CompTIA Security+ (SY0-601) — Question 232
A security team is engaging a third-party vendor to do a penetration test of a new proprietary application prior to its release. Which of the following documents would the third-party vendor MOST likely be required to review and sign?
Answer options
- A. SLA
- B. NDA
- C. MOU
- D. AUP
Correct answer: B
Explanation
The correct answer is B, NDA (Non-Disclosure Agreement), as it ensures that the vendor maintains confidentiality regarding sensitive information they may access during the penetration test. The other options, such as SLA (Service Level Agreement), MOU (Memorandum of Understanding), and AUP (Acceptable Use Policy), do not primarily focus on confidentiality and are less relevant in this context.