Certificate of Cloud Auditing Knowledge (CCAK) — Question 241

Which of the following is MOST important for an auditor to understand regarding cloud security controls?

Answer options

• A. Controls adapt to changes in the threat landscape.
• B. Controls are the responsibility of the cloud service provider.
• C. Controls are the responsibility of the internal audit team.
• D. Controls are static and do not change.

Correct answer: A

Explanation

Option A is correct because understanding that controls must evolve with the threat landscape is essential for effective auditing. Option B is incorrect as while the cloud service provider has responsibilities, the auditor must also consider shared responsibilities. Option C is wrong since the internal audit team has a role, but it is not solely responsible for all controls. Option D is false because static controls would not effectively mitigate evolving threats.