An organization is in the initial phases of cloud adoption. It is not very knowledgeable about cloud security and cloud shared responsibility models .
Which of the following approaches is BEST suited for such an organization to evaluate its cloud security?
A . Use of an established standard/regulation to map controls and use as the audit criteria
B . For efficiency reasons, use of its on-premises systems’ audit criteria to audit the cloud environment
C . As this is the initial stage, the ISO/IEC 27001 certificate shared by the cloud service provider is sufficient for audit and compliance purposes.
D . Development of the cloud security audit criteria based on its own internal audit test plans to ensure appropriate coverage
Answer: A
Latest CCAK Dumps Valid Version with 76 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund