CISSP Practice Question (Domain 7: Security Operations - AI Exam Guidance)

Your organization integrates an AI engine into its SOAR platform to auto-execute containment actions on flagged hosts. During a coordinated attack, the AI quarantines a critical production server, causing an outage. As the SOC manager, what is the MOST appropriate corrective action?

A. Disable AI-driven automation and revert to fully manual response

B. Define human-approval gates for high-impact automated actions

C. Lower the AI's confidence threshold to reduce false containments

D. Restrict automated containment to non-production network segments

Come back for the answer tomorrow, or study more now!

10 comments