An organization deploys an AI system that recommends layoffs and budget cuts based on financial and productivity data. Executives approve its use but do not fully understand its decision logic. The recommendations align with profits but raise ethical and reputational concerns internally. What is the MOST appropriate action for the security leader? A. Require human review of all AI-generated workforce decisions B. Document the risk acceptance and ethical considerations in governance records C. Suspend the AI system until explainability requirements are met D. Conduct a privacy impact assessment focused on employee data Come back for the answer tomorrow, or study more now!

A financial services company needs to share highly sensitive customer transaction data with a third-party analytics provider. The company's legal department mandates that the third-party must be able to perform statistical analysis on the data, but the data must remain encrypted at all times, including while it is being processed by the provider's algorithms to ensure the company never loses control over the plaintext. What is the MOST appropriate cryptographic solution to meet this requirement? A. Symmetric encryption using AES-256 with a managed Key Vault B. Asymmetric encryption using RSA-4096 with Perfect Forward Secrecy C. Homomorphic encryption D. Quantum-resistant cryptography

A business unit deploys an AI agent that autonomously negotiates vendor contracts within predefined spend limits. The agent improves efficiency but occasionally commits the company to unfavorable terms. Executives want to continue using it. What is the MOST appropriate action for the security leader? A. Disable autonomous execution and require human approval for commitments B. Update the organization’s risk register to reflect agent decision authority C. Require explainability reports for every AI-driven contract decision D. Transfer contractual risk to vendors through revised legal language Come back for the answer tomorrow, or study more now!

A company deploys an internal generative AI assistant trained on corporate documents to support developers and analysts. Leadership wants rapid adoption, but legal raises concerns about sensitive data being exposed through prompts and outputs. What is the MOST appropriate control to implement FIRST? A. Log and monitor all AI prompts and responses for misuse B. Classify and restrict training and prompt-accessible data sources C. Add contractual liability clauses for AI misuse to employment agreements D. Conduct periodic audits of AI model accuracy and bias Come back for the answer tomorrow, or study more now!

A global organization adopts a cloud service to accelerate operations, despite unresolved concerns about data residency and regulatory exposure. Senior leadership accepts the business risk to meet market pressure. As the security leader, what is the MOST appropriate next action? A. Document the risk acceptance decision and associated residual risk B. Implement compensating technical controls to reduce exposure C. Transfer the risk through expanded cyber insurance coverage D. Escalate the decision to regulators for formal guidance Study more now!