Practice Questions 12-14.docx

12.2.3 Practice Questions Exit Exam Assessment End You have reached the end of the assessment. Legal Copyright © The Computing Technology Industry Association, Inc. All rights reserved. 12.2.3 Practice Questions close modal Candidate: Yuri Zanini (yurizanini) Date: 5/1/2024, 8:51:32 PM • Time Spent: 00:20 Score: 30% Passing Score: 80% Individual ResponsesObjective Analysis  Question 1. Incorrect Two organizations plan on forming a partnership to provide systems security services. Onboarding requirements for both sides include a mutual understanding of quality management processes. Which approach BEST meets this requirement? answer Correct Answer: Business partnership agreement (BPA)

Service level agreement (SLA) Incorrect answer: Non-disclosure agreement (NDA) Measurement systems analysis (MSA) Explanation BPAs are commonly used models in IT, such as among partner agreements that large IT companies set up with resellers and solution providers. An NDA is an agreement that provides a basis for protecting information assets. NDAs are between companies and employees, between companies and contractors, and between two companies. An SLA is a formal agreement that lays out the detailed conditions for how the vendor conducts the service. An MSA relates to quality management processes that use quantified analysis methods to determine the effectiveness of a system and may be part of an onboarding requirement. References o 12.2.1 Managing Third Parties o 12.2.2 Managing Third Parties Facts q_man_thirdparties_bpa_01_secp8.question.fex  Question 2. Correct As a new IT manager at TechCorp, you are tasked with onboarding a third-party vendor that will provide critical IT services. During the onboarding process, you discover that the vendor's security policies and incident response procedures are significantly different from those of TechCorp. What should you do?

answer Ignore the differences and proceed with the onboarding process. Report the vendor to the authorities for having different policies. Cancel the onboarding process immediately. Correct Answer: Discuss the differences with the vendor and seek to align the policies and procedures. Explanation When differences in security policies and procedures are identified, the best course of action is to discuss these differences with the vendor. The goal should be to align the policies and procedures as closely as possible to ensure the security of both organizations. Ignoring significant differences in security policies and procedures could expose TechCorp to unnecessary risks. It's important to address these differences before proceeding with the onboarding process. While it's important to take security seriously, cancelling the onboarding process immediately doesn't allow for the possibility of resolving the differences. It's better to discuss the issues with the vendor first. Having different security policies and procedures is not illegal, and there's no need to report the vendor to the authorities. The focus should be on working with the vendor to align the policies and procedures. References o 2.1.6 Attack Surfaces o 2.1.7 Attack Surfaces Facts o 10.4.4 Cloud Computing Facts q_man_thirdparties_discuss_differences_secp8.question.fex  Question 3. Correct

Two technology firms are in preliminary discussions to work together on several projects. The joint venture's goal entails providing support services to a broader customer base as an entity with shared resources. Each firm has its own customer base, custom-branded products, and established processes. Which of the following types of agreements BEST meets the firms' needs? answer Business partners agreement (BPA) Non-disclosure agreement (NDA) Correct Answer: Memorandum of understanding (MOU) Memorandum of agreement (MOA) Explanation An MOU is a preliminary or exploratory agreement to express an intent to work together. MOUs tend to be relatively informal and do not act as binding contracts. An MOA is a formal agreement or contract that contains specific obligations rather than a broad understanding. A BPA is a type of partner agreement that large IT companies, such as Microsoft and Cisco, set up with resellers and solution providers. An NDA is an agreement that provides a basis for protecting information assets. NDAs can exist between companies and employees, between companies and contractors, and between two companies. References o 12.2.1 Managing Third Parties o 12.2.2 Managing Third Parties Facts q_man_thirdparties_mou_02_secp8.question.fex

 Question 4. Incorrect The IT department in a technology company is finalizing an agreement with a cloud service provider to host sensitive customer data. The company's legal team is drafting the contract, which includes a service level agreement (SLA) and a non-disclosure agreement (NDA). Which of the following explanations MOST accurately demonstrates the primary purpose of including an NDA in the contract with the cloud service provider? answer To ensure compliance with industry regulations and standards Correct Answer: To protect the confidentiality of the company's data and proprietary information Incorrect answer: To outline the vendor's responsibilities for incident response and recovery To specify the expected service quality and support responsiveness Explanation Integrating an NDA into the contract protects the company's sensitive data and unique proprietary knowledge. This agreement forms a legal foundation that keeps this information secure and prevents unauthorized entities from inadvertently or maliciously disclosing it. In contrast to the NDA, the SLA sets out the expected level of service that we expect the vendor to deliver, including standards for uptime and the speed of support responses. This ensures that the vendor meets our high service standards. The NDA maintains the data's confidentiality and protects it from potential breaches.

The NDA strengthens our focus on confidentiality and establishes strong data protection measures. References o 12.2.1 Managing Third Parties o 12.2.2 Managing Third Parties Facts q_man_thirdparties_nda_03_secp8.question.fex  Question 5. Incorrect A popular entertainment company is onboarding a new employee. The company has completed preliminary interview steps and due diligence. Internal security is extremely important, so their human resources department is preparing documentation for the formal employment process. In implementing the process, which solution would help limit the risk of proprietary data that an employee outside the company can use? answer Incorrect answer: Identity and access management (IAM) Analysis and identification Correct Answer: Non-disclosure agreement (NDA) Background check Explanation When an employee or contractor signs an NDA, they confirm they will not share confidential information with a third party. Signing this type of contract legally protects internal intellectual property.

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help