While performing the audit, the auditor found that an object storage bucket containing PII could be accessed by anyone on the Internet. Given this discovery, what should be the most appropriate action for the auditor to perform?

A. Highlighting the gap to the audit sponsor at the sponsor’s earliest possible availability

B. Asking the organization’s cloud administrator to immediately close the gap by updating the configuration settings and making the object storage bucket private and hence inaccessible from the Internet

C. Documenting the finding in the audit report and sharing the gap with the relevant stakeholders

D. Informing the organization’s internal audit manager immediately about the gap








 

Suggested Answer: C





This question is in CCAK Certificate of Cloud Auditing Knowledge Exam
For getting Certificate of Cloud Auditing Knowledge (CCAK)










Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by ISACA. 
Trademarks, certification & product names are used for reference only and belong to ISACA.
The website does not contain actual questions and answers from ISACA's Certification Exams.