Certificate of Cloud Auditing Knowledge (CCAK) — Question 149

The control domain feature within a Cloud Controls Matrix (CCM) represents:

Answer options

• A. CCM's ability to scan and check Active Directory, LDAP, and x.500 directories for suspicious and/or privileged user accounts.
• B. CCM's ability to scan for anomalies in DNS zones in order to detect DNS spoofing, DNS hijacking, DNS cache poisoning, and similar threats.
• C. a logical grouping of security controls addressing the same category of IT risks or information security concerns.
• D. a set of application programming interfaces (APIs) that allows a cloud consumer to restrict the replication area within a well-defined jurisdictional perimeter.

Correct answer: C

Explanation

The correct answer, C, accurately describes the control domain as a categorization of security controls that focus on specific IT risks or information security issues. Options A and B describe specific scanning capabilities, while D concerns API functionalities, none of which relate to the grouping of security controls.