Question 1

When entering into a third party vendor agreement for security services, at what point in the process is it BEST to understand and validate the security posture and compliance level of the vendor?

Options :

A : At the time the security services are being performed and the vendor needs access to the network

B : Once the agreement has been signed and the security vendor states that they will need access to the network

C : Once the vendor is on premise and before they perform security services

D : Prior to signing the agreement and before any security services are being performed

Answer: D

Question 2

Who is responsible for verifying that audit directives are implemented?

Options :

A : IT Management

B : Internal Audit

C : IT Security

D : BOD Audit Committee

Answer: B

Question 3

File Integrity Monitoring (FIM) is considered a

Options :

A : Network based security preventative control

B : Software segmentation control

C : Security detective control

D : User segmentation control

Answer: C

Question 4

Which of the following methods are used to define contractual obligations that force a vendor to meet customer expectations?

Options :

A : Terms and Conditions

B : Service Level Agreements (SLA)

C : Statement of Work

D : Key Performance Indicators (KPI)

Answer: B

Question 5

Which business stakeholder is accountable for the integrity of a new information system?

Options :

A : CISO

B : Compliance Officer

C : Project manager

D : Board of directors

Answer: A

Higher Test Marks with Free Online 712-50 Exam Practice

Buying Options: