What areas should be reviewed when auditing a public cloud?

What areas should be reviewed when auditing a public cloud?
A . Identity and access management (IAM) and data protection
B . Source code reviews and hypervisor
C . Patching and configuration
D . Vulnerability management and cyber security reviews

View Answer

Answer: A

Explanation:

When auditing a public cloud, it is essential to review areas such as Identity and Access Management (IAM) and data protection. IAM involves ensuring that only authorized individuals have access to the cloud resources, and that their access is appropriately managed and monitored. This includes reviewing user authentication methods, access control policies, role-based access controls, and user activity monitoring1.

Data protection is another critical area to review. It involves ensuring that the data stored in the public cloud is secure from unauthorized access, breaches, and leaks. This includes reviewing data encryption methods, data backup and recovery processes, data privacy policies, and compliance with relevant data protection regulations1.

While the other options may also be relevant in certain contexts, they are not as universally applicable as IAM and data protection for auditing a public cloud. Source code reviews and hypervisor (option B), patching and configuration (option C), and vulnerability management and cybersecurity reviews (option D) are important but are more specific to certain types of cloud services or deployment models.

Reference: Cloud Computing ― What IT Auditors Should Really Know – ISACA