2d • 🙋♂️ CISSP
CISSP Practice Question (Domain 3: Security Architecture and Engineering)
A vendor proposes a new SaaS platform that processes regulated customer data. Procurement wants to sign by quarter-end, and the vendor's SOC 2 Type II report is six months old. As the security architect, what is the MOST appropriate next step?
A. Accept the SOC 2 report and proceed with contract execution
B. Require the vendor to complete your standard security questionnaire
C. Perform a risk assessment mapped to your control requirements
D. Demand a fresh penetration test before signing
Come back for the answer tomorrow, or study more now!
2
14 comments
CISSP Practice Question (Domain 3: Security Architecture and Engineering)
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+43
2
+40
3
+34
4
+33
5
+28
Powered by