Certificate of Cloud Auditing Knowledge (CCAK) — Question 144

An organization plans to migrate to an Infrastructure as a Service (IaaS) cloud service provider and performs an evaluation of the provider's security. What would be the BEST course of action for the cloud auditor to understand the provider's network security controls?

Answer options

• A. Perform an independent audit of the cloud service provider’s premises.
• B. Ask the cloud service provider for a detailed network diagram.
• C. Check the information provided by the cloud service provider.
• D. Perform pen testing against the cloud service provider's infrastructure.

Correct answer: C

Explanation

The correct answer is C because reviewing the information provided by the cloud service provider offers direct insights into their security measures. Options A and D involve external assessments that may not provide the necessary understanding of the provider's specific controls, while option B may not guarantee completeness or accuracy without the context of the provider's security documentation.