A multinational managed security service provider is conducting an authorized red-team assisted assessment for a client operating in multiple jurisdictions. During covert infrastructure mapping inside a sandboxed forensic workspace, the tester finds encrypted archives stored in a hidden directory. Metadata analysis suggests the archives may contain illegal high-risk content unrelated to the engagement scope. The client's operations director insists that the tester ignore the discovery because the engagement contract contains a strict non-expansion clause limiting investigation to predefined assets. What is the best course of action? A. Preserve relevant evidence and report the finding to law enforcement authorities. B. Immediately destroy the files to eliminate operational risk for the client. C. Notify only ISC2 and wait for official direction. D. Continue testing only within the original asset scope and ignore the discovered data.

Your organization's fraud detection ML model passes all traditional software vulnerability scans. However, a red team discovers they can subtly alter transaction inputs to cause the model to misclassify fraudulent activity as legitimate. What testing gap does this BEST illustrate? A. The vulnerability scans lacked authenticated scanning credentials B. Static application security testing was not integrated into the CI/CD pipeline C. The assessment program did not include adversarial robustness testing of the model D. The red team should have coordinated findings with the vulnerability management team first Come back for the answer tomorrow, or study more now!

A healthcare company deploys a diagnostic AI system that recommends treatment options. Regulators require the organization to explain how the model reaches its conclusions. The security architect proposes encrypting the model's internal weights to protect intellectual property. What concern should the CISO raise FIRST? A. Encryption at rest is insufficient without also encrypting data in transit between inference nodes B. Protecting model weights may conflict with the regulatory requirement for explainability C. The model should be hosted in a secure enclave to prevent adversarial extraction attacks D. A third-party penetration test should validate the encryption implementation before deployment Come back for the answer tomorrow, or study more now!

A global manufacturing firm is under pressure to adopt a new AI-based supply chain optimization tool from a startup to remain competitive. The startup refuses to allow a third-party security audit of its source code, citing intellectual property protection, but offers a standard Service Level Agreement (SLA) with 99.9% availability. What is the BEST approach for the Security Manager to manage the risk of this acquisition? Options: A. Negotiate a "Software Escrow" agreement and include specific "Right to Audit" clauses in the final contract. B. Require the startup to provide a recent SOC 2 Type II report and a summary of their last penetration test. C. Implement a "Sandboxed" environment for the software to run in isolation from the corporate network. D. Conduct a "Vendor Risk Assessment" to determine the criticality of the data the software will process.

Your organization passes its annual SOC 2 Type II audit with no findings. Two months later, a penetration test reveals a critical vulnerability in a customer-facing application that has existed for over a year. The board questions why the audit missed it. What is the BEST explanation? A. The penetration testing firm used more advanced techniques than the SOC 2 auditors B. SOC 2 evaluates control design and operating effectiveness, not technical vulnerability discovery C. The audit scope was improperly defined and should have included application testing D. The auditors failed to meet professional due diligence standards Come back for the answer tomorrow, or study more now!