An internal audit reveals that quarterly vulnerability scans are completed on schedule, but 40% of critical findings remain unremediated past SLA. The vulnerability management team reports the metrics as "green" because scans were performed. As the CISO, what is the BEST corrective action? A. Reduce scan frequency until remediation capacity catches up B. Redefine the program metrics to measure remediation outcomes, not scan activity C. Escalate overdue findings directly to system owners' executives D. Outsource remediation to a managed security service provider Come back for the answer tomorrow, or study more now!

A developer's leaked API key is used to spin up 400 cryptocurrency mining instances in your AWS account overnight. The monthly bill is now $180K over budget. What should the incident responder do FIRST? A. Terminate all unauthorized instances to stop the financial bleeding B. Rotate the compromised API key and disable the associated IAM user C. Snapshot the instances and preserve CloudTrail logs for forensic analysis D. Contact AWS billing to request a fraud-related credit Come back for the answer tomorrow, or study more now!

Your company's HR department deploys a resume-screening AI tool without consulting security or legal. A rejected applicant files a discrimination complaint claiming the tool filtered out candidates based on age. Who should the CISO escalate to FIRST? A. The AI vendor to request bias testing documentation B. Legal counsel to assess regulatory exposure from the unauthorized deployment C. The HR director to immediately disable the tool D. Internal audit to begin a full algorithmic fairness review Come back for the answer tomorrow, or study more now!

Your data science team trains ML models using distributed GPU clusters across three cloud regions. The security team discovers that training data and model parameters traverse the corporate WAN unencrypted alongside general business traffic. What should the network security architect recommend FIRST? A. Encrypt all WAN traffic using a site-to-site VPN between the three cloud regions B. Implement micro-segmentation to isolate AI training environments from enterprise traffic C. Deploy a CASB to monitor and control data movement between cloud regions D. Migrate all training workloads to a single region to eliminate cross-region data transit Come back for the answer tomorrow, or study more now!

Your organization's fraud detection ML model passes all traditional software vulnerability scans. However, a red team discovers they can subtly alter transaction inputs to cause the model to misclassify fraudulent activity as legitimate. What testing gap does this BEST illustrate? A. The vulnerability scans lacked authenticated scanning credentials B. Static application security testing was not integrated into the CI/CD pipeline C. The assessment program did not include adversarial robustness testing of the model D. The red team should have coordinated findings with the vulnerability management team first Come back for the answer tomorrow, or study more now!