Certificate of Cloud Auditing Knowledge (CCAK) — Question 217

When auditing a Software as a Service (SaaS) cloud service provider, which of the following observations would be of GREATEST concern to the auditor?

Answer options

• A. The provider was in breach of a couple of service level agreements (SLAs) in the past year.
• B. The audit trails are available for 3-4 days and are typically overwritten as soon as the disk reaches its capacity.
• C. Only an executive summary of the annual penetration testing report was made available by the provider for the review. It had details about the criticality of the vulnerabilities and the plan and timeline to mitigate them, but the detailed penetration testing report was not made available.
• D. In case of a breach in the provider’s environment involving the organization's data, the provider sends the breach notification to the organization's breach notification shared mailbox that is documented in the service agreement.

Correct answer: B

Explanation

Option B is the most concerning because short retention of audit logs limits the ability to investigate incidents effectively. While options A, C, and D indicate issues, they do not pose as immediate a risk to data security and auditing capabilities as the lack of sufficient audit trail retention does.