CompTIA CySA+ (CS0-003) — Question 479

A SOC manager receives a phone call from an upset customer. The customer received a vulnerability report two hours ago: but the report did not have a follow-up remediation response from an analyst. Which of the following documents should the SOC manager review to ensure the team is meeting the appropriate contractual obligations for the customer?

Answer options

• A. SLA
• B. MOU
• C. NDA
• D. Limitation of liability

Correct answer: A

Explanation

The correct answer is SLA (Service Level Agreement), which outlines the expected service levels and response times that the SOC must adhere to for the customer. The MOU (Memorandum of Understanding) is more general and does not specify service levels, while the NDA (Non-Disclosure Agreement) focuses on confidentiality, and the Limitation of liability addresses liability issues rather than service commitments.