During an audit it was identified that a critical application hosted in an off-premises cloud is not part of the organization’s DRP (Disaster Recovery Plan). Management stated that it is responsible for ensuring that the cloud service provider (CSP) has a plan that is tested annually. What should be the auditor’s NEXT course of action?

A. Review the CSP audit reports.

B. Review the security white paper of the CSP.

C. Review the contract and DR capability.

D. Plan an audit of the CSP.








 

Suggested Answer: A

Community Answer: C



This question is in CCAK Certificate of Cloud Auditing Knowledge Exam
For getting Certificate of Cloud Auditing Knowledge (CCAK)










Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by ISACA. 
Trademarks, certification & product names are used for reference only and belong to ISACA.
The website does not contain actual questions and answers from ISACA's Certification Exams.