Section 5.3 Demonstrate your acquired knowledge the processes associated with third-party risk assessmentand management. This will demonstrate your proficiency for section 5.3 of the Security+ SY0-701 objectives. 1 / 25 What does a memorandum of agreement (MOA) commonly establish? Litigation terms Joint obligations Staff rotations Code formatting 2 / 25 Why is supply chain analysis essential in risk management? Tracks sales growth Maps data ownership Identifies upstream threats Reduces ticket size 3 / 25 Which external factor may require vendor reassessment more frequently? Labor pool Legal shift Email outage Asset patching 4 / 25 Which document best defines tactical work based on a larger agreement? SLA SOW MSA NDA 5 / 25 The goal of a master service agreement (MSA) is to: Enforce encryption Simplify future deals Limit threat scope Outline monthly hours 6 / 25 Vendor penetration testing should be preceded by what? Change control Budget approval Rules of engagement Disaster planning 7 / 25 Which activity involves evaluating a vendor’s patching cadence and controls? Policy drafting Monitoring Pen testing Sourcing 8 / 25 What is the purpose of a service-level agreement? Assign penalties Grant access Set expectations Define salaries 9 / 25 Which document defines collaboration on shared goals without legal force? SLA MOU NDA WO 10 / 25 Which agreement outlines confidentiality between business parties? SOW NDA SLA MOA 11 / 25 What is the most likely risk of not assessing vendors regularly? Policy inflation Control drift Access bloat Audit fatigue 12 / 25 Questionnaires are used during third-party assessments to: Verify public records Speed procurement Gather self-reported data Negotiate billing cycles 13 / 25 Which document specifies the high-level framework for service terms? MSA SOW NDA AUP 14 / 25 Which clause allows for periodic examination of a vendor's controls? Audit clause Renewal clause Service clause Rights clause 15 / 25 Which process evaluates the full lifecycle of a vendor’s materials? SLA negotiation Patch analysis Supply chain review Asset validation 16 / 25 Which assessment type is conducted by an external third party? Peer review Vendor audit Independent review Onsite meeting 17 / 25 What does a non-disclosure agreement (NDA) primarily protect? Time-based metrics Personal information Confidential data Asset retention 18 / 25 What does a business partner agreement (BPA) define? Public key usage Shared business duties Logging configuration Supply stock rotation 19 / 25 Which is most effective for validating a vendor’s security claims? Annual reports Pen testing Audit trails Compliance logs 20 / 25 What type of agreement is often used for informal collaboration? NDA SLA MOU SOW 21 / 25 A conflict of interest during vendor selection can lead to: Service delays Legal bias Risk evasion Audit gaps 22 / 25 What does due diligence in vendor selection primarily ensure? Risk ownership Compliance scoring Vendor suitability Endpoint health 23 / 25 Which document outlines the scope and deliverables for specific work? SLA NDA SOW MSA 24 / 25 What is the main focus of a right-to-audit clause? Billing procedures Inspection rights Pen test policy Warranty claims 25 / 25 Which agreement type defines general service expectations between parties? Work order SLA NDA BPA Your score isThe average score is 0% 0% Restart quiz Return to CompTia S+ SY0-701 Objectives
