CompTIA Security+ (SY0-601) — Question 327

A company policy requires third-party suppliers to self-report data breaches within a specific time frame. Which of the following third-party risk management policies is the company complying with?

Answer options

• A. MOU
• B. SLA
• C. EOL
• D. NDA

Correct answer: B

Explanation

The correct answer is B, SLA (Service Level Agreement), as it outlines the expectations for service delivery, including breach reporting timelines. The other options, such as MOU (Memorandum of Understanding), EOL (End of Life), and NDA (Non-Disclosure Agreement), do not specifically address the reporting of data breaches or service requirements.