Exam SY0-501 topic 1 question 272 discussion

The question describes an ISA way more than a SLA considering it wants to "transition" data from one entity to another. They are also describing Security as a Service: Interconnection security agreement (ISA). An ISA specifies technical and security requirements for planning, establishing, maintaining, and disconnecting a secure connection between two or more entities. Used to define security controls. An SLA is an agreement between a company and a vendor that stipulates performance expectations, such as minimum uptime and maximum downtime levels. It should be answer B.

It is Service level agreement. A service-level agreement (SLA) is a commitment between a service provider and a client. The beginning sentence gives it away in this scenario.

SLA agreement is signed with suppliers in this case the question is not asking how suppliers should give reliable,quality data instead the company need the cloud provider to keep its confidential data not to spread it with unauthorized entity. So non disclosure is the best choice And C

The answer is Non disclosure agreement let me explain why? What is the key word keeping customers data meaning it is about confidentiality. However, Service level agreement (SLA) is about nothing but issues regarding the minimum requirement to get the service, qulity,and how service will be returned back to normal after inturption due to disaster or technical issue. So keep in mind that when it comes to not sharing or protecting sensitive data such as trade secret or patent right or CEO salary the concern is not to disclose this critical data to outsiders. So the answer is C

ISA also defines to used primarily by Government business agreements such as government contracts and what not, I do not see anything in the question related to that. It does seem to say that controlling sensitive data is a minimum requirement of service which falls under SLA

everyone here says B but exam topics is showing SLA, Gibson is saying ISA too for this kind of question, so what should we go with. any one from Exam TOPICS ?????????

I think it's SLA. Think about what the company wants: "...wants to ensure the provider has sufficient administrative and logical controls..." D. Gibson explains: "An SLA is an agreement between a company and a vendor that stipulates performance expectations,..." Therefore, the EXPECTATION=the WANT. It's the requirement of the matter, not the underlying issue.

I think B"If the parties will be handling sensitive data, they should include an ISA to ensure strict guidelines are in place to protect the data while in transit."

SLA - between customer and supplier ISA - sets IT networking requirements SLA is a contract between a supplier and a customer, defines what is provided for a specific cost, barter, or other compensation. IT specifies the range, values, quality, time frame, performance, and other attributes of the service product. If the provider does not fulfill their obligations, the SLA lists the customer's options of compensation or recompense. It also defines the customer's penalties in the event of late or non-payment. ISA is a formal declaration of the security stance, risks, and technical requirements of a link between two organizations' IT infrastructures. The goal of the ISA is to define the expectations and responsibilities of maintaining security over a communications path between two networks. Connecting networks can be mutually beneficial, but it also raises additional risks that need to be identified and addressed. An ISA is a means to accomplish that.

Answer is 'A'. It cannot be 'B', as I believe an ISA describes the technical aspects of the connectivity between two entities, including type of encryption etc, as well as defining the circumstances under which the connections would be established.

A. Service level agreement (SLA)- service expected and measured in metrics

ISA provides security while data in transit, providing security between connection. It does not provide protecting data at rest. SLA can be used to make an agreement on the security service the cloud provider need to have.

It is NDA. The concern is about disclosure of sensitive information, hence the NDA. An ISA is for interconnection procedures and points like if it’s going to be through a VPN, over the internet with only a certain public IP allowed (white list), SSL VPN, etc., and all security measures that comes along. Answer C

B - The question says "The organization retains SENSITIVE customer data" - in other words sensitive data that should be kept secret. That's SECURITY. So we need a ISA.

Answer: B NIST 800-47 Security Guide for Interconnecting Information Technology Systems: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-47.pdf

https://blogs.getcertifiedgetahead.com/security-interoperability-agreements/ ISA. Daryl Gibson explains this very well!

Answer is B ISA: "A document that regulates security-relevant aspects of an intended connection between an agency and an external system. It regulates the security interface between any two systems operating under two different distinct authorities. It includes a variety of descriptive, technical, procedural, and planning information. It is usually preceded by a formal MOA/MOU that defines high- level roles and responsibilities in management of a cross-domain connection." SLA is concerned with aspects of quality and availability not security.