Effective CISSP Questions

Your organization decides to implement an on-premise CRM system that will be supported and maintained by a service provider under a two-year fixed-price service contract. To cope with the business dynamics and stay flexible, which of the following is the best contract arrangement to engage with the service provider?
A. Specify service level requirements (SLR) in the service contract
B. Separate the service level agreement (SLA) from the service contract
C. Preserve the right to audit to enforce supply chain security
D. Require only competent and certified engineers to fulfill this contract

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Separate the service level agreement (SLA) from the service contract.


This question is designed to review topics, such as service-level requirements, service-level agreements (SLA), and contracts.

Service-level requirements can either be written directly into a monolithic contract or separated from the contract as SLA, a standalone document. The monolithic contract is less flexible if any of the service-level requirements are subject to change; it takes time to review the contract. A standalone SLA allows the service-level requirements to be changed without revising the contract.

Options C and D are good practices, but they are not to the point of the question, to cope with the business dynamics and stay flexible.





您的組織決定自建一個CRM系統,該系統的維護將透過兩年的固定價格的維護合同, 委由維護廠商來支援和維護。 為了因應業務的快速變動及保持靈活性,以下哪項是與維護廠商簽約的最佳安排?

2 thoughts on “CISSP PRACTICE QUESTIONS – 20200221

Leave a Reply