🔥 3-day streak
ISC2 CCSP — Certified Cloud Security Professional9 / 124
Question 9 of 124
A financial services firm is negotiating a contract with a large public IaaS provider. The firm's internal audit team insists on including a traditional 'right-to-audit' clause that would allow their auditors physical, on-site access to the provider's data centers to inspect controls whenever needed. The provider refuses this specific demand, citing the multitenant nature of its facilities. As the cloud security advisor, what should you recommend as the most practical way for the firm to obtain the required assurance over the provider's control environment?
Reviewed for accuracy · Report an issueNext question