@James Dobbin some would even say it’s the key, 😉

@Ms. Marlow 100% done is better than perfect, love it

@Sebastian Maute Correct Answer: D. Defer the decision until a formal threat model evaluates both risks Explanation (CISSP logic): Two legitimate security objectives are in direct conflict: confidentiality of service communications versus visibility for threat detection. Neither team is wrong. This is a classic CIA triad seesaw, and the CISSP answer is never to pick a side without understanding the risk landscape. A formal threat model quantifies what you lose with each approach: What's the likelihood and impact of lateral movement going undetected? What's the exposure if internal traffic is intercepted unencrypted? That analysis drives the architecture decision, not organizational politics. Breakdown: A. Prioritize encryption, accept reduced visibility - Makes a risk acceptance decision without a risk assessment. You're trading one exposure for another without quantifying either. B. Reject encryption to preserve detection - Same problem in reverse. Unencrypted east-west traffic is a real vulnerability, especially in zero trust environments. You can't dismiss it to protect one team's workflow. C. TLS termination for authorized inspection - This is likely the eventual technical solution, and it's the strongest distractor. But implementing an architecture without first understanding the threat landscape puts the cart before the horse. What if the threat model reveals certain services don't need inspection, or others need stronger isolation? D. ✅ Correct. A threat model provides the evidence base for an informed decision. It may lead to Option C, or a hybrid approach, or different controls entirely. The point is the decision is risk-driven, not opinion-driven. Think like a manager: When two security controls conflict, don't pick a winner. Model the threats and let the risk data break the tie.