Exam CCAK topic 1 question 101 discussion

The correct answer is: **B. develop plans using a standardized risk-based approach.** Prioritizing assurance activities for an organization’s cloud services portfolio primarily depends on using a risk-based approach to identify and evaluate potential risks associated with different cloud services. This approach allows the organization to systematically assess which services pose higher risks and require more frequent or in-depth assurance activities. By focusing on risk, the organization can allocate resources effectively and ensure that the most critical areas receive appropriate attention. While scheduling reviews, maintaining inventories, and gathering business function insights are important, the standardized risk-based approach provides the necessary framework to prioritize assurance activities based on the actual risk profile of the cloud services portfolio.

Design the risk assessment program for cloud migration—all deployment models (private vs. public), service models (IaaS/PaaS/SaaS) and data classification models affect the risk management process. Organizations should list the cloud risks they foresee, and then examine the designated cloud service against those risks to determine risk likelihood, impact and tolerance. CCAK P# 36

Answer B. CCAK Study Guide, p. 265-266, Section 5.5.1 Understanding the Required Level of Assurance to Satisfy the Cloud Customer, "Based on the penetration of cloud services into the typical organization technology environment and the two-dimensional aspect of both the number of service providers and the number of organizational instances, it is imperative that an enterprise risk management program be implemented or extended to include all known and unknown (shadow IT) cloud services and providers. This risk-based approach will facilitate the creation of a portfolio view of all CSPs, with risk ratings for each type of service provided to the organization."