Certificate of Cloud Auditing Knowledge (CCAK) — Question 65

Which of the following enables auditors to conduct gap analysis?

Answer options

• A. The experience gained over the years
• B. Using a standardized control framework
• C. Understanding the customer risk profile
• D. The as-is and to-be enterprise architecture (EA)

Correct answer: B

Explanation

The correct answer is B because a standardized control framework provides a consistent basis for evaluating existing controls against best practices. The other options, while useful in various contexts, do not specifically provide the framework necessary for conducting a gap analysis.