Module 33 - Third-Party Security - Q&A Flashcards
Which of the following is not an example of outsourcing services to a third party? A. Data storage B. Applications C. Network services D. Software use
D. Software use is not an example of a service that would be outsourced to a third party.
Which of the following must be included in contract agreements with third parties? (Choose all that apply.) A. Technical interface specifications B. Security policies C. Security procedures D. Proprietary data
A, B, C. All of these should be included in contract agreements with third parties.
Which of the following issues will need to be resolved from a technical security perspective when exchanging data with a business partner? A. Data types B. Authentication C. Data formats D. Bandwidth
B. Authentication must be considered before exchanging data with a business partner.
Which of the following must be resolved when offboarding a third-party organization after a contract has ended? A. Encryption B. Authentication C. Data ownership D. Data retention
D. Data retention is a concern between organizations when terminating a business agreement.
You are providing input for a contract agreement with a business partner. Both organizations have public social media sites, and your organization wants to be able to exclusively update the joint social media site that will be created when the partnership begins. How should this issue be resolved? (Choose two.)
A. Develop a joint social media policy.
B. Allow only your organization to have control of social media sites.
C. Restrict update permissions only to certain personnel in both organizations.
D. Allow any member from each organization to post updates to the social media site.
A, C. All parties to the agreement must develop a joint social media policy and then restrict update permissions only to certain personnel in both organizations.
Which of the following represents a security-related concern that must be discussed in any agreement with a third party? A. Product marketing B. Data format C. Connectivity D. Privacy
D. Privacy is a serious consideration with respect to protecting certain types of data that may be shared between organizations.
Which of the following would a third party need to have in place to demonstrate due diligence with regard to data protection? A. Risk management program B. Legal compliance policies C. Authentication technologies D. Backup procedures
A. An overall risk management program demonstrates due diligence by a third party with regard to data protection.
Which of the following types of legal agreements describes the levels of availability that a third-party cloud provider must sustain? A.BPA B. MOU C.SLA D. ISA
C. An SLA describes the levels of availability that a third-party cloud provider must sustain.
Which of the following types of agreements is often used internally between government agencies to define functions or services each will provide to the other? A. Business partner agreement B. Interconnection service agreement C.Servicelevelagreement D. Memorandum of understanding
D. A memorandum of understanding (MOU) is often used internally between government agencies to define functions or services they will provide to each other.
Which of the following specifically defines the technical details for interfacing systems and networks together to share data between two businesses? A. Memorandum of understanding B. Interconnection service agreement C.Servicelevelagreement D. Business partner agreement
B. An interconnection service agreement (ISA) specifically defines the technical details for interfacing systems and networks together to share data between two businesses.