CompTIA Security+ (SY0-601) — Question 406

Which of the following terms should be included in a contract to help a company monitor the ongoing security maturity of a new vendor?

Answer options

• A. A right-to-audit clause allowing for annual security audits
• B. Requirements for event logs to be kept for a minimum of 30 days
• C. Integration of threat intelligence in the company's AV
• D. A data-breach clause requiring disclosure of significant data loss

Correct answer: A

Explanation

The correct answer is A because a right-to-audit clause permits the company to conduct regular security assessments, ensuring the vendor maintains necessary security standards. Options B, C, and D focus on specific security measures or requirements but do not provide the ongoing monitoring capability that an audit clause does.