exam questions

Exam CCSK All Questions

View all questions & answers for the CCSK exam

Exam CCSK topic 1 question 91 discussion

Actual exam question from CSA's CCSK
Question #: 91
Topic #: 1
[All CCSK Questions]

CCM: A company wants to use the IaaS offering of some CSP. Which of the following options for using CCM is NOT suitable for the company as a cloud customer?

  • A. Submit the CCM on behalf of the CSP to CSA Security, Trust & Assurance Registry (STAR), a free, publicly accessible registry that documents the security controls provided by CSPs
  • B. Use CCM to build a detailed list of requirements and controls that they want their CSP to implement
  • C. Use CCM to help assess the risk associated with the CSP
  • D. None of the above
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
MassoudAbedian
Highly Voted 1 year, 1 month ago
Selected Answer: A
I don't believe a customer can submit the CCM on behalf of the CSP to CSA Security. As a result I marked A for answer.
upvoted 9 times
...
byfener
Most Recent 4 months, 2 weeks ago
Selected Answer: A
This option is NOT suitable for the company as a cloud customer. The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) is a framework that provides a structured set of controls that can be used by customers to assess the security posture of their cloud providers. It's designed for customers to use when evaluating potential cloud service providers (CSPs) and their offerings. Submitting the CCM on behalf of the CSP to the CSA STAR registry would involve the cloud customer submitting information about the CSP's security controls and practices. However, the CCM is typically intended for customers to evaluate the CSP's security, rather than for the CSP to submit their own information. The responsibility for submitting accurate and up-to-date security information to the STAR registry lies with the CSP themselves. Therefore, option A is not suitable as a use of CCM by the company as a cloud customer.
upvoted 1 times
...
Brainiac
6 months, 4 weeks ago
The option that is NOT suitable for the company as a cloud customer when using the Cloud Control Matrix (CCM) is: A. Submit the CCM on behalf of the CSP to CSA Security, Trust & Assurance Registry (STAR), a free, publicly accessible registry that documents the security controls provided by CSPs. Submitting the CCM on behalf of the cloud service provider (CSP) to CSA STAR is not a suitable option for the company as a cloud customer. The CSA STAR registry is intended for CSPs to document and demonstrate their security controls and practices to customers and the public. It is not meant for cloud customers to submit the CCM on behalf of their CSP.
upvoted 2 times
...
moota
9 months, 1 week ago
Selected Answer: A
In https://cloudsecurityalliance.org/star/, you can ask your CSP to submit to the registry.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago