CCSK Question #27: Real Exam Question with Answer & Explanation

Question

Options

• AMore physical control over assets and processes.
• BGreater reliance on contracts, audits, and assessments due to lack of visibility or management.
• CDecreased requirement for proactive management of relationship and adherence to contracts.
• DIncreased need, but reduction in costs, for managing risks accepted by the cloud provider.
• ENone of the above.

Explanation

This question tests understanding of the key challenges organizations face when managing enterprise risk for cloud deployments. The correct answer identifies reduced direct visibility as a recognized disadvantage that forces reliance on indirect assurance mechanisms.

Common mistakes.

• A. Cloud deployments result in less physical control over assets and processes - not more - because the physical infrastructure is owned and managed by the cloud provider.
• C. Cloud environments actually increase the requirement for proactive relationship management and contract adherence due to reduced direct control, not decrease it.
• D. While responsibility for some risks may shift to the provider, overall risk management costs do not automatically decrease - audit, compliance, and assurance activities often maintain or increase expenditure.
• E. Option B correctly describes a recognized disadvantage of cloud enterprise risk management, so 'none of the above' is factually incorrect.

Concept tested. Enterprise risk management challenges in cloud deployments

Reference. https://cloudsecurityalliance.org/research/guidance/

No community discussion yet for this question.