Exam CCAK topic 1 question 83 discussion

To support a customer's verification of the Cloud Service Provider's (CSP) claims regarding their responsibilities according to the shared responsibility model, the most appropriate tool or technique would be: C. External audit External audits are conducted by independent third parties and can provide an objective assessment of whether the CSP is meeting its responsibilities as outlined in the shared responsibility model. These audits can help verify claims made by the CSP and ensure compliance with standards and regulations.

The Answer is D. The goals of each assessment process are to understand the relevant controls, to check that customer-side controls are in place and operating correctly; and to verify that the customer is asking the cloud provider the right questions about responsibilities under the shared responsibility model.

Answer is A

The answer is A; Page 37 of the CCAK guide (1.3.10 Tools and Techniques to Design, Implement and Operate a Governance Program) Contract—Providers usually require customers to sign a customer agreement before using services. Those agreements are a major foundation of governance and assurance, because they provide controls on the relationship with the CSP. Cloud agreements or contracts usually consist of service terms (SLA, acceptable use policy, technical support) and legal terms (jurisdiction, dispute handling, remedies). Those terms are the foundation of the shared responsibility model, which is usually not described directly in the contract. In general, cloud providers rely on unified service and do not negotiate their contracts for every customer request. However, large organizations probably will be able to get more changes, and smaller providers probably will demonstrate more flexibility. See section 1.4.13 for more information about contracts as a governance tool.