When a cybersecurity analyst is tasked with establishing an SLO for the incident response process, which of the following options would be the BEST metric to ensure alignment with the business’s expectation for system uptime?
Total number of incidents reported per quarter
Maximum allowable downtime for critical systems
Alert volume received by the security operations center
The correct answer is 'Maximum allowable downtime for critical systems'. The SLO should reflect the maximum tolerable duration that a critical system can be affected during an incident without unacceptable consequences for the business operations. This aligns closely with the business's expectation for uptime and availability. The 'Mean time to respond' is relevant but does not directly align with system uptime. 'Alert volume' does not provide a direct measure of system performance or uptime. 'Number of incidents reported' is also not directly related to the uptime expected by the business.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an SLO in the context of incident response?
Open an interactive chat with Bash
Why is maximum allowable downtime critical for business operations?
Open an interactive chat with Bash
How does the Maximum allowable downtime relate to system uptime?