Question 14 - ISC2 CCSP Real Exam Questions [Feb 2026 Update]

Q: 14

Your organization is planning to outsource its data processing functions to a cloud service provider. The organization requires guarantees for data availability and performance. You are responsible for ensuring that these guarantees are legally binding and enforceable. Which document should you focus on to ensure that data availability and performance requirements are legally binding and enforceable?

Options

Correct Answer:

Explanation

A Service-Level Agreement (SLA) is the specific, legally binding contract or part of a contract that defines the level of service a customer can expect from a cloud service provider. It quantifies the minimum performance and availability guarantees, such as 99.9% uptime or specific data throughput rates. The SLA is the primary document focused on these metrics and includes remedies or penalties (e.g., service credits) if the provider fails to meet the agreed-upon levels. While an MSA governs the overall relationship, the SLA contains the enforceable details for service performance and availability.

Why Incorrect

B. Master Service Agreement (MSA): This is a foundational contract that outlines the general terms of the relationship but typically lacks the specific, measurable service metrics found in an SLA.

C. Statement of Work (SOW): This document defines the scope, deliverables, and timeline for a specific project, not the ongoing, operational guarantees for a service.

D. Non-Disclosure Agreement (NDA): This agreement is focused solely on protecting the confidentiality of shared information and does not address service performance or availability.

References

1. National Institute of Standards and Technology (NIST). (2011). NIST Cloud Computing Reference Architecture (NIST Special Publication 500-292). Section 5.3.5

"Cloud Service Management

" states: "The SLA specifies the levels of service (e.g.

availability

performance

and data protection) that are negotiated and agreed upon in a contract (SLA document) between a cloud consumer and a cloud provider."

2. Mell

& Grance

T. (2011). The NIST Definition of Cloud Computing (NIST Special Publication 800-145). While this document defines cloud characteristics

the concept of "measured service" (Section 2) implies the need for a document like an SLA to define and enforce those measurements.

3. Armbrust

et al. (2009). Above the Clouds: A Berkeley View of Cloud Computing (Technical Report No. UCB/EECS-2009-28). University of California

Berkeley. Section 5.2

"Data Lock-In

" discusses the importance of standardized APIs and SLAs for mitigating risks

implicitly linking SLAs to service guarantees.

4. Foster

& Gannon

D. B. (2017). Cloud Computing for Science and Engineering. MIT Press. Chapter 10

"Legal Issues

" discusses the contractual framework for cloud services

highlighting that "The service-level agreement (SLA) is a contract between a service provider and a customer that specifies

in measurable terms

what services the provider will furnish." (p. 261).

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE