A business unit requests permanent retention of all customer transaction records "in case we ever need them." Legal has not issued a hold, and the current retention schedule requires deletion after seven years. As the data owner's advisor, what is the BEST response? A. Honor the request since longer retention reduces legal discovery risk B. Enforce the existing retention schedule and require a formal exception with risk acceptance C. Migrate the records to cold storage to balance cost and accessibility D. Defer to Legal before taking any action on the records Come back for the answer tomorrow, or study more now!

Your organization passes its annual SOC 2 Type II audit with no findings. Two months later, a penetration test reveals a critical vulnerability in a customer-facing application that has existed for over a year. The board questions why the audit missed it. What is the BEST explanation? A. The penetration testing firm used more advanced techniques than the SOC 2 auditors B. SOC 2 evaluates control design and operating effectiveness, not technical vulnerability discovery C. The audit scope was improperly defined and should have included application testing D. The auditors failed to meet professional due diligence standards Come back for the answer tomorrow, or study more now!

A software project team is strictly adhering to the Cleanroom Software Engineering methodology, emphasizing statistically certified reliability. They are in the final acceptance testing phase of the third product increment. The independent Certification Team has just revealed that, based on statistical usage testing, the calculated Mean Time To Failure (MTTF) for the current increment falls significantly below the minimum certified reliability target established in the contract specification. The implementation team is arguing they should be allowed to run full-coverage unit tests on suspect modules to quickly pinpoint the likely errors before the next build. The Verification Team leader insists on simply increasing the size and diversity of the random-usage test suite to gather more data. What is the most consistent and methodologically sound action you should take next? A. Postpone the increment release, formally document the current achieved MTTF, and defer the required corrective action and refactoring to the next planned incremental build cycle to stabilize the current process. B. Permit the implementation team to perform targeted unit testing on the suspect modules to quickly diagnose the root cause, provided all fixes and tests are fully documented and reviewed by the Verification Team before inclusion in the final build. C. Immediately halt the implementation team's work, conduct a formal design and code walk-through by the independent Inspection Team, and utilize the formal specification to mathematically prove the correction before any code modification is committed. D. Reject the unit testing proposal, require the Certification Team to focus their next testing cycle exclusively on high-risk, unverified use-case profiles to isolate the faults, and then apply minimal, verified changes.

Your organization is migrating critical workloads to a hybrid cloud. The network team proposes extending the existing flat internal VLAN into the cloud VPC to simplify routing and accelerate the cutover. As the security architect, what is the BEST response? A. Approve, provided IPsec tunnels encrypt all inter-site traffic B. Require micro segmentation aligned to a Zero Trust reference architecture C. Mandate east-west IDS sensors before the migration begins D. Defer until a cloud access security broker (CASB) is deployed Come back for the answer tomorrow, or study more now!

Your company's HR department deploys a resume-screening AI tool without consulting security or legal. A rejected applicant files a discrimination complaint claiming the tool filtered out candidates based on age. Who should the CISO escalate to FIRST? A. The AI vendor to request bias testing documentation B. Legal counsel to assess regulatory exposure from the unauthorized deployment C. The HR director to immediately disable the tool D. Internal audit to begin a full algorithmic fairness review Come back for the answer tomorrow, or study more now!