Domains 5 (Data Protection, ~18%) and 6 (Management & Governance, ~14%) close the exam's arc. Relationship: Domain 5 asks "how do we encrypt/isolate/retain data?" while Domain 6 asks "how do we enforce that across organization scale?" Specialty answers take a control working in one account and propagate it organization-wide. Today we bind KMS-centric data protection with Organizations-centric enforcement into one control-propagation model.