CompTIA CySA+ (CS0-001) — Question 181
The IT department at a growing law firm wants to begin using a third-party vendor for vulnerability monitoring and mitigation. The executive director of the law firm wishes to outline the assumptions and expectations between the two companies. Which of the following documents might be referenced in the event of a security breach at the law firm?
Answer options
- A. SLA
- B. MOU
- C. SOW
- D. NDA
Correct answer: A
Explanation
The correct answer is A, SLA (Service Level Agreement), as it outlines the expected service levels and responsibilities of both parties, particularly in the event of a security breach. The other options, while important, do not specifically address the service obligations and expectations in the context of security incidents like an SLA does.