Certificate of Cloud Auditing Knowledge (CCAK) — Question 249

When performing audits in relation to the organizational strategy and governance, what should be requested from the cloud service provider?

Answer options

• A. Enterprise cloud security strategy
• B. Enterprise cloud strategy and policy
• C. Attestation reports
• D. Policies and procedures

Correct answer: C

Explanation

The correct answer is C, as attestation reports provide independent verification of the cloud service provider's compliance with security standards and practices. The other options, while relevant to cloud governance, do not offer the same level of independent assurance required during audits.