Certificate of Cloud Auditing Knowledge (CCAK) — Question 129

Which of the following is KEY to an auditor’s evaluation of the completeness of an organization’s cloud compliance obligations?

Answer options

• A. Understanding the organization’s risk appetite and risk tolerance
• B. A view of recent data breaches across the organization’s service providers
• C. A view of obligations within contractual agreements with service providers
• D. Understanding the organization’s business and operating environment

Correct answer: C

Explanation

The correct answer is C because the contractual agreements with service providers explicitly outline compliance obligations that must be met. Options A and D, while important for understanding the overall risk and context, do not directly address the completeness of compliance obligations. Option B focuses on past incidents rather than current contractual responsibilities.