CAS-003 Question #20: Real Exam Question with Answer & Explanation

The correct answer is D: Interconnection security agreement. NOTE: The listed correct answer (D - Interconnection Security Agreement) appears to be incorrect for this scenario. An ISA governs the technical and security controls required when two organizations directly interconnect their IT systems or networks - it is about system-to-system

Question

Two competing companies experienced similar attacks on their networks from various threat actors. To improve response times, the companies wish to share some threat intelligence about the sources and methods of attack. Which of the following business documents would be BEST to document this engagement?

Options

ABusiness partnership agreement
BMemorandum of understanding
CService-level agreement
DInterconnection security agreement

Explanation

NOTE: The listed correct answer (D - Interconnection Security Agreement) appears to be incorrect for this scenario. An ISA governs the technical and security controls required when two organizations directly interconnect their IT systems or networks - it is about system-to-system connectivity requirements, not about general information-sharing arrangements. A Memorandum of Understanding (MOU) (B) is the most appropriate document here: it is a non-binding agreement that formally documents the intent, scope, and terms of cooperation between parties. Because the two organizations are competitors, an MOU allows them to define what threat intelligence will be shared and how, without implying a formal business partnership or requiring direct network integration. A BPA (A) implies a deeper commercial relationship, an SLA (C) defines measurable service delivery obligations, and an ISA (D) would only apply if they were directly connecting their networks. The correct answer should be B.

Community Discussion

No community discussion yet for this question.

Full CAS-003 Practice