Certificate of Cloud Auditing Knowledge (CCAK) — Question 1

When applying the Top Threats Analysis methodology following an incident, what is the scope of the technical impact identification step?

Answer options

• A. Determine the impact on the controls that were selected by the organization to respond to identified risks.
• B. Determine the impact on confidentiality, integrity and availability of the information system.
• C. Determine the impact on the financial, operational, compliance and reputation of the organization.
• D. Determine the impact on the physical and environmental security of the organization, excluding informational assets.

Correct answer: B

Explanation

The correct answer is B because the technical impact identification step specifically focuses on the core principles of information security, which are confidentiality, integrity, and availability. The other options address broader organizational impacts or specific controls, which are not the primary focus of this step.