Your engineering team integrates a third-party AI API that generates dynamic access control policies based on user behavior analytics. During testing, the API occasionally grants excessive permissions that violate least privilege. What should you address FIRST? A. Implement a policy validation layer that enforces least privilege before applying AI-generated rules B. Request the AI vendor to retrain the model to reduce permission over-granting C. Revert to static role-based access control until the AI system is reliable D. Log all AI-generated policy decisions for quarterly audit review Come back for the answer tomorrow, or study more now!

During a cloud migration, your team discovers that sensitive customer data traverses an unencrypted internal network segment between two trusted zones. Operations argues encryption would add latency to time-sensitive transactions. What is the BEST approach? A. Accept the risk since both zones are internally trusted and monitored B. Conduct a risk assessment weighing data sensitivity against performance impact C. Encrypt all internal traffic regardless of performance concerns D. Implement network segmentation to isolate the sensitive data path Come back for the answer tomorrow, or study more now!

An organization deploys an AI system that recommends layoffs and budget cuts based on financial and productivity data. Executives approve its use but do not fully understand its decision logic. The recommendations align with profits but raise ethical and reputational concerns internally. What is the MOST appropriate action for the security leader? A. Require human review of all AI-generated workforce decisions B. Document the risk acceptance and ethical considerations in governance records C. Suspend the AI system until explainability requirements are met D. Conduct a privacy impact assessment focused on employee data Come back for the answer tomorrow, or study more now!

A financial services company needs to share highly sensitive customer transaction data with a third-party analytics provider. The company's legal department mandates that the third-party must be able to perform statistical analysis on the data, but the data must remain encrypted at all times, including while it is being processed by the provider's algorithms to ensure the company never loses control over the plaintext. What is the MOST appropriate cryptographic solution to meet this requirement? A. Symmetric encryption using AES-256 with a managed Key Vault B. Asymmetric encryption using RSA-4096 with Perfect Forward Secrecy C. Homomorphic encryption D. Quantum-resistant cryptography

A business unit deploys an AI agent that autonomously negotiates vendor contracts within predefined spend limits. The agent improves efficiency but occasionally commits the company to unfavorable terms. Executives want to continue using it. What is the MOST appropriate action for the security leader? A. Disable autonomous execution and require human approval for commitments B. Update the organization’s risk register to reflect agent decision authority C. Require explainability reports for every AI-driven contract decision D. Transfer contractual risk to vendors through revised legal language Come back for the answer tomorrow, or study more now!