CompTIA CASP+ (CAS-004) — Question 358
The Chief Information Security Officer (CISO) is working with a new company and needs a legal document to ensure all parties understand their roles during an assessment. Which of the following should the CISO have each party sign?
Answer options
- A. SLA
- B. ISA
- C. Permissions and access
- D. Rules of engagement
Correct answer: D
Explanation
The correct answer is 'Rules of engagement' as this document outlines the expectations and responsibilities of all parties involved in the assessment process. An SLA (Service Level Agreement) focuses on service delivery standards, an ISA (Interconnection Security Agreement) relates to the security requirements for interconnecting systems, and 'Permissions and access' does not provide a comprehensive framework for roles during an assessment.