An AI-powered identity analytics platform recommends revoking access for 200 employees flagged as "anomalous users" based on behavioral patterns. The system cannot explain why these users were flagged. Business unit managers protest that many are legitimate power users. What should you do FIRST? A. Implement the revocations with an expedited appeal process for affected employees B. Require the platform to provide explainable justification before any access changes C. Suspend automated revocation and conduct manual access reviews for flagged users D. Adjust the anomaly detection threshold to reduce the number of flagged accounts Come back for the answer tomorrow, or study more now!

A global manufacturing firm is under pressure to adopt a new AI-based supply chain optimization tool from a startup to remain competitive. The startup refuses to allow a third-party security audit of its source code, citing intellectual property protection, but offers a standard Service Level Agreement (SLA) with 99.9% availability. What is the BEST approach for the Security Manager to manage the risk of this acquisition? Options: A. Negotiate a "Software Escrow" agreement and include specific "Right to Audit" clauses in the final contract. B. Require the startup to provide a recent SOC 2 Type II report and a summary of their last penetration test. C. Implement a "Sandboxed" environment for the software to run in isolation from the corporate network. D. Conduct a "Vendor Risk Assessment" to determine the criticality of the data the software will process.

An architect proposes implementing end-to-end encryption for all internal microservice communications. The SOC team warns this will eliminate their ability to inspect east-west traffic for lateral movement detection. Both teams escalate to you. What is the BEST course of action? A. Prioritize encryption and accept reduced network visibility as residual risk B. Reject encryption to preserve the SOC's detection capabilities C. Implement encryption with TLS termination points that allow authorized inspection D. Defer the decision until a formal threat model evaluates both risks Come back for the answer tomorrow, or study more now!

Hi All, Im happy to announce, the im officially passed CISSP exam today. Our study sessions helped me a lot, I will try to join todays call at 6PM CST to share my experience. Thank you all 😃

Welcome to the group! Please share what you hope to gain from being here, and for fun, tell us the best piece of advice you've ever received!