Certificate of Cloud Auditing Knowledge (CCAK) — Question 265

Which of the following is the MOST significant difference between a cloud risk management program and a traditional risk management program?

Answer options

• A. Risk management practices adopted by the cloud service provider
• B. Hosting sensitive information in the cloud environment
• C. Virtualization of the IT landscape
• D. Shared responsibility model

Correct answer: D

Explanation

The shared responsibility model is the most significant difference because it defines the division of security responsibilities between the cloud service provider and the customer. Traditional risk management does not typically involve such a clear division of responsibilities, while the other options focus on aspects that are also present in traditional environments, making them less distinctive.