Your data science team plans to fine-tune a large language model using historical customer support transcripts containing PII. The business wants the model deployed organization-wide for internal use. As the CISO, what is the MOST appropriate action BEFORE training begins? A. Encrypt the training dataset at rest and restrict access to data scientists B. Apply data minimization and de-identification techniques to the training corpus C. Require model output filtering to prevent PII disclosure in responses D. Obtain renewed customer consent for the new processing purpose Come back for the answer tomorrow, or study more now!

While examining performance reports for your organization's resources, you notice a significant performance increase on your organization's file server. The server log indicates that the memory and hard drive of the file server were upgraded. As a member of the operations team, what should you do? A) Create a new performance baseline for the file server. B) Diagnose the file server's performance increase. C) Continue to monitor the file server's performance. D) Investigate the file server's performance increase.

Which of the following is the FIRST requirement a data owner should consider before implementing a data retention policy? A. Training B. Legal C. Business D. Storage

Alice runs a small online retail company; many of her customers are from the United States. Currently, she accepts only blockchain-based payment, but she is considering the use of credit cards. After investigating Payment Card Industry Data Security Standard (PCI DSS) requirements, she decides that the cost of compliance would outweigh the additional revenue. Which of the following best describes this decision? A. Social engineering B. PCI DSS Merchant Level 3 C. Card verification value (CVV) D. Risk avoidance

In a quarterly system access review, an active privileged account was discovered that did not exist in the prior review on the production system. The account was created one hour after the previous access review. Which of the following is the BEST option to reduce overall risk in addition to quarterly access reviews? - A. Implement bi-annual reviews. - B. Create policies for system access. - C. Implement and review risk-based alerts. - D. Increase logging levels.