Your organization is deploying a customer-facing chatbot powered by a third-party LLM. The product team wants to connect it directly to the order management database to answer real-time inventory questions. As the security architect, what is the BEST design control? A. Implement input validation to block prompt injection attempts B. Place an API gateway with strict allow-listed queries between the LLM and the database C. Require TLS 1.3 for all traffic between the chatbot and backend systems D. Deploy a WAF tuned for LLM-specific attack signatures Come back for the answer tomorrow, or study more now!

Your data science team plans to fine-tune a large language model using historical customer support transcripts containing PII. The business wants the model deployed organization-wide for internal use. As the CISO, what is the MOST appropriate action BEFORE training begins? A. Encrypt the training dataset at rest and restrict access to data scientists B. Apply data minimization and de-identification techniques to the training corpus C. Require model output filtering to prevent PII disclosure in responses D. Obtain renewed customer consent for the new processing purpose Come back for the answer tomorrow, or study more now!

An internal audit reveals that quarterly vulnerability scans are completed on schedule, but 40% of critical findings remain unremediated past SLA. The vulnerability management team reports the metrics as "green" because scans were performed. As the CISO, what is the BEST corrective action? A. Reduce scan frequency until remediation capacity catches up B. Redefine the program metrics to measure remediation outcomes, not scan activity C. Escalate overdue findings directly to system owners' executives D. Outsource remediation to a managed security service provider Come back for the answer tomorrow, or study more now!

During a ransomware incident, the IR team contains affected systems and begins recovery from backups. Mid-recovery, the CFO authorizes paying the ransom to accelerate restoration. As the incident commander, what should you do FIRST? A. Comply with the CFO's directive and coordinate the payment through counsel B. Halt recovery and escalate to the executive crisis team and legal for a documented decision C. Continue recovery from backups and refuse the payment on policy grounds D. Engage law enforcement to evaluate the legality of the ransom payment Come back for the answer tomorrow, or study more now!

A vendor proposes a new SaaS platform that processes regulated customer data. Procurement wants to sign by quarter-end, and the vendor's SOC 2 Type II report is six months old. As the security architect, what is the MOST appropriate next step? A. Accept the SOC 2 report and proceed with contract execution B. Require the vendor to complete your standard security questionnaire C. Perform a risk assessment mapped to your control requirements D. Demand a fresh penetration test before signing Come back for the answer tomorrow, or study more now!