An organization is partnering with another organization which requires shared systems. Which of the following documents would outline how the shared systems interface?
a. SLA
b. BPA
c. MOU
d. ISA
Answer: D
An interconnection security agreement (ISA) is an agreement between organizations that have connected IT systems. Answer A is incorrect because a service level agreement (SLA) is a contract between a service provider and a customer that specifies the nature of the service to be provided and the level of service that the provider will offer to the customer. Answer B is incorrect because a business partners agreement (BPA) is a contract that establishes partner profit percentages, partner responsibilities, and exit strategies for partners. Answer C is incorrect because a memorandum of understanding (MOU) is a document that outlines the terms and details of an agreement between parties, including each party's requirements and responsibilities.
Learn More :
Security-Related Policies and Procedures
- The organization is concerned about vulnerabilities in commercial off-the-shelf (COTS) software. Which of the following might be the only means of reviewing the security quality of the program?
- Which rule of evidence within the United States involves Fourth Amendment protections?
- Which of the following is not a principal concern for first responders to a hacking incident within a corporation operating in the United States?
- An organization is looking for a filtering solution that will help eliminate some of the recent problems it has had with viruses and worms. Which of the following best meets this requirement?
- Which policy defines what constitutes sensitive data and applies protection to it?
- Which of the following is the basic premise of least privilege?
- On a Linux-based system, which account is equivalent to the administrator account in Windows?
- A policy of mandatory vacations should be implemented in order to assist in:
- Which policies define how individuals are brought into an organization?
- The process of establishing boundaries for information sharing is called:
- People in an organization can withhold classified or sensitive information from others in the company when governed by what type of policy?
- Which of the following is one of the most common certificates in use today?
- Most CAs require what to define certificate issue processes, record keeping, and subscribers' legal acceptance of terms?
- Which audits help ensure that procedures and communications methods are working properly in the event of a problem or issue?
- Which Windows Firewall events are logged by default in Windows 7?
- A periodic security audit of which of the following can help determine whether privilege-granting processes are appropriate and whether computer usage and escalation processes are in place and working?
- Which of the following occurs under the security policy administered by a trusted security domain?
- Which type of policy would govern whether employees can engage in practices such as taking gifts from vendors?
- On a NetWare-based system, which account is equivalent to the administrator account in Windows?
- Which ISO standard states: "Privileges should be allocated to individuals on a need-to-use basis and on an event-by-event basis, i.e. the minimum requirement for their functional role when needed"?
- Which process inspects procedures and verifies that they're working?
- MTS is in the process of increasing all security for all resources. No longer will the legacy method of assigning rights to users as they're needed be accepted. From now on, all rights must be obtained for the network or system through group membership. Which of the following groups is used to manage access in a network?
- You're giving hypothetical examples during a required security training session when the subject of certificates comes up. A member of the audience wants to know how a party is verified as genuine. Which party in a transaction is responsible for verifying the identity of a certificate holder?
- Which policy dictates how an organization manages certificates and certificate acceptance?