Certificate of Cloud Security Knowledge (CCSK) — Question 20

CCM: A company wants to use the IaaS offering of some CSP. Which of the following options for using CCM is NOT suitable for the company as a cloud customer?

Answer options

• A. Submit the CCM on behalf of the CSP to CSA Security, Trust & Assurance Registry (STAR), a free, publicly accessible registry that documents the security controls provided by CSPs
• B. Use CCM to build a detailed list of requirements and controls that they want their CSP to implement
• C. Use CCM to help assess the risk associated with the CSP
• D. None of the above

Correct answer: A

Explanation

Option A is incorrect because submitting the CCM on behalf of the CSP is not suitable for the company, as it is the responsibility of the CSP to provide their security controls. Options B and C are appropriate uses of CCM, as they involve defining requirements and assessing risk, which are crucial for the company as a cloud customer. Option D is incorrect as it implies that all options are suitable, which they are not.