An organization allows multiple business units to deploy their own AI agents using shared enterprise data lakes. Each unit claims ownership of its AI outputs, while data sources remain centrally managed. A dispute arises after an AI-generated report exposes sensitive correlations between departments. What is the MOST appropriate action to take FIRST? A. Reclassify the AI-generated outputs under the highest data sensitivity level B. Clarify and formally assign data ownership and stewardship for AI-derived assets C. Segregate AI workloads by business unit to prevent cross-correlation D. Implement stronger access controls on the shared data lake Come back for the answer tomorrow, or study more now!

An organization deploys an AI system that recommends layoffs and budget cuts based on financial and productivity data. Executives approve its use but do not fully understand its decision logic. The recommendations align with profits but raise ethical and reputational concerns internally. What is the MOST appropriate action for the security leader? A. Require human review of all AI-generated workforce decisions B. Document the risk acceptance and ethical considerations in governance records C. Suspend the AI system until explainability requirements are met D. Conduct a privacy impact assessment focused on employee data Come back for the answer tomorrow, or study more now!

A financial services company needs to share highly sensitive customer transaction data with a third-party analytics provider. The company's legal department mandates that the third-party must be able to perform statistical analysis on the data, but the data must remain encrypted at all times, including while it is being processed by the provider's algorithms to ensure the company never loses control over the plaintext. What is the MOST appropriate cryptographic solution to meet this requirement? A. Symmetric encryption using AES-256 with a managed Key Vault B. Asymmetric encryption using RSA-4096 with Perfect Forward Secrecy C. Homomorphic encryption D. Quantum-resistant cryptography

A business unit deploys an AI agent that autonomously negotiates vendor contracts within predefined spend limits. The agent improves efficiency but occasionally commits the company to unfavorable terms. Executives want to continue using it. What is the MOST appropriate action for the security leader? A. Disable autonomous execution and require human approval for commitments B. Update the organization’s risk register to reflect agent decision authority C. Require explainability reports for every AI-driven contract decision D. Transfer contractual risk to vendors through revised legal language Come back for the answer tomorrow, or study more now!