Certificate of Cloud Auditing Knowledge (CCAK) — Question 48

The BEST method to report continuous assessment of a cloud provider’s services to the CSA is through:

Answer options

• A. a set of dedicated application programming interfaces (APIs).
• B. SOC 2 Type 2 attestation.
• C. CCM assessment by a third-party auditor on a periodic basis.
• D. tools selected by the third-party auditor.

Correct answer: A

Explanation

Using a set of dedicated application programming interfaces (APIs) allows for real-time data exchange and monitoring, which is essential for continuous assessment. While SOC 2 Type 2 attestation and periodic CCM assessments provide valuable insights, they do not facilitate ongoing reporting as effectively as APIs. Tools selected by the auditor, while useful, do not inherently ensure continuous assessment like dedicated APIs do.