Which of the following would be considered as a factor to trust in a cloud service provider?
Correct Answer: A
Question 187
In a multi-level supply chain structure where cloud service provider A relies on other sub cloud services, the provider should ensure that any compliance requirements relevant to the provider are:
Correct Answer: C
In a multi-level supply chain structure where cloud service provider A relies on other sub cloud service providers, the provider should ensure that any compliance requirements relevant to the provider are passed to the sub cloud service providers. This is because the sub cloud service providers may have access to or process the provider's data or resources, and therefore need to comply with the same standards and regulations as the provider. Passing the compliance requirements to the sub cloud service providers can also help the provider to monitor and audit the sub cloud service providers' performance and security, and to mitigate any risks or issues that may arise. Reference: ISACA, Certificate of Cloud Auditing Knowledge (CCAK) Study Guide, 2021, p. 85-86. CSA, Cloud Controls Matrix (CCM) v4.0, 2021, p. 7-8
Question 188
It is MOST important for an auditor to be aware that an inventory of assets within a cloud environment:
Correct Answer: D
It is most important for an auditor to be aware that an inventory of assets within a cloud environment is fundamental for the security management program. An inventory of assets is a list of all the hardware, software, data, and services that are owned, used, or managed by an organization in the cloud. An inventory of assets helps the organization to identify, classify, and prioritize its cloud resources and to implement appropriate security controls and policies to protect them. An inventory of assets also helps the organization to comply with relevant regulations, standards, and contracts that may apply to its cloud environment.12 An auditor should be aware of the importance of an inventory of assets in the cloud because it provides a baseline for assessing the security posture and compliance status of the organization's cloud environment. An auditor can use the inventory of assets to verify that the organization has a clear and accurate understanding of its cloud resources and their characteristics, such as location, ownership, configuration, dependencies, vulnerabilities, and risks. An auditor can also use the inventory of assets to evaluate whether the organization has implemented adequate security measures and processes to protect its cloud resources from threats and incidents. An auditor can also use the inventory of assets to identify any gaps or weaknesses in the organization's security management program and to provide recommendations for improvement.34
Question 189
When deploying an application that was created using the programming language and tools supported by the cloud provider, the MOST appropriate cloud computing model for an organization to adopt is:
Correct Answer: D
Question 190
An auditor is auditing the services provided by a cloud service provider. When evaluating the security of the cloud customer's data in the cloud, which of the following should be of GREATEST concern to the auditor?
