CCAK

Under the Shared Responsibility model where there is an application that consumes multiple third-party cloud services, what is one of the main goals of the assessor?

1. Confirm what certifications the cloud provider holds.
2. Determine the organization treats vulnerabilities and incidents.
3. Establish whether the organization has identified security controls of the cloud provider.
4. Document what third-party applications are used.

*I will post the answer next week :)

------------------------------
Jenna Morrison
Training Department Intern
Cloud Security Alliance
------------------------------

The answer to this is:
(3) Establish whether the organization has identified security controls of the cloud provider.

Justification:
Where there is an application that consumes multiple third-party cloud services, the assessor's goal is to establish whether the organization has identified security controls of the cloud provider, investigated answers around controls for developing secure software, and obtained evidence to support the answer.

------------------------------
Jenna Morrison
Training Department Intern
Cloud Security Alliance
------------------------------

Original Message:
Sent: Dec 08, 2021 11:19:20 AM
From: Jenna Morrison
Subject: Shared Responsibility Implication - CCAK Practice Question

Under the Shared Responsibility model where there is an application that consumes multiple third-party cloud services, what is one of the main goals of the assessor?

1. Confirm what certifications the cloud provider holds.
2. Determine the organization treats vulnerabilities and incidents.
3. Establish whether the organization has identified security controls of the cloud provider.
4. Document what third-party applications are used.

*I will post the answer next week :)

------------------------------
Jenna Morrison
Training Department Intern
Cloud Security Alliance
------------------------------