An organization recently discovered that a former employee's access credentials were used to exfiltrate sensitive customer data two weeks after their termination. Which of the following controls would have been MOST effective in preventing this incident? A) Implementing multi-factor authentication for all users B) Conducting regular access reviews and timely account deprovisioning C) Deploying a data loss prevention (DLP) solution D) Encrypting all sensitive data at rest Come back for the answer tomorrow, or study more now!

A multinational organization is expanding into a region with strict data localization laws while maintaining its global incident response capability. The CISO must balance compliance with operational effectiveness. What is the MOST appropriate first step? A. Deploy regional SOC infrastructure to process security data locally B. Conduct a regulatory impact assessment on cross-border data flows C. Negotiate data transfer agreements with the host country's authority D. Implement encryption for all security telemetry leaving the region Come back for the answer tomorrow, or study more now!

Your organization is expanding into a country that requires all citizen data to be stored within its borders. The legal team recommends immediate compliance, but the existing cloud architecture uses a single global tenant. What should you do FIRST? A. Negotiate a regulatory exception with the host country's data authority B. Conduct a data sovereignty impact assessment against current architecture C. Migrate all citizen data to an in-country data center immediately D. Update the privacy policy to disclose cross-border data transfers Come back for the answer tomorrow, or study more now!

A development team uses an AI-powered coding assistant that suggests code snippets from its training data. The tool recently generated functions containing logic similar to a competitor's proprietary algorithm. What should the security manager do FIRST? A. Conduct a legal review to assess intellectual property infringement risk B. Implement software composition analysis to detect and flag AI-generated code C. Restrict the AI tool's network access and require human review of all outputs D. Retrain the model on the organization's internal codebase only Come back for the answer tomorrow, or study more now!

An organization's CISO discovers that a third-party SaaS vendor processing customer PII has been acquired by a foreign company. The acquiring company is headquartered in a jurisdiction with government data access laws that conflict with the organization's regulatory obligations under GDPR. The vendor contract has 18 months remaining. What should the CISO do FIRST? A. Invoke the contract's termination-for-convenience clause and begin immediate vendor transition planning B. Conduct a risk assessment to evaluate the change in data sovereignty exposure and regulatory compliance impact C. Require the vendor to migrate all customer data to data centers located within approved jurisdictions D. Notify the Data Protection Authority and affected customers of the potential cross-border data transfer Come back for the answer tomorrow, or study more now!