Certificate of Cloud Auditing Knowledge (CCAK) — Question 182

Which of the following is the BEST tool to perform cloud security control audits?

Answer options

• A. General Data Protection Regulation (GDPR)
• B. ISO 27001
• C. Federal Information Processing Standard (FIPS) 140-2
• D. CSA Cloud Control Matrix (CCM)

Correct answer: D

Explanation

The CSA Cloud Control Matrix (CCM) is specifically designed for cloud security and provides a comprehensive framework for auditing cloud providers. In contrast, GDPR focuses on data protection regulations, ISO 27001 addresses information security management systems broadly, and FIPS 140-2 pertains to cryptographic modules, making them less suitable for specific cloud security control audits.