CompTIA CySA+ (CS0-001) — Question 174
A retail corporation with widely distributed store locations and IP space must meet PCI requirements relating to vulnerability scanning. The organization plans to outsource this function to a third party to reduce costs.
Which of the following should be used to communicate expectations related to the execution of scans?
Answer options
- A. Vulnerability assessment report
- B. Lessons learned documentation
- C. SLA
- D. MOU
Correct answer: C
Explanation
The correct answer is SLA (Service Level Agreement), which defines the specific expectations and responsibilities regarding service delivery, including the frequency and scope of vulnerability scans. The other options, such as a vulnerability assessment report or lessons learned documentation, do not serve to establish service expectations, while an MOU (Memorandum of Understanding) is generally less formal and may not cover service levels in detail.