Multiple Choice
A compliance officer of a large organization has reviewed the firm's vendor management program but has discovered there are no controls defined to evaluate third-party risk or hardware source authenticity. The compliance officer wants to gain some level of assurance on a recurring basis regarding the implementation of controls by third parties. Which of the following would BEST satisfy the objectives defined by the compliance officer? (Choose two.)
A) Executing vendor compliance assessments against the organization's security controls
B) Executing NDAs prior to sharing critical data with third parties
C) Soliciting third-party audit reports on an annual basis
D) Maintaining and reviewing the organizational risk assessment on a quarterly basis
E) Completing a business impact assessment for all critical service providers
F) Utilizing DLP capabilities at both the endpoint and perimeter levels
Correct Answer:
Verified
Correct Answer:
Verified
Q145: Which of the following MOST accurately describes
Q146: A large amount of confidential data was
Q147: While analyzing logs from a WAF, a
Q148: Which of the following software assessment methods
Q149: An analyst is searching a log for
Q151: A large organization wants to move account
Q152: As part of a review of incident
Q153: An analyst is performing penetration testing and
Q154: A security analyst recently discovered two unauthorized
Q155: Which of the following policies would state