Virtual machine escape is an exploit in which the attacker runs code on a VM that allows an operating system running within it to break out and interact directly with the hypervisor. Such an exploit could give the attacker access to the host operating system and all other virtual machines(VMs) running on that host.

Reporting data breaches is not part of Auditing and not a function of Auditors.

It is the characteristic of 0n-demand self-service that allows customers to scale their computer and/ or storage needs with little or no intervention from or prior communication with the provider

This is True
Like security and compliance, BC/DR is a shared responsibility. There are aspects that the cloud provider has to manage, but the cloud customer is also ultimately responsible for how they use and manage the cloud service. This is especially true when planning for outages of the cloud provider (or parts of the cloud provider's service).
Ref Reference: CSA Security GuidelinesV.4(reproduced here for the educational purpose)