Certificate of Cloud Auditing Knowledge (CCAK) — Question 110

During the course of a web application review, a cloud auditor identified minor weakness in a relevant database that is out of scope for the audit. Which of the following is the BEST course of action?

Answer options

• A. Include review of database controls in the scope.
• B. Report the weakness as observed.
• C. Document for future review.
• D. Work with database administrators to rectify the issue.

Correct answer: B

Explanation

The best action is to report the weakness as observed (B), as it ensures transparency and allows for potential future remediation. Including the database controls in the scope (A) may not be feasible since it is out of scope, while documenting for future review (C) does not address the immediate concern. Working with database administrators (D) may not be appropriate without it being within the audit's scope.