It is D and I will explain why:
Part of the question is "analyst do FIRST prior to discussing company's needs?" This eliminates an NDA as we are not discussing our requirements. The only other option that makes sense and is commonly used, is a whitepaper.
A white paper is independent audits, testaments and so on regarding products/services and underlying security, architecture, data governance and so on.
So in summary, you would certainly review the white paper for a cloud SIEM you're interested in, so see if you believe it meets your companies needs. Prior to discussing with the Cloud provider, which could require an NDA.
I'm feeling D as well. I am reading this as we are "reviewing" and new product, not a "we are or have purchased this product" and need an NDA. The NDA, if needed should have happened during the procurement process. So at the review phase, I would be getting white papers.
Keep in mind, the question is asking what to do "FIRST prior to discussing the company's needs?". From this alone, I am assuming the security white papers have already been reviewed and they are about to discuss company needs. Before discussing anything confidential, an NDA is a must. CompTIA wants the world to burn for writing these questions.
This question is haunting me admittedly, i’m starting to believe the answer CompTIA is looking for is D because of the question saying the analyst is reviewing a “new” solution. Ugg
When reviewing a new cloud-based Security Information and Event Management (SIEM) solution, the analyst should FIRST consider downloading the product security white paper.
B. Ensure a current non-disclosure agreement is on file.
Before delving into discussions about the company's specific needs and potentially sensitive information, it's important to have a non-disclosure agreement (NDA) in place. This agreement helps protect the confidentiality of the information exchanged between the analyst and the provider of the cloud-based SIEM solution. Once the NDA is in place, the analyst can proceed to gather information about the solution's security features and capabilities to better address the company's specific requirements.
D. Ensure a current non-disclosure agreement is on file.
Before discussing the company's needs and any specific details regarding the cloud-based SIEM solution, it is important for the analyst to ensure that a current non-disclosure agreement (NDA) is on file. This step is crucial to protect the confidentiality of any sensitive information that may be shared during the review process.
By having an NDA in place, the analyst can have open and candid discussions with the company about their needs, without the risk of confidential information being shared or misused. It establishes a legal framework that safeguards both parties' interests and helps create a trustworthy environment for sharing sensitive information.
Once the NDA is in place, the analyst can proceed with further actions like performing a vulnerability scan, downloading the product security white paper, and checking industry news feeds for product reviews. These activities can provide additional insights and information about the cloud-based SIEM solution, helping the analyst make an informed evaluation.
I would choose B because I know Comptia. However, you don't need to have them sign an NDA unless you are sharing data. Letting them know what you want in a product is not sharing data.
I think the answer is D, the question asks what we should do FIRST. Why bring in an NDA if we dont even know if this product will do what we want it to do? Dont feel obligated ot agree with me.
When reviewing a new cloud-based SIEM solution, the analyst may be exposed to sensitive or confidential information about the product, such as its architecture, features, and capabilities. Therefore, it is important for the analyst to ensure that a current NDA is on file before discussing the product with the vendor or any other parties.
why do you need NDA if you are discussing your own company needs with YOUR company?
and Nope there is no such thing as product security white paper for SIEMs, etc.
the only option that makes sense is A, it wouldn't kill you to take look at reviews of the product.
Why the heck would I check NDA if I don't know what the product does/features and whether or not it fits my needs and satisfies my requirements...answer is D
Prior to discussing the company's needs - Download the product security white paper to find out if the product is useful for your company. I go with option D.
This section is not available anymore. Please use the main Exam Page.CS0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
[Removed]
Highly Voted 2 years, 2 months ago2Fish
2 years, 1 month agoforklord72
Highly Voted 2 years, 6 months agoforklord72
2 years, 6 months ago2Fish
2 years, 1 month agozecomeia_007
Most Recent 9 months, 2 weeks agoRobV
1 year, 4 months agonovolyus
1 year, 5 months agoSleezyglizzy
1 year, 9 months agokyky
1 year, 10 months agokyky
1 year, 10 months agonomad421
1 year, 11 months agonedeajob12
2 years agokiduuu
2 years, 1 month agoRyukendo
2 years, 5 months agobrvndvnwolf
2 years, 5 months agodavid124
2 years, 6 months agoCW4901
2 years, 6 months agoA_core
2 years, 7 months agoMortG7
2 years, 7 months agoPTcruiser
2 years, 7 months agohaykaybam
2 years, 7 months ago