nerdexam
(ISC)2

CISSP · Question #1030

An organization outgrew its internal data center and is evaluating third-party hosting facilities. In this evaluation, which of the following is a PRIMARY factor for selection?

The correct answer is A. Facility provides an acceptable level of risk. The facility provides an acceptable level of risk is the primary factor for selection when an organization is evaluating third-party hosting facilities. A third-party hosting facility is a service provider that offers the physical space, infrastructure, and resources to host the

Submitted by manish99· Mar 5, 2026Security and Risk Management

Question

An organization outgrew its internal data center and is evaluating third-party hosting facilities. In this evaluation, which of the following is a PRIMARY factor for selection?

Options

  • AFacility provides an acceptable level of risk
  • BFacility provides disaster recovery (DR) services
  • CFacility provides the most cost-effective solution
  • DFacility has physical access protection measures

How the community answered

(33 responses)
  • A
    55% (18)
  • B
    27% (9)
  • C
    12% (4)
  • D
    6% (2)

Explanation

The facility provides an acceptable level of risk is the primary factor for selection when an organization is evaluating third-party hosting facilities. A third-party hosting facility is a service provider that offers the physical space, infrastructure, and resources to host the servers, systems, and applications of an organization, such as a colocation center, a data center, or a cloud provider. A third-party hosting facility can offer benefits such as cost savings, scalability, and reliability, but it can also pose risks such as data breaches, service disruptions, or compliance violations. The facility provides an acceptable level of risk means that the facility has the appropriate security controls and measures to protect the confidentiality, integrity, and availability of the information and systems of the organization, and to prevent or mitigate the threats, vulnerabilities, or incidents that may affect the information and systems of the organization. The facility provides an acceptable level of risk also means that the facility has the adequate policies and procedures to comply with the legal and regulatory requirements and standards that apply to the information and systems of the organization, and to avoid or minimize the liabilities or penalties that may arise from the non-compliance. The facility provides an acceptable level of risk is the primary factor for selection because it ensures that the organization can achieve its security and compliance objectives and obligations, and that the organization can reduce the residual risk to an acceptable level.

Topics

#Third-party risk management#Cloud hosting#Risk assessment#Data center selection

Community Discussion

No community discussion yet for this question.

Full CISSP Practice