4d • 🙋♂️ CISSP
CISSP Practice Question (Domain 1: Security and Risk Management)
A regional bank adopts a new third-party transaction-scoring engine hosted in the cloud. The vendor refuses to provide detailed architectural diagrams but offers recent SOC 2 Type II reports. Executives want rapid deployment, but regulators recently flagged the bank for weak vendor oversight. What is the MOST appropriate next step?
A. Require the vendor to provide full network diagrams before integration
B. Review and validate the SOC 2 report against the bank’s control objectives
C. Conduct a full on-site audit of the vendor’s operations
D. Delay onboarding until regulators approve the vendor’s environment
3
13 comments
CISSP Practice Question (Domain 1: Security and Risk Management)
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+41
2
+30
3
+30
4
+26
5
+24
Powered by