CompTIA Security+ (SY0-701) — Question 471

A customer has a contract with a CSP and wants to identify which controls should be implemented in the IaaS enclave. Which of the following is most likely to contain this information?

Answer options

• A. Statement of work
• B. Responsibility matrix
• C. Service-level agreement
• D. Master service agreement

Correct answer: B

Explanation

The Responsibility matrix outlines the specific responsibilities of both the client and the CSP regarding security controls, making it the most relevant document for identifying which controls should be implemented. The Statement of work, Service-level agreement, and Master service agreement may contain general terms and conditions but do not specifically delineate the responsibilities for controls in the IaaS enclave.