When a cybersecurity analyst is tasked with establishing a Service Level Objective (SLO) for the incident response process, which of the following metrics would BEST align with the business's expectation for system uptime?
Maximum allowable downtime for critical systems
Mean time to respond to incidents
Total number of incidents reported per quarter
Alert volume received by the security operations center
The correct answer is 'Maximum allowable downtime for critical systems'. An SLO that aligns to uptime should specify the longest period a critical system may remain unavailable before the business suffers unacceptable impact. This directly expresses availability expectations in downtime terms. 'Mean time to respond' measures team reaction speed but does not guarantee how long a system stays online. 'Alert volume' and 'Total number of incidents reported' are operational workload statistics and do not reflect system availability.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an SLO in the context of incident response?
Open an interactive chat with Bash
Why is 'Maximum Allowable Downtime' considered the BEST metric for SLOs in this case?
Open an interactive chat with Bash
How can businesses determine an appropriate Maximum Allowable Downtime?