Certificate of Cloud Auditing Knowledge (CCAK) — Question 234

Which of the following is a tool that visually depicts the gaps in an organization’s security capabilities?

Answer options

• A. Cloud security alliance (CSA) cloud control matrix
• B. Requirements traceability matrix
• C. Cloud security alliance (CSA) enterprise architecture (EA)
• D. Colored impact and likelihood risk matrix

Correct answer: D

Explanation

The Colored impact and likelihood risk matrix is specifically designed to visualize security risks by highlighting gaps in security capabilities. The other options, such as the CSA cloud control matrix and the requirements traceability matrix, serve different purposes and do not focus on visualizing security deficiencies.