CompTIA Security+ (SY0-701) — Question 583

Which of the following should an organization use to ensure that it can review the controls and performance of a service provider or vendor?

Answer options

• A. Service-level agreement
• B. Memorandum of agreement
• C. Right-to-audit clause
• D. Supply chain analysis

Correct answer: C

Explanation

The correct answer, C, the Right-to-audit clause, allows an organization to conduct audits on the vendor to ensure compliance with agreed-upon standards and performance metrics. Option A, the Service-level agreement, primarily defines expected service levels but does not guarantee the ability to review compliance. Option B, the Memorandum of agreement, is generally a non-binding document that outlines the understanding between parties but lacks auditing authority. Option D, Supply chain analysis, focuses on the overall supply chain rather than specific vendor performance and controls.