M10 Practice Quiz

#risk_management #supply_chain

Question 1

  1. Sarah, a compliance officer at Dion Training, is hiring a consultant. She wants to ensure that the consultant doesn't share information about the proprietary project he is being hired to complete. Which of the following should she utilize?

    Options:

    • BPA
    • MSA
    • SLA
    • NDA

    Overall explanation:

    • A Non-Disclosure Agreement (NDA) ensures that confidential information shared during a partnership remains confidential.
    • A Business Partnership Agreement (BPA) is a contract between partners within a business entity, dictating roles and responsibilities.
    • A Service Level Agreement (SLA) outlines the expectations regarding the quality, timelines, and scope of services.
    • A Master Service Agreement (MSA) lays out the terms and conditions of work to be done by a service provider.

    Tags: Contracts and Agreements

Question 2

  1. Jamie, a procurement manager at Dion Training, wants to ensure the quality, timelines, and scope of the services provided by a new third-party vendor. Which of the following should they utilize?

    Options:

    • SLA
    • BPA
    • NDA
    • MOU

    Overall explanation:

    • A Service Level Agreement (SLA) outlines the expectations regarding the quality, timelines, and scope of services.
    • A Master Service Agreement (MSA) lays out the terms and conditions of work to be done by a service provider and is useful when a company will be hired for multiple jobs.
    • A Non-Disclosure Agreement (NDA) ensures that confidential information shared during a partnership remains confidential.
    • A Business Partnership Agreement (BPA) is a contract between partners within a business entity, dictating roles and responsibilities.

    Tags: Contracts and Agreements

Question 3

  1. Alex, a project manager at Dion Training, wishes to provide details about specific tasks, deliverables, and timelines for a project so the vendor they hire will have a complete picture of the project. Which of the following should they utilize?

    Options:

    • BPA
    • MSA
    • SOW
    • MOA

    Overall explanation:

    • A Statement of Work (SOW) provides detailed information about specific tasks, deliverables, and timelines for a project.
    • A Memorandum of Agreement (MOA) is a written agreement between two entities.
    • A Master Service Agreement (MSA) lays out the terms and conditions of work to be done by a service provider and is useful when a company will be hired for multiple jobs.
    • A Business Partnership Agreement (BPA) is a contract between partners within a business entity, dictating roles and responsibilities.

    Tags: Contracts and Agreements

Question 4

  1. Samuel, an operations director at Dion Training, wants to hire his brother's company to provide security for Dion Training. He is told this is a bad idea. Which of the following would be the main problem with hiring his brother's company?

    Options:

    • He would not be able to do sufficient due diligence in order to satisfy regulations
    • There would be the potential for a conflict of interest for Samuel
    • Hiring his brother's company would violate the root of trust need for legitimate business
    • He couldn't guarantee that his brother's company would provide security

    Overall explanation:

    • A conflict of interest arises when personal, financial, or other considerations have the potential to compromise or bias professional judgment and objectivity. Samuel's feeling toward his brother might prevent him from acting in the best interest of Dion Training.
    • Due diligence involves a comprehensive appraisal of a business undertaken by a prospective buyer. There is no reason why Dion Training couldn't do due diligence on the brother's company.
    • A root of trust is a trusted, tamper-proof component or module that provides a foundation for security functions and operations within a computing system.

    Tags: Vendor Selection and Monitoring

Question 5

  1. Which of the following is the BEST way for companies to limit the risks of using third-party vendors?

    Options:

    • Avoid Conflicts of Interest
    • Establishing a Root of Trust with all Vendors
    • Conduct Due Diligence
    • Don't purchase inexpensive equipment

    Overall explanation:

    • Due Diligence involves a comprehensive assessment and careful investigation of a potential third-party vendor's practices to ensure that they meet the required standards.
    • A conflict of interest arises when personal, financial, or other considerations have the potential to compromise or bias professional judgment and objectivity. It is good to avoid such conflicts of interest, but they pose a lower level of risk than not completing due diligence.
    • Inexpensive equipment may introduce risk, but it might not. Completing due diligence on the company that offers the equipment is a better option than ignoring a company simply because it offers low priced equipment.
    • A Root of Trust establishes trust among systems and devices, not among companies and their vendors.

    Tags: Vendor Selection and Monitoring