nerdexam
ExamsCAS-002Questions#879
CompTIA

CAS-002 · Question #879

CAS-002 Question #879: Real Exam Question with Answer & Explanation

The correct answer is C: Interconnection Security Agreement. An Interconnection Security Agreement (ISA) is the formal document used to define the mutually agreed-upon security controls governing a data connection between two enterprise systems.

Question

An IT manager is working with a project manager to implement a new ERP system capable of transacting data between the new ERP system and the legacy system. As part of this process, both parties must agree to the controls utilized to secure data connections between the two enterprise systems. This is commonly documented in which of the following formal documents?

Options

  • AMemorandum of Understanding
  • BInformation System Security Agreement
  • CInterconnection Security Agreement
  • DInteroperability Agreement
  • EOperating Level Agreement

Explanation

An Interconnection Security Agreement (ISA) is the formal document used to define the mutually agreed-upon security controls governing a data connection between two enterprise systems.

Common mistakes.

  • A. A Memorandum of Understanding (MOU) documents high-level mutual intentions and general responsibilities between parties but does not specifically define the technical security controls required for a system interconnection.
  • B. An Information System Security Agreement is not a standard formally recognized document type in NIST or common security governance frameworks for governing system-to-system connections.
  • D. An Interoperability Agreement addresses the technical ability of two systems to exchange and use data but does not specifically define the security controls and requirements protecting that connection.
  • E. An Operating Level Agreement (OLA) defines internal service delivery commitments between IT support groups and does not address security controls for connecting two separate enterprise systems.

Concept tested. Interconnection Security Agreement for enterprise system connections

Reference. https://csrc.nist.gov/publications/detail/sp/800-47/rev-1/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-002 Practice