Practice Questions 12-14
.docx
keyboard_arrow_up
School
LDS Business College *
*We aren’t endorsed by this school
Course
312
Subject
Information Systems
Date
May 16, 2024
Type
docx
Pages
62
Uploaded by MinisterGoatMaster532 on coursehero.com
12.2.3 Practice Questions
Exit Exam
Assessment End
You have reached the end of the assessment.
Legal
Copyright © The Computing Technology Industry Association, Inc. All rights reserved.
12.2.3 Practice Questions
close modal
Candidate: Yuri Zanini (yurizanini)
Date: 5/1/2024, 8:51:32 PM • Time Spent: 00:20
Score: 30%
Passing Score: 80%
Individual ResponsesObjective Analysis
Question 1.
Incorrect
Two organizations plan on forming a partnership to provide systems security services. Onboarding requirements for both sides include a mutual understanding of quality management processes.
Which approach BEST meets this requirement?
answer
Correct Answer:
Business partnership agreement (BPA)
Service level agreement (SLA)
Incorrect answer:
Non-disclosure agreement (NDA)
Measurement systems analysis (MSA)
Explanation
BPAs are commonly used models in IT, such as among partner agreements that large IT companies set up with resellers and solution providers.
An NDA is an agreement that provides a basis for protecting information
assets. NDAs are between companies and employees, between companies and contractors, and between two companies.
An SLA is a formal agreement that lays out the detailed conditions for how the vendor conducts the service.
An MSA relates to quality management processes that use quantified analysis methods to determine the effectiveness of a system and may be part of an onboarding requirement.
References
o
12.2.1 Managing Third Parties
o
12.2.2 Managing Third Parties Facts
q_man_thirdparties_bpa_01_secp8.question.fex
Question 2.
Correct
As a new IT manager at TechCorp, you are tasked with onboarding a third-party vendor that will provide critical IT services.
During the onboarding process, you discover that the vendor's security policies and incident response procedures are significantly different from those of TechCorp.
What should you do?
answer
Ignore the differences and proceed with the onboarding process.
Report the vendor to the authorities for having different policies.
Cancel the onboarding process immediately.
Correct Answer:
Discuss the differences with the vendor and seek to align the policies and procedures.
Explanation
When differences in security policies and procedures are identified, the best course of action is to discuss these differences with the vendor. The goal should be to align the policies and procedures as closely as possible to ensure the security of both organizations.
Ignoring significant differences in security policies and procedures could
expose TechCorp to unnecessary risks. It's important to address these differences before proceeding with the onboarding process.
While it's important to take security seriously, cancelling the onboarding process immediately doesn't allow for the possibility of resolving the differences. It's better to discuss the issues with the vendor first.
Having different security policies and procedures is not illegal, and there's no need to report the vendor to the authorities. The focus should be on working with the vendor to align the policies and procedures.
References
o
2.1.6 Attack Surfaces
o
2.1.7 Attack Surfaces Facts
o
10.4.4 Cloud Computing Facts
q_man_thirdparties_discuss_differences_secp8.question.fex
Question 3.
Correct
Two technology firms are in preliminary discussions to work together on several projects. The joint venture's goal entails providing support services to a broader customer base as an entity with shared resources.
Each firm has its own customer base, custom-branded products, and established processes.
Which of the following types of agreements BEST meets the firms' needs?
answer
Business partners agreement (BPA)
Non-disclosure agreement (NDA)
Correct Answer:
Memorandum of understanding (MOU)
Memorandum of agreement (MOA)
Explanation
An MOU is a preliminary or exploratory agreement to express an intent to work together. MOUs tend to be relatively informal and do not act as binding contracts.
An MOA is a formal agreement or contract that contains specific obligations rather than a broad understanding.
A BPA is a type of partner agreement that large IT companies, such as Microsoft and Cisco, set up with resellers and solution providers.
An NDA is an agreement that provides a basis for protecting information
assets. NDAs can exist between companies and employees, between companies and contractors, and between two companies.
References
o
12.2.1 Managing Third Parties
o
12.2.2 Managing Third Parties Facts
q_man_thirdparties_mou_02_secp8.question.fex
Question 4.
Incorrect
The IT department in a technology company is finalizing an agreement with a cloud service provider to host sensitive customer data. The company's legal team is drafting the contract, which includes a service level agreement (SLA) and a non-disclosure agreement (NDA).
Which of the following explanations MOST accurately demonstrates the primary purpose of including an NDA in the contract with the cloud service provider?
answer
To ensure compliance with industry regulations and standards
Correct Answer:
To protect the confidentiality of the company's data and proprietary information
Incorrect answer:
To outline the vendor's responsibilities for incident response and recovery
To specify the expected service quality and support responsiveness
Explanation
Integrating an NDA into the contract protects the company's sensitive data and unique proprietary knowledge. This agreement forms a legal foundation that keeps this information secure and prevents unauthorized entities from inadvertently or maliciously disclosing it.
In contrast to the NDA, the SLA sets out the expected level of service that we expect the vendor to deliver, including standards for uptime and the speed of support responses. This ensures that the vendor meets our
high service standards.
The NDA maintains the data's confidentiality and protects it from potential breaches.
The NDA strengthens our focus on confidentiality and establishes strong data protection measures.
References
o
12.2.1 Managing Third Parties
o
12.2.2 Managing Third Parties Facts
q_man_thirdparties_nda_03_secp8.question.fex
Question 5.
Incorrect
A popular entertainment company is onboarding a new employee. The company has completed preliminary interview steps and due diligence.
Internal security is extremely important, so their human resources department is preparing documentation for the formal employment process.
In implementing the process, which solution would help limit the risk of proprietary data that an employee outside the company can use?
answer
Incorrect answer:
Identity and access management (IAM)
Analysis and identification
Correct Answer:
Non-disclosure agreement (NDA)
Background check
Explanation
When an employee or contractor signs an NDA, they confirm they will not share confidential information with a third party. Signing this type of contract legally protects internal intellectual property.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help