CAS-002 Question #804: Real Exam Question with Answer & Explanation

Question

Options

• AResearch new technology vendors to look for potential products. Contribute to an RFP and then
• BEvaluate relevant RFC and ISO standards to choose an appropriate vendor product. Research
• CConsider outsourcing the product evaluation and ongoing management to an outsourced provider
• DChoose a popular NIPS product and then consider outsourcing the ongoing device management
• EEnsure that the NIPS platform can also deal with recent technological advancements, such as

Explanation

Proper procurement of a NIPS platform requires a structured vendor research and RFP process to ensure all technical and operational requirements are met before selection.

Common mistakes.

• B. RFC and ISO standards define protocols and frameworks but do not serve as vendor product selection criteria - using them as the primary evaluation basis would not directly identify which commercial NIPS products meet the specific technical requirements stated.
• C. Outsourcing the evaluation and management to a third party does not address the specific requirement that only internal security employees should have access to inspected application payload data, creating a potential data confidentiality conflict.
• D. Selecting a product based on popularity rather than validated requirements is not a sound procurement practice and may result in a product that fails to meet critical technical specifications such as throughput or role-based payload visibility.
• E. Ensuring the platform handles recent technological advancements is a secondary consideration that should be part of the RFP requirements, not the primary step in the procurement process.

Concept tested. Security product procurement and RFP process

Reference. https://www.nist.gov/system/files/documents/2017/05/09/nist_security_products_acquisition_guide.pdf

No community discussion yet for this question.