Your organization runs a high-value AI model training environment on the same internal network segment as general corporate workstations. A risk assessment flags the shared segment as a concern. As the network security architect, what is the BEST control to implement? A. Deploy AI-driven network detection and response to monitor the segment B. Microsegment the training environment to isolate it from the corporate network C. Encrypt all traffic to and from the training environment D. Place an intrusion prevention system at the segment boundary Come back for the answer tomorrow, or study more now!

Your organization adopts an AI-driven system to automate loan approval decisions. Compliance raises concerns that the model may produce discriminatory outcomes against protected groups. As the CISO advising leadership, what is the MOST appropriate FIRST step? A. Implement explain ability tooling to interpret model decisions B. Establish AI governance with bias assessment and accountability for automated decisions C. Retrain the model on a more representative dataset D. Add a human reviewer to approve all model-rejected applications Come back for the answer tomorrow, or study more now!

An internal audit reveals that quarterly vulnerability scans are completed on schedule, but 40% of critical findings remain unremediated past SLA. The vulnerability management team reports the metrics as "green" because scans were performed. As the CISO, what is the BEST corrective action? A. Reduce scan frequency until remediation capacity catches up B. Redefine the program metrics to measure remediation outcomes, not scan activity C. Escalate overdue findings directly to system owners' executives D. Outsource remediation to a managed security service provider Come back for the answer tomorrow, or study more now!

During a ransomware incident, the IR team contains affected systems and begins recovery from backups. Mid-recovery, the CFO authorizes paying the ransom to accelerate restoration. As the incident commander, what should you do FIRST? A. Comply with the CFO's directive and coordinate the payment through counsel B. Halt recovery and escalate to the executive crisis team and legal for a documented decision C. Continue recovery from backups and refuse the payment on policy grounds D. Engage law enforcement to evaluate the legality of the ransom payment Come back for the answer tomorrow, or study more now!

A marketing team wants to fine-tune a public LLM using five years of customer support transcripts to improve chatbot responses. The transcripts contain names, email addresses, and billing details. What should the security manager require BEFORE the fine-tuning begins? A. A signed NDA with the LLM vendor covering all training data B. Data masking or tokenization of PII within the transcripts C. Customer consent emails authorizing the use of their conversations D. A data processing agreement executed with the cloud provider Come back for the answer tomorrow, or study more now!