Your organization is expanding into a country that requires all citizen data to be stored within its borders. The legal team recommends immediate compliance, but the existing cloud architecture uses a single global tenant. What should you do FIRST? A. Negotiate a regulatory exception with the host country's data authority B. Conduct a data sovereignty impact assessment against current architecture C. Migrate all citizen data to an in-country data center immediately D. Update the privacy policy to disclose cross-border data transfers Come back for the answer tomorrow, or study more now!

A global enterprise implements a zero-trust architecture requiring continuous authentication and authorization. During an incident investigation, security analysts discover that a compromised service account with high privileges has been making API calls from multiple geographic locations simultaneously. The account uses certificate-based authentication with a valid certificate that won't expire for 18 months. What is the MOST effective immediate containment action? A. Revoke the certificate through the Certificate Authority's Certificate Revocation List (CRL) B. Disable the service account in the identity provider C. Implement IP-based geo-fencing to block requests from unauthorized locations D. Rotate the account credentials and force re-authentication Come back for the answer tomorrow, or study more now!

A global organization adopts a cloud service to accelerate operations, despite unresolved concerns about data residency and regulatory exposure. Senior leadership accepts the business risk to meet market pressure. As the security leader, what is the MOST appropriate next action? A. Document the risk acceptance decision and associated residual risk B. Implement compensating technical controls to reduce exposure C. Transfer the risk through expanded cyber insurance coverage D. Escalate the decision to regulators for formal guidance Study more now!

During an active breach investigation, the incident response team discovers indicators suggesting a third party service provider may be the initial intrusion vector. Legal warns that premature notification could expose the company to liability, while operations wants immediate coordination to contain spread. What is the MOST appropriate action to take NEXT? A. Notify the service provider immediately with full technical findings B. Isolate affected integrations and preserve evidence before notification C. Escalate directly to law enforcement to avoid vendor disputes D. Delay all action until legal approves external communication Come back for the answer tomorrow, or study more now!

An organization migrating legacy file shares to a cloud collaboration platform discovers that several datasets contain regulated records with no documented retention periods or data owners. The business wants immediate migration to meet a project deadline. What should the security manager do FIRST? A. Migrate the data and address ownership and retention after cutover B. Identify data owners and define retention requirements before migration C. Apply default retention policies to all datasets to avoid delay D. Escalate the issue to legal and halt the migration indefinitely