🔥 3-day streak
ISC2 CCSP — Certified Cloud Security Professional10 / 124
Question 10 of 124
A financial services firm is being audited against its own controls, many of which now depend on a SaaS provider that hosts customer transaction data. The firm's auditor requests to physically inspect the provider's data centers and run vulnerability scans against the provider's shared infrastructure. The provider refuses both requests, citing multitenancy and its own security policies. What is the MOST appropriate way for the firm to satisfy the auditor's need for assurance over the outsourced controls?
Reviewed for accuracy · Report an issueNext question