Certificate of Cloud Auditing Knowledge (CCAK) — Question 131
When performing audits in relation to the organizational incident management process, what should be requested from the cloud service provider?
Answer options
- A. Incident management and response policies and procedures
- B. Information security policies and procedures
- C. Provider cloud strategy and policy
- D. Enterprise cloud security strategy
Correct answer: A
Explanation
The correct answer is A because incident management and response policies and procedures directly relate to how the provider manages incidents, which is essential for the audit. The other options, while important, do not specifically address the incident management process needed for the audit.