Your SOC integrates an AI-driven SOAR platform that auto-remediates low-severity alerts. After three months, analysts notice the model's false positive rate has doubled and it is closing legitimate incidents without investigation. What should the SOC manager address FIRST? A. Revert to manual triage until the model is retrained on updated threat data B. Evaluate the model for drift and establish ongoing performance monitoring baselines C. Escalate to the vendor and demand a root cause analysis under the SLA D. Increase analyst headcount to manually review all auto-closed incidents Come back for the answer tomorrow, or study more now!

A financial services firm acquires a pre-trained ML model from a third-party vendor for fraud detection. During onboarding, the security team discovers the vendor cannot provide documentation on the origin of the training dataset. What should the CISO address FIRST? A. Commission an independent bias audit before production deployment B. Classify the model and its training data as high-value intellectual property C. Assess whether the undocumented data sourcing introduces unmanageable supply chain risk D. Require the vendor to retrain the model using only internally sourced datasets Come back for the answer tomorrow, or study more now!

An architect proposes implementing end-to-end encryption for all internal microservice communications. The SOC team warns this will eliminate their ability to inspect east-west traffic for lateral movement detection. Both teams escalate to you. What is the BEST course of action? A. Prioritize encryption and accept reduced network visibility as residual risk B. Reject encryption to preserve the SOC's detection capabilities C. Implement encryption with TLS termination points that allow authorized inspection D. Defer the decision until a formal threat model evaluates both risks Come back for the answer tomorrow, or study more now!

Your organization passes its annual SOC 2 Type II audit with no findings. Two months later, a penetration test reveals a critical vulnerability in a customer-facing application that has existed for over a year. The board questions why the audit missed it. What is the BEST explanation? A. The penetration testing firm used more advanced techniques than the SOC 2 auditors B. SOC 2 evaluates control design and operating effectiveness, not technical vulnerability discovery C. The audit scope was improperly defined and should have included application testing D. The auditors failed to meet professional due diligence standards Come back for the answer tomorrow, or study more now!

Passed CISSP (2nd attempt)! Big thanks to Vincent Primiani and the CISSP Study Group team — the daily quizzes, app practice, and sessions (despite IST timezone challenges) made a real difference. Formal thank-you message to Vincent Primiani and team (direct message or email) #CISSP #Certification