Certificate of Cloud Auditing Knowledge (CCAK) — Question 180

The MAIN difference between Cloud Control Matrix (CCM) and Consensus Assessment Initiative Questionnaire (CAIQ) is that:

Answer options

• A. CCM assesses the presence of controls, whereas CAIQ assesses overall security of a service.
• B. CCM has a set of security questions, whereas CAIQ has a set of security controls.
• C. CCM has 14 domains and CAIQ has 16 domains.
• D. CCM provides a controls framework, whereas CAIQ provides industry-accepted ways to document which security controls exist in IaaS, PaaS, and SaaS offerings.

Correct answer: D

Explanation

The correct answer is D because the Cloud Control Matrix (CCM) serves as a framework for controls, while the Consensus Assessment Initiative Questionnaire (CAIQ) outlines standard methods for documenting the security controls applicable to different cloud service models. The other options misrepresent the roles of CCM and CAIQ, such as confusing the nature of their assessments or the number of domains they cover.