CISSP · Question #1030
An organization outgrew its internal data center and is evaluating third-party hosting facilities. In this evaluation, which of the following is a PRIMARY factor for selection?
The correct answer is A. Facility provides an acceptable level of risk. The facility provides an acceptable level of risk is the primary factor for selection when an organization is evaluating third-party hosting facilities. A third-party hosting facility is a service provider that offers the physical space, infrastructure, and resources to host the
Question
An organization outgrew its internal data center and is evaluating third-party hosting facilities. In this evaluation, which of the following is a PRIMARY factor for selection?
Options
- AFacility provides an acceptable level of risk
- BFacility provides disaster recovery (DR) services
- CFacility provides the most cost-effective solution
- DFacility has physical access protection measures
How the community answered
(33 responses)- A55% (18)
- B27% (9)
- C12% (4)
- D6% (2)
Explanation
The facility provides an acceptable level of risk is the primary factor for selection when an organization is evaluating third-party hosting facilities. A third-party hosting facility is a service provider that offers the physical space, infrastructure, and resources to host the servers, systems, and applications of an organization, such as a colocation center, a data center, or a cloud provider. A third-party hosting facility can offer benefits such as cost savings, scalability, and reliability, but it can also pose risks such as data breaches, service disruptions, or compliance violations. The facility provides an acceptable level of risk means that the facility has the appropriate security controls and measures to protect the confidentiality, integrity, and availability of the information and systems of the organization, and to prevent or mitigate the threats, vulnerabilities, or incidents that may affect the information and systems of the organization. The facility provides an acceptable level of risk also means that the facility has the adequate policies and procedures to comply with the legal and regulatory requirements and standards that apply to the information and systems of the organization, and to avoid or minimize the liabilities or penalties that may arise from the non-compliance. The facility provides an acceptable level of risk is the primary factor for selection because it ensures that the organization can achieve its security and compliance objectives and obligations, and that the organization can reduce the residual risk to an acceptable level.
Topics
Community Discussion
No community discussion yet for this question.