CSA Exam CCSK Topic 8 Question 61 Discussion

Actual exam question for CSA's CCSK exam

Question #: 61
Topic #: 8

CCM: A company wants to use the IaaS offering of some CSP. Which of the following options for using CCM is NOT suitable for the company as a cloud customer?

ASubmit the CCM on behalf of the CSP to CSA Security, Trust & Assurance Registry (STAR), a free, publicly accessible registry that documents the security controls provided by CSPs

BUse CCM to build a detailed list of requirements and controls that they want their CSP to implement

CUse CCM to help assess the risk associated with the CSP

DNone of the above

Show Suggested Answer

Suggested Answer: D

by Rasheeda at Apr 10, 2024, 10:10 AM

Limited Time Offer

25%

Off

Get Premium CCSK Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Ashlyn

6 months ago

Yes, I think the answer is C. Using CCM to assess the risk associated with the CSP is not suitable for the company as a cloud customer.

upvoted 0 times

...

Eva

6 months ago

So, the answer should be C then, right? It's about assessing the company's risk, not the CSP's.

upvoted 0 times

...

Filiberto

6 months ago

That makes sense, Ashlyn. The company needs to ensure they understand the risks involved before choosing a CSP.

upvoted 0 times

...

Ashlyn

6 months ago

I believe option C is not suitable. The company should use CCM to assess their own risk, not the CSP's.

upvoted 0 times

...

Eva

6 months ago

I agree with Filiberto. It's the CSP's responsibility to submit the CCM to STAR.

upvoted 0 times

...

Filiberto

6 months ago

I think option A is not suitable because the company should not submit CCM on behalf of the CSP.

upvoted 0 times

...

Sheron

7 months ago

Using CCM to assess the risk associated with the CSP could also be helpful in making an informed decision.

upvoted 0 times

...

Nana

7 months ago

I agree with Option B seems more appropriate for detailing their own requirements.

upvoted 0 times

...

Della

7 months ago

Because submitting the CCM on behalf of the CSP to STAR may not accurately represent the company's specific requirements.

upvoted 0 times

...

Gladys

7 months ago

Why do you say that, Alice?

upvoted 0 times

...

Della

7 months ago

I think option A is not suitable for the company.

upvoted 0 times

...

Jaclyn

8 months ago

I think options B and C are the way to go. The company can use the CCM to really dig into the details and make sure the CSP is up to snuff.

upvoted 0 times

...

Daniela

8 months ago

Haha, yeah, that's like the company saying, 'Hey CSP, we'll do your job for you. How's that?' Not very practical.

upvoted 0 times

...

Alease

8 months ago

Exactly. I mean, if the company submits the CCM on behalf of the CSP, they might as well just become the CSP themselves. That's just silly.

upvoted 0 times

Colton

6 months ago

Yeah, that would defeat the purpose of using a CSP for IaaS.

upvoted 0 times

...

Reynalda

7 months ago

I think option A is not suitable because it's like taking over the CSP's role.

upvoted 0 times

...

Miriam

8 months ago

Agreed. The company should leverage the CCM to ensure the CSP is meeting their specific needs, not take on the CSP's responsibility.

upvoted 0 times

...

Yeah, you're right. I think option A is not suitable for the company as a cloud customer. They should focus on using the CCM to assess the risk and build their own requirements, as per options B and C.

upvoted 0 times

...

Paris

8 months ago

Hmm, this is a tricky one. I'm not sure if submitting the CCM on behalf of the CSP is a good idea, since that's the CSP's responsibility, right?

upvoted 0 times

...

CSA Exam CCSK Topic 8 Question 61 Discussion

Contribute your Thoughts:

Ashlyn

Eva

Filiberto

Ashlyn

Eva

Filiberto

Sheron

Nana

Della

Gladys

Della

Jaclyn

Daniela

Alease

Colton

Reynalda

Miriam

Thora

Paris