Your organization integrates an AI engine into its SOAR platform to auto-execute containment actions on flagged hosts. During a coordinated attack, the AI quarantines a critical production server, causing an outage. As the SOC manager, what is the MOST appropriate corrective action? A. Disable AI-driven automation and revert to fully manual response B. Define human-approval gates for high-impact automated actions C. Lower the AI's confidence threshold to reduce false containments D. Restrict automated containment to non-production network segments Come back for the answer tomorrow, or study more now!

Your organization is deploying a customer-facing chatbot powered by a third-party LLM. The product team wants to connect it directly to the order management database to answer real-time inventory questions. As the security architect, what is the BEST design control? A. Implement input validation to block prompt injection attempts B. Place an API gateway with strict allow-listed queries between the LLM and the database C. Require TLS 1.3 for all traffic between the chatbot and backend systems D. Deploy a WAF tuned for LLM-specific attack signatures Come back for the answer tomorrow, or study more now!

Your data science team plans to fine-tune a large language model using historical customer support transcripts containing PII. The business wants the model deployed organization-wide for internal use. As the CISO, what is the MOST appropriate action BEFORE training begins? A. Encrypt the training dataset at rest and restrict access to data scientists B. Apply data minimization and de-identification techniques to the training corpus C. Require model output filtering to prevent PII disclosure in responses D. Obtain renewed customer consent for the new processing purpose Come back for the answer tomorrow, or study more now!

During a ransomware incident, the IR team contains affected systems and begins recovery from backups. Mid-recovery, the CFO authorizes paying the ransom to accelerate restoration. As the incident commander, what should you do FIRST? A. Comply with the CFO's directive and coordinate the payment through counsel B. Halt recovery and escalate to the executive crisis team and legal for a documented decision C. Continue recovery from backups and refuse the payment on policy grounds D. Engage law enforcement to evaluate the legality of the ransom payment Come back for the answer tomorrow, or study more now!

A development team adopts a CI/CD pipeline that auto-deploys to production upon passing unit tests. Security testing currently runs weekly in a separate environment. A recent release introduced a SQL injection flaw that reached production. As the application security lead, what is the BEST corrective action? A. Block all deployments until weekly security testing completes B. Integrate SAST and dependency scanning as gating checks within the pipeline C. Require manual security review before each production release D. Shift security testing to a post-deployment runtime monitoring tool Come back for the answer tomorrow, or study more now!