CompTIA Advanced Security Practitioner (CASP) Question 25

To meet a SLA, which of the following document should be drafted, defining the company’s internal interdependent unit responsibilities and delivery timelines.

A. BPA
B. OLA
C. MSA
D. MOU

Correct Answer: B

Explanation:
OLA is an agreement between the internal support groups of an institution that supports SLA. According to the Operational Level Agreement, each internal support group has certain responsibilities to the other group. The OLA clearly depicts the performance and relationship of the internal service groups. The main objective of OLA is to ensure that all the support groups provide the intended ServiceLevelAgreement.

CompTIA Security+ Question L-30

A large bank has moved back office operations offshore to another country with lower wage costs in an attempt to improve profit and productivity. Which of the following would be a customer concern if the offshore staff had direct access to their data?

A. Service level agreements
B. Interoperability agreements
C. Privacy considerations
D. Data ownership

Answer: C

Explanation:
Businesses such as banks have legally mandated privacy requirements and with moving operations offshore there is decentralized control with has implications for privacy of data.

CompTIA Security+ Question C-82

In order to maintain oversight of a third party service provider, the company is going to implement a Governance, Risk, and Compliance (GRC) system. This system is promising to provide overall security posture coverage. Which of the following is the MOST important activity that should be considered?

A. Continuous security monitoring
B. Baseline configuration and host hardening
C. Service Level Agreement (SLA) monitoring
D. Security alerting and trending

Answer: A

Explanation:
The company is investing in a Governance, Risk, and Compliance (GRC) system to provide overall security posture coverage. This is great for testing the security posture. However, to be effective and ensure the company always has a good security posture, you need to monitor the security continuously.

Once a baseline security configuration is documented, it is critical to monitor it to see that this baseline is maintained or exceeded. A popular phrase among personal trainers is “that which gets measured gets improved.” Well, in network security, “that which gets monitored gets secure.” Continuous monitoring means exactly that: ongoing monitoring. This may involve regular measurements of network traffic levels, routine evaluations for regulatory compliance, and checks of network security device configurations.

CompTIA Security+ Question B-70

The main corporate website has a service level agreement that requires availability 100% of the time, even in the case of a disaster. Which of the following would be required to meet this demand?

A. Warm site implementation for the datacenter
B. Geographically disparate site redundant datacenter
C. Localized clustering of the datacenter
D. Cold site implementation for the datacenter

Answer: B

Explanation:
Data backups, redundant systems, and disaster recovery plans all support availability. AN in this case a geographically disparate site redundant datacenter represents 100% availability regardless of whether a disaster event occurs.

CompTIA Network+ Question B-16

In the past, a company has experienced several network breaches as a result of end-user actions. To help mitigate future breaches, which of the following documents should the security team ensure are up-to-date and enforced for all employees? (Select TWO)

A. Memorandum of understanding
B. Data classification document
C. Service level agreement
D. Interconnection security agreement
E. Consent to monitor
F. Acceptable use policy

Correct Answer: AF

CompTIA Network+ Question A-84

A service provider is unable to maintain connectivity to several remote sites at predetermined speeds. The service provider could be in violation of the:

A. MLA.
B. SLA.
C. SOW.
D. MOU.

Correct Answer: B

Explanation:
SLA stands for Service Level Agreement. This is a common document in business used to define a minimum standard of service that a customer can expect from a supplier. SLA’s are particularly common in the I.T. sector where a service provider is offering a service to a customer. As a customer, you want your hosted services and Internet or WAN connections to be available all the time. SLAs often guarantee 99.9% uptime for a service.
In this question, the service provider is providing WAN links to remote sites with a guaranteed bandwidth on the WAN links. A failure to maintain the connectivity to the remote sites would be a violation of the Service Level Agreement (SLA).

CompTIA Network+ Question A-13

A company has contracted with an outside vendor to perform a service that will provide hardware, software, and procedures in case of a catastrophic failure of the primary datacenter. The Chief Information Officer (CIO) is concerned because this contract does not include a long-term strategy for extended outages. Which of the following should the CIO complete?

A. Disaster recovery plan
B. Business continuity plan
C. Service level agreement
D. First responder training

Correct Answer: B

CompTIA A+ Question H-66

After responding immediately to a dispatch, a technician arrives to resolve the customer’s issue. The customer appears to be angry that they have waited so long for a response. Which of the following is the BEST course of action for the technician to take?

A. Inform the manager of the customer’s behavior and then focus on completing the task in an expedited manner.
B. Empathize with the customer’s urgency and inform them that the current service level agreement allows for an eight hour response time.
C. Empathize with the customer and focus on completing the task in an expedited manner. Upon closure, document the situation and inform the manager.
D. Contact dispatch immediately and request to speak to a manager to determine the breakdown in the response time.

Correct Answer: C

Explanation:
Empathize with the customer and focus on completing the task in an expedited manner. Upon closure, document the situation and inform the manager.