Certificate of Cloud Auditing Knowledge (CCAK) — Question 224

Which of the following provides the BEST evidence that a cloud service provider's continuous integration and continuous delivery (CI/CD) development pipeline includes checks for compliance as new features are added to its Software as a Service (SaaS) applications?

Answer options

• A. Compliance tests are automated and integrated within the CI tool.
• B. Developers keep credentials outside the code base and in a secure repository.
• C. Frequent compliance checks are performed for development environments.
• D. Third-party security libraries are continuously kept up to date.

Correct answer: A

Explanation

The correct answer, A, indicates that compliance tests are part of the CI process, ensuring that compliance is checked as new features are developed. The other options, while important for security and best practices, do not directly demonstrate that compliance checks are integrated into the CI/CD pipeline.