A financial company requires a new private network link with a business partner to cater for realtime and
batched data flows.
Which of the following activities should be performed by the IT security staff member prior to
establishing the link?

A.
Baseline reporting

B.
Design review

C.
Code review

D.
SLA reporting

Explanation:
This question is asking about a new private network link (a VPN) with a business partner. This will provide
access to the local network from the business partner.
When implementing a VPN, an important step is the design of the VPN. The VPN should be designed to
ensure that the security of the network and local systems is not compromised.
The design review assessment examines the ports and protocols used, the rules, segmentation, and
access control in the systems or applications. A design review is basically a check to ensure that the
design of the system meets the security requirements.
Incorrect Answers:A: A baseline report compares the current status of network systems in terms of security updates,
performance or other metrics to a predefined set of standards (the baseline). In this question, we are
implementing a VPN. We need to ensure that the design of the VPN meets the security requirements
BEFORE the VPN is implemented.
C: A code review is the process of reviewing the code of a software application. This question is asking
about the design and implementation of a VPN. Therefore, this answer is irrelevant and incorrect.
D: SLA (Service Level Agreement) reporting is the process of comparing (and reporting on) current
performance in terms of system uptime or deliverables delivered on time to the metrics defined in the
SLA. This question is asking about the design and implementation of a VPN. Therefore, this answer is
irrelevant and incorrect.