Certificate of Cloud Security Knowledge (CCSK) — Question 7

For third-party audits or attestations, what is critical for providers to publish and customers to evaluate?

Answer options

• A. Scope of the assessment and the exact included features and services for the assessment
• B. Provider infrastructure information including maintenance windows and contracts
• C. Network or architecture diagrams including all end point security devices in use
• D. Service-level agreements between all parties
• E. Full API access to all required services

Correct answer: A

Explanation

The correct answer is A because understanding the scope of the assessment is crucial for customers to know what is being evaluated. Options B, C, D, and E provide relevant information but do not focus on the critical aspect of the audit process itself, which is the scope and specific features being assessed.