ISC2 Certified Cloud Security Professional (CCSP) Practice Question

Your organization is negotiating a cloud outsourcing deal for its customer-facing SaaS platform. Business leaders require at least 99.95 % monthly service availability and want financial credits if the target is missed. From a service level management perspective, which item must be expressly included in the written service level agreement (SLA) to ensure the availability commitment can be enforced and audited over time?

A schedule requiring quarterly external penetration tests of the provider's environment
A precise definition of the measurement window and calculation method used to determine the 99.95 % availability figure
A clause mandating that all customer data remains within specified geographic regions
A statement that the provider maintains certification to ISO/IEC 27017 for cloud security controls

Report Issue

Answer Description

Service level management focuses on defining, negotiating, monitoring, and reporting the level of IT services delivered. For an availability commitment to be meaningful, the SLA must specify exactly how availability is measured-its calculation formula, the length of the measurement period (for example, a calendar month), the clock that is used, what events count as downtime, and any planned-maintenance exclusions. Without that definition, neither party can objectively verify whether 99.95 % was achieved or determine if service credits are due. While security certifications, data-location clauses, and penetration-testing schedules are important, they relate to compliance and security management rather than the core availability metric that service level management tracks and reports.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.