A cloud service customer is looking to subscribe to a finance solution provided by a cloud service provider. The provider has clarified that the audit logs cannot be taken out of the cloud environment by the customer to its security information and event management (SIEM) solution for monitoring purposes. Which of the following should be the GREATEST concern to the auditor?

A. The provider does not maintain audit logs in their environment.

B. The customer cannot monitor its cloud subscription on its own and must rely on the provider for monitoring purposes.

C. The audit logs are overwritten every 30 days, and all past audit trail is lost.

D. The audit trails are backed up regularly, but the backup is not encrypted.








 

Suggested Answer: B

Community Answer: B



This question is in CCAK Certificate of Cloud Auditing Knowledge Exam
For getting Certificate of Cloud Auditing Knowledge (CCAK)










Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by ISACA. 
Trademarks, certification & product names are used for reference only and belong to ISACA.
The website does not contain actual questions and answers from ISACA's Certification Exams.