A multinational enterprise migrates sensitive analytics workloads to a cloud provider. The environment uses a zero-trust architecture, and encryption is enabled for data in transit and at rest. During a review, the CISO learns that several teams are using cloud-native analytics tools that temporarily decrypt and process customer PII inside managed service environments where the organization has no visibility into memory, caching, or key-handling operations. Which control is MOST critical to implement to maintain data-lifecycle protection under these conditions? A. Enforce customer-managed encryption keys (CMEK) and prohibit provider-managed key usage. B. Implement strict data-minimization and tokenization before data enters the cloud analytics pipeline. C. Require all analytics tools to run only in containers where memory and cache can be fully inspected. D. Mandate continuous CASB monitoring to detect shadow analytics workflows and unauthorized data feeds.

Boom Totally DIDN'T expect it. Even filled in the survey saying the exam is nothing like the course outline. Was convinced I'd failed so an absolute result to find out I hadn't. Thanks to @Vincent Primiani and the whole community for your help

I passed the CISSP exam

A company implements new monitoring software that captures screenshots of employee workstations every five minutes to ensure productivity. However, some employees handle client financial data and access third-party critical infrastructure systems as part of their work. What is the MOST appropriate action before deploying the monitoring system? A. Proceed with deployment since monitoring is part of legitimate business interests. B. Obtain written consent from employees acknowledging they are subject to monitoring. C. Conduct a privacy impact assessment (PIA) to evaluate legal, ethical, and security implications. D. Encrypt all collected screenshots to protect sensitive data.

During an ongoing ransomware attack, a system administrator discovers that several critical servers are actively encrypting files. Senior leadership is out of contact, and the company’s incident response plan is still in draft form. What should the administrator do FIRST? A. Shut down all affected systems to stop the encryption immediately. B. Disconnect the affected servers from the network and preserve volatile evidence. C. Attempt to restore the servers from the most recent backup. D. Notify law enforcement about the ransomware activity.