CCSK Exam QuestionsBrowse all questions from this exam

CCSK Exam - Question 26


To understand their compliance alignments and gaps with a cloud provider, what must cloud customers rely on?

Show Answer
Correct Answer: C

To understand their compliance alignments and gaps with a cloud provider, cloud customers must rely on third-party attestations. These attestations offer unbiased and validated reports on the provider's compliance status, giving customers a reliable source of information regarding compliance alignments and potential gaps.

Discussion

6 comments
Sign in to comment
ciscolangirlOption: C
Oct 11, 2023

Pg. 56 - The Security Guidance for Critical Areas of Focus in Cloud Computing v4.0 - Cloud customers, particularly in public cloud, must rely more on third-party attestations of the provider to understand their compliance alignment and gaps.

motenOption: C
Jun 5, 2023

3rd Party Attestation would give unbiased view of compliance status.

assfedassfinishedOption: C
Apr 16, 2024

P 55 4.1.1.1 How Cloud Changes Compliance As with security, compliance in the cloud is a shared responsibility model. Both the cloud provider and customer have responsibilities, but the customer is always ultimately responsible for their own compliance. These responsibilities are defined through contracts, audits/assessments, and specifics of the compliance requirements. P 56 Cloud customers, particularly in public cloud, must rely more on third-party attestations of the provider to understand their compliance alignment and gaps.

juanescast
Sep 6, 2023

4.1.1.1 find the answers

CrotofrotoOption: D
Sep 28, 2023

Security Guidance, page 55: As with security, compliance in the cloud is a shared responsibility model. Both the cloud provider and customer have responsibilities, but the customer is always ultimately responsible for their own compliance. These responsibilities are defined through contracts, audits/assessments, and specifics of the compliance requirements.

BigG83Option: C
Feb 19, 2024

Beside C is correct, the Answer A is also correct. See page 58 of Security Guidance about Artifacts. Answer A is about the Provider provided documentation which is also needed to understand the gaps.