CompTIA Security Plus Mock Test Q252

Acme Corp has selectively outsourced proprietary business processes to ABC Services. Due to some technical issues, ABC services wants to send some of Acme Corp’s debug data to a third party vendor for problem resolution. Which of the following MUST be considered prior to sending data to a third party?

A. The data should be encrypted prior to transport
B. This would not constitute unauthorized data sharing
C. This may violate data ownership and non-disclosure agreements
D. Acme Corp should send the data to ABC Services’ vendor instead

Correct Answer: C
Section: Compliance and Operational Security

With sending your data to a third party is already a risk since the third party may have a different policy than yours. Data ownership and non-disclosure is already a risk that you will have to accept since the data will be sent for debugging /troubleshooting purposes which will result in definite disclosure of the data.

Incorrect Answers:
A: Encrypting the data prior to transport will not negate the fact that the third party needs to send debug data to a third party for troubleshooting purposes.
B: The question mentions that the company has outsources proprietary business processes which means it is authorized data sharing in this case since the data is being sent to the
third party for troubleshooting purposes.
D: ABC’s vendor does not have the agreement with Acme Corp since it is an Acme Corp proprietary
business process.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 419-420