmed ransomware incident, the IR team identifies that the attacker is still actively exfiltrating data through a compromised service account. The legal team requests that no systems be taken offline to preserve evidence for potential litigation. Operations wants the bleeding stopped immediately. What should the incident commander prioritize FIRST? A. Disable the compromised service account to stop active data exfiltration B. Isolate affected network segments while preserving system state for forensics C. Initiate a full forensic image of all affected systems before any containment action D. Convene an emergency meeting with legal, operations, and security to align on priorities Come back for the answer tomorrow, or study more now!

A remote workforce uses split-tunnel VPN to reduce bandwidth costs. The security team discovers employees are accessing sanctioned SaaS applications directly from home networks, bypassing the corporate proxy and DLP controls. Management values the current performance gains. What is the MOST appropriate recommendation? A. Switch to full-tunnel VPN to route all traffic through corporate controls B. Deploy a cloud-based secure web gateway to enforce policy at the endpoint C. Accept the risk and document the DLP gap as a known exception D. Restrict SaaS access to corporate-managed devices only Come back for the answer tomorrow, or study more now!

Your organization is migrating legacy on-premises applications to a multi-cloud environment. The security team discovers that several applications use hardcoded service account credentials that cannot be easily refactored before the migration deadline. Business leadership refuses to delay the timeline. What is the BEST approach? A. Migrate as planned and prioritize credential refactoring in the next sprint B. Implement secrets management and network segmentation around the vulnerable applications C. Present the risk formally to leadership with compensating control options and timeline impacts D. Reject the migration for applications with hardcoded credentials until remediation is complete Come back for the answer tomorrow, or study more now!

Your organization's AI governance committee discovers that training datasets containing customer financial records have no designated data owner. Three departments contributed data but none accepted classification responsibility. The AI model launch is scheduled in two weeks. What should you do FIRST? A. Assign the AI project manager as interim data owner to meet the launch deadline B. Escalate to senior management to assign data ownership before the model launches C. Classify the combined dataset at the highest contributing department's level D. Proceed with launch and resolve data ownership during the post-deployment review Come back for the answer tomorrow, or study more now!

Your SOC integrates an AI-powered alert triage system that automatically closes low-severity tickets. A post-incident review reveals that a genuine intrusion was repeatedly auto-closed because the AI misclassified lateral movement as routine traffic. What should you address FIRST? A. Retrain the AI model using the missed intrusion as a new labeled training example B. Establish human review requirements for all AI-driven ticket closure decisions C. Reopen and investigate all tickets auto-closed during the intrusion timeframe D. Remove the AI triage system and revert to manual analyst classification Come back for the answer tomorrow, or study more now!