A ransomware attack encrypts multiple servers, including systems that store financial transaction data. Management activates the disaster recovery plan to restore from clean backups and resume business operations as quickly as possible. Meanwhile, law enforcement and internal investigators request that the affected systems remain offline to preserve evidence for criminal prosecution. What is the BEST course of action? A. Prioritize rapid system recovery and resume operations immediately using backups to meet RTO objectives. B. Delay full recovery until investigators complete forensic imaging and evidence collection. C. Restore essential systems first, while creating verified forensic images of compromised hosts before reinitialization. D. Refuse to proceed with any restoration until the court issues a warrant authorizing evidence handling.

Your organization plans to deploy a generative-AI system that will assist in making decisions on loan applications. Given the high stakes (financial risk, regulatory oversight, data privacy) the CISO demands robust controls throughout the AI lifecycle. Which of the following actions is MOST critical to satisfy both the risk management and governance objectives in this scenario? A. Ensure the AI model is hosted on-premises within a dedicated enterprise cloud to maintain maximum infrastructure control. B. Perform a model risk assessment that covers data integrity, bias/ethics, explainability, lineage of training data, and model drift, and present the findings to senior leadership. C. Require applicants to submit non-financial documents (e.g., social media profiles) so the AI has more data to improve its predictive accuracy. D. Develop an SLA with the AI vendor guaranteeing 99.9% uptime and a fixed model-update schedule every 90 days.

A healthcare organization conducts an enterprise risk assessment and identifies that a legacy clinical system introduces a significant risk of unauthorized disclosure of patient data. The system cannot be patched or replaced for at least 18 months due to vendor dependency. Mitigating controls reduce the likelihood from “High” to “Medium,” but the residual risk still exceeds the organization’s defined risk appetite. The CISO recommends presenting the issue to the executive risk committee for a decision. However, the Chief Operating Officer (COO) insists that the CISO should “handle it within IT” since technical controls have already been applied. From a CISSP management perspective, what is the BEST next step? A. Formally document the residual risk and escalate it to executive management for risk acceptance or further action. B. Implement additional technical controls to further reduce the likelihood to “Low.” C. Procure cyber insurance to transfer the remaining risk to a third party. D. Defer escalation until an incident occurs or new vulnerabilities emerge.

A global e-commerce company processes customer payment information from multiple regions, including the European Union and the United States. During a routine audit, it is discovered that EU customer data is being stored on U.S.-based servers without a proper legal mechanism in place to validate the transfer. Which of the following actions should the organization take FIRST to comply with privacy and data protection requirements? A. Encrypt all stored EU customer data using AES-256 encryption. B. Implement Standard Contractual Clauses (SCCs) or another approved transfer mechanism. C. Anonymize all EU customer data before storage in the U.S. D. Notify the affected EU customers and supervisory authority of the violation. answer tomorrow! study more at cissp.app

An enterprise recently experienced a targeted attack where an employee unknowingly installed malicious software via a phishing link. The malware bypassed endpoint antivirus and gained limited access to internal systems. The CISO wants to redesign controls to reduce the likelihood of this type of compromise in the future. Which design principle BEST addresses this goal? A. Security through obscurity B. Defense in depth C. Fail-safe defaults D. Least common mechanism