Question 38
UnclassifiedWhich of the following is a cloud-specific security standard?
Correct answer: A
Explanation
ISO/IEC 27017 is the cloud-specific security standard because it provides guidance for cloud services and cloud security controls. It is widely known as the standard for "information security controls for the provision and use of cloud services," distinguishing it from general security standards.
Why each option is right or wrong
A. 15027017
ISO/IEC 27017 is the cloud-focused extension of the ISO/IEC 27000 family: it was published as a code of practice for information security controls in the provision and use of cloud services, adding cloud-specific guidance to the baseline controls in ISO/IEC 27002. By contrast, ISO/IEC 27001 is the general ISMS requirements standard and ISO/IEC 27002 is general control guidance, so the cloud-specific identifier here is 27017.
B. 15014001
C. 15022301
D. 15027701