12.2.3 Practice Questions Flashcards
Question 1.
Two organizations plan on forming a partnership to provide systems security services. Onboarding requirements for both sides include a mutual understanding of quality management processes.
Which approach BEST meets this requirement?
answer
Business partnership agreement (BPA)
Measurement systems analysis (MSA)
Service level agreement (SLA)
Non-disclosure agreement (NDA)
Correct Answer:
Business partnership agreement (BPA)
Question 2.
As a new IT manager at TechCorp, you are tasked with onboarding a third-party vendor that will provide critical IT services.
During the onboarding process, you discover that the vendor’s security policies and incident response procedures are significantly different from those of TechCorp.
What should you do?
answer
Cancel the onboarding process immediately.
Discuss the differences with the vendor and seek to align the policies and procedures.
Report the vendor to the authorities for having different policies.
Ignore the differences and proceed with the onboarding process.
Correct Answer:
Discuss the differences with the vendor and seek to align the policies and procedures.
Question 3.
Two technology firms are in preliminary discussions to work together on several projects. The joint venture’s goal entails providing support services to a broader customer base as an entity with shared resources.
Each firm has its own customer base, custom-branded products, and established processes.
Which of the following types of agreements BEST meets the firms’ needs?
answer
Non-disclosure agreement (NDA)
Business partners agreement (BPA)
Memorandum of agreement (MOA)
Memorandum of understanding (MOU)
Correct Answer:
Memorandum of understanding (MOU)
Question 4.
Correct
The IT department in a technology company is finalizing an agreement with a cloud service provider to host sensitive customer data. The company’s legal team is drafting the contract, which includes a service level agreement (SLA) and a non-disclosure agreement (NDA).
Which of the following explanations MOST accurately demonstrates the primary purpose of including an NDA in the contract with the cloud service provider?
answer
To ensure compliance with industry regulations and standards
To outline the vendor’s responsibilities for incident response and recovery
To protect the confidentiality of the company’s data and proprietary information
To specify the expected service quality and support responsiveness
Correct Answer:
To protect the confidentiality of the company’s data and proprietary information
Question 5.
A popular entertainment company is onboarding a new employee. The company has completed preliminary interview steps and due diligence.
Internal security is extremely important, so their human resources department is preparing documentation for the formal employment process.
In implementing the process, which solution would help limit the risk of proprietary data that an employee outside the company can use?
answer
Identity and access management (IAM)
Non-disclosure agreement (NDA)
Background check
Analysis and identification
Correct Answer:
Non-disclosure agreement (NDA)
Question 6.
You are a cybersecurity consultant hired to conduct a penetration test for a client. The client has provided you with a rules of engagement (RoE) document.
Upon reviewing the document, you notice that it does not specify the timeframes for the testing activities.
What should you do?
answer
Reject the RoE and refuse to conduct the penetration test until timeframes are specified.
Engage the client in a discussion to clarify and agree upon the timeframes for the testing activities.
Decide on the timeframes yourself and inform the client after you have started the penetration test.
Proceed with the penetration test at your convenience since the RoE does not specify timeframes.
Correct Answer:
Engage the client in a discussion to clarify and agree upon the timeframes for the testing activities.
Question 7.
What is a service level agreement (SLA)?
answer
A contract with a legal entity to limit your asset-loss liability.
An agreement to support another company in the event of a disaster.
A guarantee of a specific level of service.
A contract with an ISP for a specific level of bandwidth.
Correct Answer:
A guarantee of a specific level of service.
Question 8.
Incorrect
When performing forensic investigation in public clouds, what document would contain the right-to-audit clause and give the investigator the authority to audit files on the network?
answer
Checksums
Forensic reports
Service level agreement (SLA)
Supply chain analysis.
Correct Answer
Service level agreement (SLA)
Question 9.
Correct
You are the chief procurement officer in a multinational corporation. Your company is considering a new vendor for a critical component of your product. The vendor has a strong reputation and their product is of high quality.
However, you are aware that the vendor relies heavily on a single supplier for their raw materials.
What should you do?
answer
-Proceed with the vendor since they have a strong reputation and their product is of high quality.
-Conduct a thorough supply chain analysis to assess the potential risks associated with the vendor’s dependency on a single supplier.
-Negotiate lower prices with the vendor due to their dependency on a single supplier.
-Reject the vendor immediately due to their dependency on a single supplier.
Correct Answer:
Conduct a thorough supply chain analysis to assess the potential risks associated with the vendor’s dependency on a single supplier.
Question 10.
You are the chief information officer (CIO) of a large corporation. Your company has been relying on a single vendor for its entire IT infrastructure for the past five years.
Recently, this vendor has been facing financial difficulties and there are rumors of a potential bankruptcy.
What should be your immediate course of action?
answer
-Ignore the rumors and continue business as usual.
-Negotiate lower prices with the current vendor due to their financial difficulties.
-Start diversifying your vendor portfolio to ensure business resilience.
-Immediately switch to another vendor to avoid potential disruptions
Correct Answer:
Start diversifying your vendor portfolio to ensure business resilience.
