A financial company requires a new private network link with a business partner to cater for
realtime and batched data flows.
Which of the following activities should be performed by the IT security staff member prior to
establishing the link?
A.
Baseline reporting
B.
Design review
C.
Code review
D.
SLA reporting
Explanation:
This question is asking about a new private network link (a VPN) with a business partner. This will
provide access to the local network from the business partner.
When implementing a VPN, an important step is the design of the VPN. The VPN should be
designed to ensure that the security of the network and local systems is not compromised.
The design review assessment examines the ports and protocols used, the rules, segmentation,
and access control in the systems or applications. A design review is basically a check to ensure
that the design of the system meets the security requirements.
If you engage in a design review every time you establish a VPN for a new business partner, you will have no time to conduct business. Your VPN application should be robust enough to sufficiently handle most every VPN established.
0
0
Thankfully there is only one correct answer in here
The key is that This VPN is as YET to be implemented and a link to a business partner should be implemented.
INCORRECT ANSWERS
A.Baseline reporting- Baseline reporting is done on servers and devices, and not on VPN connections
C.Code review – No code is involved in here, hence there is no code to be reviewed
D.SLA reporting – A service-level agreement (SLA) is a commitment between a service provider and a client. We do not know the nature of the relationship with the Business Partner, hence this answer is out of the question
So the only possible answers is indeed: B.Design review
With regards to the comment made by RJ. That is true provided that we are talking about an employee’s connectivity to his/her corporate Network via a corporate VPN.
Yet, the question in here is to create a tunnel between the Corporation and a 3rd party Business Partner. This is something completely different which certainly requires a level of planning and forethought. It would be remiss of any IT Department worth its salt to just “throw something together and see what comes up”
0
0