Question: An organization plans to contract with an outside service provider to host its corporate web site. The MOST important concern for the information security manager is to ensure that:
A.) an audit of the service provider uncovers no significant weakness.
B.) the contract includes a nondisclosure agreement (NDA) to protect the organization’s intellectual property.
C.) the contract should mandate that the service provider will comply with security policies.
D.) the third-party service provider conducts regular penetration testing.

Download pdf (with explanations) edition of this exam.