A newly acquired subsidiary uses shared administrator accounts for critical infrastructure management. The integration team wants to immediately enforce individual accounts, but operations warns this could disrupt 24/7 production systems. What is the MOST appropriate next step? A. Implement privileged access management with session recording for shared accounts B. Require individual accounts with emergency break-glass procedures for continuity C. Assess the shared account inventory and map dependencies before enforcing changes D. Accept the risk temporarily and schedule individual account rollout for next quarter Come back for the answer tomorrow, or study more now!

Your organization is expanding into a country that requires all citizen data to be stored within its borders. The legal team recommends immediate compliance, but the existing cloud architecture uses a single global tenant. What should you do FIRST? A. Negotiate a regulatory exception with the host country's data authority B. Conduct a data sovereignty impact assessment against current architecture C. Migrate all citizen data to an in-country data center immediately D. Update the privacy policy to disclose cross-border data transfers Come back for the answer tomorrow, or study more now!

A development team uses an AI-powered coding assistant that suggests code snippets from its training data. The tool recently generated functions containing logic similar to a competitor's proprietary algorithm. What should the security manager do FIRST? A. Conduct a legal review to assess intellectual property infringement risk B. Implement software composition analysis to detect and flag AI-generated code C. Restrict the AI tool's network access and require human review of all outputs D. Retrain the model on the organization's internal codebase only Come back for the answer tomorrow, or study more now!

An organization recently discovered that a former employee's access credentials were used to exfiltrate sensitive customer data two weeks after their termination. Which of the following controls would have been MOST effective in preventing this incident? A) Implementing multi-factor authentication for all users B) Conducting regular access reviews and timely account deprovisioning C) Deploying a data loss prevention (DLP) solution D) Encrypting all sensitive data at rest Come back for the answer tomorrow, or study more now!

A multinational organization is expanding into a region with strict data localization laws while maintaining its global incident response capability. The CISO must balance compliance with operational effectiveness. What is the MOST appropriate first step? A. Deploy regional SOC infrastructure to process security data locally B. Conduct a regulatory impact assessment on cross-border data flows C. Negotiate data transfer agreements with the host country's authority D. Implement encryption for all security telemetry leaving the region Come back for the answer tomorrow, or study more now!