Certificate of Cloud Auditing Knowledge (CCAK) — Question 200

Which of the following would be the MOST critical finding of an application security and DevOps audit?

Answer options

• A. The organization is not using a unified framework to integrate cloud compliance with regulatory requirements.
• B. Application architecture and configurations did not consider security measures.
• C. Outsourced cloud service interruption, breach or loss of data stored at the cloud service provider.
• D. Certifications with global security standards specific to cloud are not reviewed and the impact of noted findings are not assessed.

Correct answer: B

Explanation

Option B is correct because failing to consider security measures in application architecture and configurations can lead to significant vulnerabilities. Options A, C, and D, while important, pertain to broader organizational compliance and operational issues rather than direct security flaws in the application itself.