An architect proposes implementing end-to-end encryption for all internal microservice communications. The SOC team warns this will eliminate their ability to inspect east-west traffic for lateral movement detection. Both teams escalate to you. What is the BEST course of action? A. Prioritize encryption and accept reduced network visibility as residual risk B. Reject encryption to preserve the SOC's detection capabilities C. Implement encryption with TLS termination points that allow authorized inspection D. Defer the decision until a formal threat model evaluates both risks Come back for the answer tomorrow, or study more now!

An AI-powered identity analytics platform recommends revoking access for 200 employees flagged as "anomalous users" based on behavioral patterns. The system cannot explain why these users were flagged. Business unit managers protest that many are legitimate power users. What should you do FIRST? A. Implement the revocations with an expedited appeal process for affected employees B. Require the platform to provide explainable justification before any access changes C. Suspend automated revocation and conduct manual access reviews for flagged users D. Adjust the anomaly detection threshold to reduce the number of flagged accounts Come back for the answer tomorrow, or study more now!

A global enterprise implements a zero-trust architecture requiring continuous authentication and authorization. During an incident investigation, security analysts discover that a compromised service account with high privileges has been making API calls from multiple geographic locations simultaneously. The account uses certificate-based authentication with a valid certificate that won't expire for 18 months. What is the MOST effective immediate containment action? A. Revoke the certificate through the Certificate Authority's Certificate Revocation List (CRL) B. Disable the service account in the identity provider C. Implement IP-based geo-fencing to block requests from unauthorized locations D. Rotate the account credentials and force re-authentication Come back for the answer tomorrow, or study more now!

A company uses an internal investigation team and outside counsel during major incidents. To reduce email overload, executives begin discussing response strategy and legal risk inside a collaboration platform with auto retention and global search enabled. No breach has occurred yet. What is the MOST appropriate action to take FIRST? A. Disable search and retention features for executive channels B. Move all sensitive discussions to encrypted messaging tools C. Establish formal communication boundaries and privilege handling procedures D. Require legal approval before any executive incident discussion Pssst… CISSP.app

An enterprise deploys agentic AI systems that autonomously collect data from internal systems and external sources to answer executive queries. Over time, agents begin retaining intermediate data and derived insights to improve future performance. Legal cannot determine what regulated data is being stored or reused. Leadership wants minimal friction. What is the MOST appropriate action to take FIRST? A. Encrypt all agent retained data using enterprise key management B. Perform a data inventory and classification of agent memory and outputs C. Restrict agents to real time queries with no local persistence D. Update contracts with AI vendors to address derived data ownership Come back for the answer tomorrow, or study more now!