Certified Cloud Security Professional – CCSP – Question326

As part of the auditing process, getting a report on the deviations between intended configurations and actual policy is often crucial for an organization.
What term pertains to the process of generating such a report?

A.
Deficiencies
B. Findings
C. Gap analysis
D. Errors

Correct Answer: C

Explanation:

Explanation: The gap analysis determines if there are any differences between the actual configurations in use on systems and the policies that govern what the configurations are expected or mandated to be. The other terms provided are all similar to the correct answer (“findings” in particular is often used to articulate deviations in configurations), but gap analysis is the official term used.