Exam CISA topic 1 question 609 discussion

I believe A is the answer. Service level agreement (SLA) performance metrics

c. While Service Level Agreement (SLA) performance metrics (Option A) are important for understanding the expected performance and reliability of the cloud services, they do not provide a comprehensive view of the security and control measures in place. An Independent control assessment (Option C) is more useful because it offers an unbiased evaluation of the cloud provider's controls, helping the organization ensure that the provider meets their security and compliance requirements.

While an independent control assessment (option C) could also be valuable for assessing the security and compliance posture of the CSP, SLA performance metrics are more directly relevant to evaluating the quality of service delivery and meeting the organization's operational needs in a public cloud environment.

C. Independent control assessment

A is correct.

When planning to adopt a public cloud computing model, an organization would find an independent control assessment to be MOST useful. This involves a third-party assessment of the cloud service provider's security controls and practices. While each option has its importance, an independent control assessment (Option C) provides the organization with an objective evaluation of the effectiveness of the cloud service provider's security controls. It offers assurance that the provider's security measures are in place and functioning as intended. In the context of security and risk management, having an independent assessment of the cloud service provider's controls is critical for making informed decisions about the adoption of a public cloud computing model.

why not A?