Certificate of Cloud Auditing Knowledge (CCAK) — Question 162
Which of the following would give an auditor the BEST view of design and implementation decisions when an organization uses programmatic automation for Infrastructure as a Service (IaaS) deployments? The visibility of:
Answer options
- A. output from threat modeling exercises.
- B. results from automated testing.
- C. source code within build scripts.
- D. service level agreements.
Correct answer: A
Explanation
Output from threat modeling exercises offers a thorough perspective on the security design and potential vulnerabilities within the IaaS deployment, which is crucial for an auditor. In contrast, results from automated testing focus more on functionality rather than design decisions, source code within build scripts may not fully represent the overall architecture, and service level agreements primarily outline performance expectations rather than implementation details.