CISSP Practice Question (Domain 1: Security and Risk Management)

A business unit deploys an AI agent that autonomously negotiates vendor contracts within predefined spend limits. The agent improves efficiency but occasionally commits the company to unfavorable terms. Executives want to continue using it. What is the MOST appropriate action for the security leader?

A. Disable autonomous execution and require human approval for commitments

B. Update the organization’s risk register to reflect agent decision authority

C. Require explainability reports for every AI-driven contract decision

D. Transfer contractual risk to vendors through revised legal language

Come back for the answer tomorrow, or study more now!

26 comments