A project manager is developing a developer portal and requests that the security manager assign a public IP
address so that it can be accessed by in-house staff and by external consultants outside the organization’s local
area network (LAN). What should the security manager do FIRST?

A.
Understand the business requirements of the developer portal

B.
Perform a vulnerability assessment of the developer portal

C.
Install an intrusion detection system (IDS)

D.
Obtain a signed nondisclosure agreement (NDA) from the external consultants before allowing external
access to the server