After containing a ransomware attack, an organization begins restoring critical systems from clean backups. Forensic analysis confirms that the malware has been removed and backups were not compromised. However, the incident response team warns that some security weaknesses that allowed the initial compromise may still exist. What should the organization do as part of the recovery phase of incident management? A. Restore all affected systems immediately to resume operations and investigate the root cause after services stabilize. B. Keep affected systems offline until the incident report is completed and approved by executive management. O c. Reconnect restored systems to the production network while monitoring them for abnormal activity. D. Validate system integrity and strengthen controls before returning restored systems to normal production operations.

Developers at your company use an LLM-powered coding assistant that auto-generates functions pulled into production via CI/CD. A recent audit reveals several generated functions contain hardcoded credentials and insecure deserialization patterns. What should the security manager prioritize FIRST? A. Ban the AI coding assistant until the vendor eliminates hallucinated vulnerabilities B. Require developers to manually review all AI-generated code before committing C. Integrate automated AI security testing into the CI/CD pipeline to catch flaws pre-production D. Report the insecure patterns to the LLM vendor for model fine-tuning Come back for the answer tomorrow, or study more now!

Your organization's fraud detection ML model passes all traditional software vulnerability scans. However, a red team discovers they can subtly alter transaction inputs to cause the model to misclassify fraudulent activity as legitimate. What testing gap does this BEST illustrate? A. The vulnerability scans lacked authenticated scanning credentials B. Static application security testing was not integrated into the CI/CD pipeline C. The assessment program did not include adversarial robustness testing of the model D. The red team should have coordinated findings with the vulnerability management team first Come back for the answer tomorrow, or study more now!

A global manufacturing firm is under pressure to adopt a new AI-based supply chain optimization tool from a startup to remain competitive. The startup refuses to allow a third-party security audit of its source code, citing intellectual property protection, but offers a standard Service Level Agreement (SLA) with 99.9% availability. What is the BEST approach for the Security Manager to manage the risk of this acquisition? Options: A. Negotiate a "Software Escrow" agreement and include specific "Right to Audit" clauses in the final contract. B. Require the startup to provide a recent SOC 2 Type II report and a summary of their last penetration test. C. Implement a "Sandboxed" environment for the software to run in isolation from the corporate network. D. Conduct a "Vendor Risk Assessment" to determine the criticality of the data the software will process.

A multinational managed security service provider is conducting an authorized red-team assisted assessment for a client operating in multiple jurisdictions. During covert infrastructure mapping inside a sandboxed forensic workspace, the tester finds encrypted archives stored in a hidden directory. Metadata analysis suggests the archives may contain illegal high-risk content unrelated to the engagement scope. The client's operations director insists that the tester ignore the discovery because the engagement contract contains a strict non-expansion clause limiting investigation to predefined assets. What is the best course of action? A. Preserve relevant evidence and report the finding to law enforcement authorities. B. Immediately destroy the files to eliminate operational risk for the client. C. Notify only ISC2 and wait for official direction. D. Continue testing only within the original asset scope and ignore the discovered data.