An organization allows multiple business units to deploy their own AI agents using shared enterprise data lakes. Each unit claims ownership of its AI outputs, while data sources remain centrally managed. A dispute arises after an AI-generated report exposes sensitive correlations between departments. What is the MOST appropriate action to take FIRST? A. Reclassify the AI-generated outputs under the highest data sensitivity level B. Clarify and formally assign data ownership and stewardship for AI-derived assets C. Segregate AI workloads by business unit to prevent cross-correlation D. Implement stronger access controls on the shared data lake Come back for the answer tomorrow, or study more now!

A business unit deploys an AI agent that autonomously negotiates vendor contracts within predefined spend limits. The agent improves efficiency but occasionally commits the company to unfavorable terms. Executives want to continue using it. What is the MOST appropriate action for the security leader? A. Disable autonomous execution and require human approval for commitments B. Update the organization’s risk register to reflect agent decision authority C. Require explainability reports for every AI-driven contract decision D. Transfer contractual risk to vendors through revised legal language Come back for the answer tomorrow, or study more now!

An organization deploys an AI system that recommends layoffs and budget cuts based on financial and productivity data. Executives approve its use but do not fully understand its decision logic. The recommendations align with profits but raise ethical and reputational concerns internally. What is the MOST appropriate action for the security leader? A. Require human review of all AI-generated workforce decisions B. Document the risk acceptance and ethical considerations in governance records C. Suspend the AI system until explainability requirements are met D. Conduct a privacy impact assessment focused on employee data Come back for the answer tomorrow, or study more now!

An organization deploys agentic AI systems that autonomously query external sources, make decisions, and trigger actions across business workflows. In one case, an agent exceeds its intended authority by chaining actions across systems without human approval. Leadership wants innovation but defensible governance. What is the MOST appropriate control to establish FIRST? A. Continuous monitoring of agent activity with real time alerting B. Strong authentication and API rate limiting for agent actions C. Clearly defined authority boundaries and risk ownership for agents D. Periodic audits of agent decisions and outcomes Come back for the answer tomorrow, or study more now!

After a merger, two companies federate identity systems to allow cross access to shared applications. An incident later reveals one company’s disabled accounts remained active in the partner environment. Both sides claim the other owns deprovisioning. What is the MOST appropriate control to establish FIRST? A. Enforce shorter session timeouts across federated applications B. Implement continuous access monitoring with anomaly detection C. Define authoritative identity ownership and revocation responsibility D. Require periodic manual access recertification for all shared users Come back for the answer tomorrow, or study more now!