Certificate of Cloud Security Knowledge (CCSK) — Question 101

Which of the following statements are NOT requirements of governance and enterprise risk management in a cloud environment?

Answer options

• A. Inspect and account for risks inherited from other members of the cloud supply chain and take active measures to mitigate and contain risks through operational resiliency.
• B. Respect the interdependency of the risks inherent in the cloud supply chain and communicate the corporate risk posture and readiness to consumers and dependent parties.
• C. Negotiate long-term contracts with companies who use well-vetted software application to avoid the transient nature of the cloud environment.
• D. Provide transparency to stakeholders and shareholders demonstrating fiscal solvency and organizational transparency.
• E. Both B and C.

Correct answer: C

Explanation

Option C is correct because negotiating long-term contracts with vetted software companies is not a requirement for governance and enterprise risk management in the cloud; it focuses more on operational aspects rather than risk management. Options A, B, and D all address key facets of risk governance and transparency that are essential in a cloud environment.