CCSK Question #41: Real Exam Question with Answer & Explanation

Question

Options

• AThe metrics defining the service level required to achieve regulatory objectives.
• BThe duration of time that a security violation can occur before the client begins assessing
• CThe cost per incident for security breaches of regulated information.
• DThe regulations that are pertinent to the contract and how to circumvent them.
• EThe type of security software which meets regulations and the number of licenses that will be

Explanation

In regulated industries, the SLA for Security as a Service must define measurable metrics that directly map service performance to applicable regulatory compliance objectives.

Common mistakes.

• B. An SLA should define performance standards that prevent or minimize security violations, not establish acceptable durations for violations to persist before corrective action.
• C. Cost-per-incident clauses address financial liability after a breach but do not define the proactive performance standards required to demonstrate ongoing regulatory compliance.
• D. SLAs must specify how to comply with applicable regulations, not how to circumvent them, as circumvention would itself create direct legal liability for both parties.
• E. Specific software type and license count are procurement and licensing details, not the service-level performance metrics needed to verify regulatory compliance objectives are met.

Concept tested. SECaaS SLA metrics for regulatory compliance

Reference. https://cloudsecurityalliance.org/research/cloud-controls-matrix/

No community discussion yet for this question.