A company deploys an internal generative AI assistant trained on corporate documents to support developers and analysts. Leadership wants rapid adoption, but legal raises concerns about sensitive data being exposed through prompts and outputs. What is the MOST appropriate control to implement FIRST? A. Log and monitor all AI prompts and responses for misuse B. Classify and restrict training and prompt-accessible data sources C. Add contractual liability clauses for AI misuse to employment agreements D. Conduct periodic audits of AI model accuracy and bias Come back for the answer tomorrow, or study more now!

A global organization adopts a cloud service to accelerate operations, despite unresolved concerns about data residency and regulatory exposure. Senior leadership accepts the business risk to meet market pressure. As the security leader, what is the MOST appropriate next action? A. Document the risk acceptance decision and associated residual risk B. Implement compensating technical controls to reduce exposure C. Transfer the risk through expanded cyber insurance coverage D. Escalate the decision to regulators for formal guidance Study more now!

A global enterprise uses shared network infrastructure to support multiple business units with different regulatory obligations. During an investigation, encrypted internal traffic prevents determining which unit originated a noncompliant data transfer. Network design intentionally avoided segmentation to preserve agility. What is the MOST appropriate architectural control to introduce FIRST? A. Decrypt internal traffic at centralized inspection points B. Implement logical network zoning aligned to business and regulatory boundaries C. Increase application level logging to compensate for network opacity D. Require all business units to use separate encryption keys Come back for the answer tomorrow, or study more now!

A company migrates sensitive business data to a shared analytics environment used by multiple departments. Data accuracy issues emerge, but no single group can authorize correction because ownership is unclear. Leadership wants faster decisions without creating a centralized bottleneck. What is the MOST appropriate governance action to take FIRST? A. Assign a single enterprise data steward for all analytics data B. Define data ownership and decision authority at the dataset level C. Implement stricter change control over analytics transformations D. Increase audit logging for data modifications and access Come back for the answer tomorrow, or study more now!

A company uses red team exercises to validate detection and response capabilities. After several successful simulations, leadership concludes incident readiness is high. An independent review finds that scenarios are reused and defenders have begun anticipating tactics. Management wants realistic assurance without increasing test frequency. What is the MOST appropriate change to make? A. Rotate red team members to reduce defender familiarity B. Introduce threat informed testing with adaptive scenario design C. Increase reliance on automated attack simulation tools D. Separate detection and response teams during exercises Come back for the answer tomorrow, or study more now!