Certificate of Cloud Auditing Knowledge Questions and Answers
Question 53
Which of the following metrics are frequently immature?
Options:
A.
Metrics around specific Software as a Service (SaaS) application services
B.
Metrics around Infrastructure as a Service (laaS) computing environments
C.
Metrics around Infrastructure as a Service (laaS) storage and network environments
D.
Metrics around Platform as a Service (PaaS) development environments
Answer:
D
Explanation:
Metrics around Platform as a Service (PaaS) development environments are frequently immature, as PaaS is a relatively new and evolving cloud service model that offers various tools and platforms for developing, testing, deploying, and managing cloud applications. PaaS metrics are often not well-defined, standardized, or consistent across different providers and platforms, and may not capture the full value and performance of PaaS services. PaaS metrics may also be difficult to measure, monitor, and compare, as they depend on various factors, such as the type, complexity, and quality of the applications, the level of customization and integration, the usage patterns and demand, and the security and compliance requirements. Therefore, PaaS metrics may not provide sufficient insight or assurance to cloud customers and auditors on the effectiveness, efficiency, reliability, and security of PaaS services12.
References:
Cloud Computing Service Metrics Description - NIST
Cloud KPIs You Need to Measure Success - VMware Blogs
Question 54
Which of the following is a KEY benefit of using the Cloud Controls Matrix (CCM)?
Options:
A.
CCM utilizes an ITIL framework to define the capabilities needed to manage the IT services and security services.
B.
CCM maps to existing security standards, best practices, and regulations.
C.
CCM uses a specific control for Infrastructure as a Service (laaS).
D.
CCM V4 is an improved version from CCM V3.0.1.
Answer:
B
Explanation:
The Cloud Controls Matrix (CCM) is a cybersecurity control framework specifically designed for cloud computing environments. A key benefit of using the CCM is that it maps to existing security standards, best practices, and regulations. This mapping allows organizations to ensure that their cloud security posture aligns with industry-recognized frameworks, thereby facilitating compliance and security assurance efforts. The CCM’s comprehensive set of control objectives covers all key aspects of cloud technology and provides guidance on which security controls should be implemented by various actors within the cloud supply chain.
References = This answer is supported by the information provided in the Cloud Controls Matrix documentation and related resources, which highlight the CCM’s alignment with other security standards and its role in helping organizations navigate the complex landscape of cloud security and compliance12.
