Certified Cloud Security Professional – CCSP – Question303
During the course of an audit, which of the following would NOT be an input into the control requirements used as part of a gap analysis. A. Contractual requirements B. Regulations C. Vendor recommendations D. Corporate policy
Correct Answer: C
Explanation:
Explanation: Vendor recommendations would not be pertinent to the gap analysis after an audit. Although vendor recommendations will typically play a role in the development of corporate policies or contractual requirements, they are not required. Regulations, corporate policy, and contractual requirements all determine the expected or mandated controls in place on a system.
Please disable your adblocker or whitelist this site!