@Shradhanjali Barik ill see what I can dig up

A+ member! Huge congratulations

@Idris Onimole Correct Answer: C. Integrate AI-enabled BAS (Breach and Attack Simulation) tools that continuously replicate evolving attacker TTPs across email, endpoint, and network layers. Explanation (CISSP logic): The question is about validating resilience against AI-augmented attack techniques — polymorphic payloads, adaptive phishing, and evasive behavior.CISSP wants you to choose the testing method that continuously mirrors real attacker capabilities, not something periodic, narrow, or academic. AI-enabled BAS platforms: - Continuously simulate attacker behaviors (not just signature-based exploits). - Evolve campaigns with the same adaptive logic adversarial AI uses. - Test multiple layers: email, endpoint, identity, network, and cloud. - Provide ongoing assurance, not one-time validation. That perfectly matches the scenario. Why the other options are wrong: A. Quarterly vulnerability scans❌ Signature-based.❌ Cannot adapt or generate polymorphic variants.❌ Does not match the threat model described. B. Adversarial machine learning (AML) evaluations❌ Important, but focuses on AI models you own, not real attack simulation.This is about protecting your ML models, not testing your environment against AI-powered attackers. D. Annual manual red-teaming❌ Valuable, but not scalable or adaptive.❌ Human-only red teams cannot match the volume, speed, or polymorphism of AI attack tools.❌ Annual testing is too infrequent given how fast AI attack tooling evolves. Think like a manager (CISSP mentality): Modern threat validation programs must be continuous, automated, and representative of real attacker capability, especially with AI in the mix.This is exactly what modern BAS tools deliver — ongoing, adversary-aware assurance at enterprise scale.