During a ransomware incident, the IR team contains affected systems and begins recovery from backups. Mid-recovery, the CFO authorizes paying the ransom to accelerate restoration. As the incident commander, what should you do FIRST? A. Comply with the CFO's directive and coordinate the payment through counsel B. Halt recovery and escalate to the executive crisis team and legal for a documented decision C. Continue recovery from backups and refuse the payment on policy grounds D. Engage law enforcement to evaluate the legality of the ransom payment Come back for the answer tomorrow, or study more now!

Your organization's risk register is maintained by a single senior analyst who built custom scoring formulas undocumented outside his workstation. He announces his resignation with two weeks notice. The next quarterly risk review is in three weeks. What should you do FIRST? A. Hire a replacement analyst before the departing employee's last day B. Conduct an immediate knowledge transfer to document the scoring methodology C. Postpone the quarterly risk review until a replacement is onboarded D. Assign the risk register to the internal audit team as an interim measure Come back for the answer tomorrow, or study more now!

Your organization deploys an AI assistant with access to internal knowledge bases containing data classified at multiple sensitivity levels. The system currently returns results regardless of the requestor's clearance level. No access enforcement layer exists between the AI and the data. What is the PRIMARY risk? A. The AI model may retain sensitive data in its context and leak it to subsequent users B. Unauthorized information disclosure through the AI bypassing established access controls C. Excessive query logging creating a secondary repository of classified information D. Users developing over-reliance on AI responses instead of consulting original sources Come back for the answer tomorrow, or study more now!

I couldn’t have done this alone. Thanks to everyone who supported me along the way—I’m excited to say I’m now CCIE and CISSP certified!

Your company relies on a critical SaaS provider for customer onboarding. During a routine review, you learn the provider has added a new sub-processor in a high-risk jurisdiction. Your current contract lacks explicit audit/assessment rights for sub-processors, and the business cannot tolerate downtime on this service. What should the security manager do FIRST? A. Issue a risk exception and document acceptance until renewal. B. Perform a targeted supplier risk assessment focused on the new sub-processor and data flows. C. Terminate the relationship and move to a contingency provider. D. Purchase cyber insurance to transfer exposure.