CAS-005 · Question #125
CAS-005 Question #125: Real Exam Question with Answer & Explanation
The correct answer is A: How the organization will implement and monitor the user entity controls. User entity controls are responsibilities that must be implemented by the organization, so determining how to implement and monitor them is critical. Monitoring the CSP or auditing their implementation pertains to the CSP's responsibilities, not complementary user entity controls
Question
During a vendor assessment, an analyst reviews a listing of the complementary user entity controls included in the audit report. Which of the following is the most important aspect to consider when reviewing this list with the security team?
Options
- AHow the organization will implement and monitor the user entity controls
- BHow the CSP performs the controls on behalf of the user entity
- CHow the organization should monitor the CSP's execution of the user entity controls
- DHow the user entity will audit the CSP's implementation of the user entity controls
Explanation
User entity controls are responsibilities that must be implemented by the organization, so determining how to implement and monitor them is critical. Monitoring the CSP or auditing their implementation pertains to the CSP's responsibilities, not complementary user entity controls.
Community Discussion
No community discussion yet for this question.