A development team adopts a CI/CD pipeline that auto-deploys to production upon passing unit tests. Security testing currently runs weekly in a separate environment. A recent release introduced a SQL injection flaw that reached production. As the application security lead, what is the BEST corrective action? A. Block all deployments until weekly security testing completes B. Integrate SAST and dependency scanning as gating checks within the pipeline C. Require manual security review before each production release D. Shift security testing to a post-deployment runtime monitoring tool Come back for the answer tomorrow, or study more now!

A vendor proposes a new SaaS platform that processes regulated customer data. Procurement wants to sign by quarter-end, and the vendor's SOC 2 Type II report is six months old. As the security architect, what is the MOST appropriate next step? A. Accept the SOC 2 report and proceed with contract execution B. Require the vendor to complete your standard security questionnaire C. Perform a risk assessment mapped to your control requirements D. Demand a fresh penetration test before signing Come back for the answer tomorrow, or study more now!

Your company adopts Zero Trust and replaces the legacy VPN with identity-based access for remote workers. Six weeks in, helpdesk tickets spike: users complain that access to internal apps breaks unpredictably throughout the day. What is the MOST likely root cause? A. Insufficient bandwidth at the identity provider B. Continuous authentication is re-evaluating trust signals and revoking sessions C. DNS resolution failures between the client and the policy enforcement point D. Certificate pinning conflicts with the new SSO provider Come back for the answer tomorrow, or study more now!

A healthcare company deploys a diagnostic AI system that recommends treatment options. Regulators require the organization to explain how the model reaches its conclusions. The security architect proposes encrypting the model's internal weights to protect intellectual property. What concern should the CISO raise FIRST? A. Encryption at rest is insufficient without also encrypting data in transit between inference nodes B. Protecting model weights may conflict with the regulatory requirement for explainability C. The model should be hosted in a secure enclave to prevent adversarial extraction attacks D. A third-party penetration test should validate the encryption implementation before deployment Come back for the answer tomorrow, or study more now!

An architect proposes implementing end-to-end encryption for all internal microservice communications. The SOC team warns this will eliminate their ability to inspect east-west traffic for lateral movement detection. Both teams escalate to you. What is the BEST course of action? A. Prioritize encryption and accept reduced network visibility as residual risk B. Reject encryption to preserve the SOC's detection capabilities C. Implement encryption with TLS termination points that allow authorized inspection D. Defer the decision until a formal threat model evaluates both risks Come back for the answer tomorrow, or study more now!