Your organization's fraud detection ML model passes all traditional software vulnerability scans. However, a red team discovers they can subtly alter transaction inputs to cause the model to misclassify fraudulent activity as legitimate. What testing gap does this BEST illustrate? A. The vulnerability scans lacked authenticated scanning credentials B. Static application security testing was not integrated into the CI/CD pipeline C. The assessment program did not include adversarial robustness testing of the model D. The red team should have coordinated findings with the vulnerability management team first Come back for the answer tomorrow, or study more now!

A healthcare company deploys a diagnostic AI system that recommends treatment options. Regulators require the organization to explain how the model reaches its conclusions. The security architect proposes encrypting the model's internal weights to protect intellectual property. What concern should the CISO raise FIRST? A. Encryption at rest is insufficient without also encrypting data in transit between inference nodes B. Protecting model weights may conflict with the regulatory requirement for explainability C. The model should be hosted in a secure enclave to prevent adversarial extraction attacks D. A third-party penetration test should validate the encryption implementation before deployment Come back for the answer tomorrow, or study more now!