Effective CISSP Questions

Your company plans to outsource recovery work of the ERP system subject to an 8-hour recovery time objective (RTO) and negotiates the service level with a service provider and reaches a verbal agreement. However, the signed service-level agreement is mistakenly written as a 16-hour RTO. As the agreement signer, which of the following should you have followed to ensure the agreement to be effective? (Wentz QOTD)
A. Due diligence
B. Civil investigation
C. Parol evidence rule
D. Information security policy

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is A. Due diligence.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.


貴公司計劃根據 8 小時恢復時間目標 (RTO) 將 ERP 系統的恢復工作外包,並與服務提供商協商服務水準(service level)並達成口頭協議。 但是,簽署的服務水準協議(SLA)被錯誤地寫為 16 小時的RTO。 身為協議簽署者,您原應遵循以下哪一項來確保協議有效? (Wentz QOTD)
A. 盡職調查
B. 民事調查
C. 口頭證據規則 (Parol evidence rule)
D. 信息安全政策

Leave a Reply