Certificate of Cloud Auditing Knowledge (CCAK) — Question 126

An organization deploying the Cloud Controls Matrix (CCM) to perform a compliance assessment will encompass the use of the Corporate Governance Relevance feature to filter out those controls:

Answer options

• A. that are related to policies, processes, laws, regulations, and institutions conditioning the way an organization is managed, directed, or controlled.
• B. that can be of either an administrative or a technical nature, therefore requiring an approval from the Change Advisory Board.
• C. that can be of either a management or a legal nature, therefore requiring an approval from the Change Advisory Board.
• D. that require prior approval from the Board of Directors to be funded (for either make or buy), implemented, and reported on.

Correct answer: A

Explanation

The correct answer, A, highlights controls related to governance which are essential for compliance assessments. Options B, C, and D focus on technicalities related to approvals and categories of controls, which are not directly tied to the Corporate Governance Relevance feature for filtering controls.