Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
It is D and I will explain why:
Part of the question is "analyst do FIRST prior to discussing company's needs?" This eliminates an NDA as we are not discussing our requirements. The only other option that makes sense and is commonly used, is a whitepaper.
A white paper is independent audits, testaments and so on regarding products/services and underlying security, architecture, data governance and so on.
So in summary, you would certainly review the white paper for a cloud SIEM you're interested in, so see if you believe it meets your companies needs. Prior to discussing with the Cloud provider, which could require an NDA.
I'm feeling D as well. I am reading this as we are "reviewing" and new product, not a "we are or have purchased this product" and need an NDA. The NDA, if needed should have happened during the procurement process. So at the review phase, I would be getting white papers.
Keep in mind, the question is asking what to do "FIRST prior to discussing the company's needs?". From this alone, I am assuming the security white papers have already been reviewed and they are about to discuss company needs. Before discussing anything confidential, an NDA is a must. CompTIA wants the world to burn for writing these questions.
This question is haunting me admittedly, i’m starting to believe the answer CompTIA is looking for is D because of the question saying the analyst is reviewing a “new” solution. Ugg
B. Ensure a current non-disclosure agreement is on file.
Before delving into discussions about the company's specific needs and potentially sensitive information, it's important to have a non-disclosure agreement (NDA) in place. This agreement helps protect the confidentiality of the information exchanged between the analyst and the provider of the cloud-based SIEM solution. Once the NDA is in place, the analyst can proceed to gather information about the solution's security features and capabilities to better address the company's specific requirements.
D. Ensure a current non-disclosure agreement is on file.
Before discussing the company's needs and any specific details regarding the cloud-based SIEM solution, it is important for the analyst to ensure that a current non-disclosure agreement (NDA) is on file. This step is crucial to protect the confidentiality of any sensitive information that may be shared during the review process.
By having an NDA in place, the analyst can have open and candid discussions with the company about their needs, without the risk of confidential information being shared or misused. It establishes a legal framework that safeguards both parties' interests and helps create a trustworthy environment for sharing sensitive information.
Once the NDA is in place, the analyst can proceed with further actions like performing a vulnerability scan, downloading the product security white paper, and checking industry news feeds for product reviews. These activities can provide additional insights and information about the cloud-based SIEM solution, helping the analyst make an informed evaluation.
I would choose B because I know Comptia. However, you don't need to have them sign an NDA unless you are sharing data. Letting them know what you want in a product is not sharing data.
I think the answer is D, the question asks what we should do FIRST. Why bring in an NDA if we dont even know if this product will do what we want it to do? Dont feel obligated ot agree with me.
When reviewing a new cloud-based SIEM solution, the analyst may be exposed to sensitive or confidential information about the product, such as its architecture, features, and capabilities. Therefore, it is important for the analyst to ensure that a current NDA is on file before discussing the product with the vendor or any other parties.
why do you need NDA if you are discussing your own company needs with YOUR company?
and Nope there is no such thing as product security white paper for SIEMs, etc.
the only option that makes sense is A, it wouldn't kill you to take look at reviews of the product.
Why the heck would I check NDA if I don't know what the product does/features and whether or not it fits my needs and satisfies my requirements...answer is D
Prior to discussing the company's needs - Download the product security white paper to find out if the product is useful for your company. I go with option D.
Non-Disclosure Agreement (NDA)
o A contract that sets forth the legal basis for protecting information assets between two
parties.
This is a must when moving to a cloud-based environment
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
[Removed]
Highly Voted 1 year, 1 month ago2Fish
1 year, 1 month agoforklord72
Highly Voted 1 year, 6 months agoforklord72
1 year, 6 months ago2Fish
1 year agoRobV
Most Recent 4 months, 1 week agonovolyus
5 months agoSleezyglizzy
9 months, 1 week agokyky
10 months agokyky
10 months agonomad421
11 months agonedeajob12
1 year agokiduuu
1 year agoRyukendo
1 year, 5 months agobrvndvnwolf
1 year, 4 months agodavid124
1 year, 5 months agoCW4901
1 year, 6 months agoA_core
1 year, 6 months agoMortG7
1 year, 6 months agoPTcruiser
1 year, 6 months agohaykaybam
1 year, 6 months agoR00ted
1 year, 6 months ago