Given this discovery, what should be the most appropriate action for the auditor to perform?

CCAK 0 Comments

While performing the audit, the auditor found that an object storage bucket containing PII could be accessed by anyone on the Internet.

Given this discovery, what should be the most appropriate action for the auditor to perform?
A . Highlighting the gap to the audit sponsor at the sponsor’s earliest possible availability
B . Asking the organization’s cloud administrator to immediately close the gap by updating the configuration settings and making the object storage bucket private and hence inaccessible from the Internet
C . Documenting the finding in the audit report and sharing the gap with the relevant stakeholders
D . Informing the organization’s internal audit manager immediately about the gap

Answer: C

Explanation:

Reference: https://www.isaca.org/resources/isaca-journal/issues/2020/volume-1/is-audit-basics-the-components-of-the-it-audit-report

Latest CCAK Dumps Valid Version with 76 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download CCAK PDF     CCAK Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments