To support customer’s verification of the CSP claims regarding their responsibilities according to the shared responsibility model, which of the following tools and techniques is appropriate?
The Answer is D.
The goals of each assessment process are to understand the relevant controls, to check that customer-side controls are in place and operating correctly; and to verify that the customer is asking the cloud provider the right questions about responsibilities under the shared responsibility model.
The answer is A; Page 37 of the CCAK guide (1.3.10 Tools and Techniques to Design, Implement and Operate a Governance Program)
Contract—Providers usually require customers to sign a customer agreement before using services. Those agreements are a major foundation of governance and assurance, because they provide controls on the relationship with the CSP. Cloud agreements or contracts usually consist of service terms (SLA, acceptable use policy, technical support) and legal terms (jurisdiction, dispute handling, remedies). Those terms are the foundation of the shared responsibility model, which is usually not described directly in the contract. In general, cloud providers rely on unified service and do not negotiate their contracts for every customer request. However, large organizations probably will be able to get more changes, and smaller providers probably will demonstrate more flexibility.
See section 1.4.13 for more information about contracts as a governance tool.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
339dfab
1 month, 1 week ago4f2a581
3 months, 2 weeks agocarlosdfr3
7 months ago