CompTIA Security Plus Mock Test Q668

A financial company requires a new private network link with a business partner to cater for realtime and batched data flows. Which of the following activities should be performed by the IT security staff member prior to establishing the link?

A. Baseline reporting
B. Design review
C. Code review
D. SLA reporting


Correct Answer: B
Section: Threats and Vulnerabilities

Explanation:
This question is asking about a new private network link (a VPN) with a business partner. This will provide access to the local network from the business partner.
When implementing a VPN, an important step is the design of the VPN. The VPN should be designed to ensure that the security of the network and local systems is not compromised.
The design review assessment examines the ports and protocols used, the rules, segmentation, and access control in the systems or applications. A design review is basically a check
to ensure that the design of the system meets the security requirements.

Incorrect Answers:
A: A baseline report compares the current status of network systems in terms of security updates, performance or other metrics to a predefined set of standards (the baseline). In this
question, we are implementing a VPN. We need to ensure that the design of the VPN meets the security requirements BEFORE the VPN is implemented.
C: A code review is the process of reviewing the code of a software application. This question is asking about the design and implementation of a VPN. Therefore, this answer is
irrelevant and incorrect.
D: SLA (Service Level Agreement) reporting is the process of comparing (and reporting on) current performance in terms of system uptime or deliverables delivered on time to the
metrics defined in the SLA. This question is asking about the design and implementation of a VPN. Therefore, this answer is irrelevant and incorrect.