CISSP Practice Question (Domain 1: Security and Risk Management - AI Exam Guidance)
Your company plans to adopt a third-party AI vendor to process regulated customer data. The vendor offers strong contractual indemnification but declines to share model documentation. What should the security leader do FIRST?
A. Negotiate stronger audit rights into the contract
B. Perform a vendor risk assessment against organizational risk appetite
C. Require the vendor to obtain independent AI certification
D. Pilot the tool with anonymized data to evaluate performance
0
9 comments
Vincent Primiani
7
CISSP Practice Question (Domain 1: Security and Risk Management - AI Exam Guidance)
CISSP Study Group
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
Powered by