Certificate of Cloud Auditing Knowledge (CCAK) — Question 122

Which of the following enables auditors to conduct gap analyses of what a cloud service provider offers versus what the customer requires?

Answer options

• A. The as-is and to-be enterprise architecture (EA)
• B. Using a standardized control framework
• C. The experience gained over the years
• D. Understanding the customer risk profile

Correct answer: B

Explanation

Using a standardized control framework gives auditors a clear set of criteria to evaluate the cloud service provider's offerings against the customer's requirements. The other options, while useful in different contexts, do not provide the specific structured basis for gap analysis that a standardized control framework does.