Question 4
UnclassifiedWhich of the following is a key benefit of using a continuous monitoring approach in cloud auditing?
Correct answer: A
Explanation
Continuous monitoring provides ongoing visibility into cloud activity, so security events can be identified as they happen rather than after a periodic review. This supports "real-time detection of security incidents and breaches," which is the main advantage over traditional point-in-time auditing.
Why each option is right or wrong
A. It allows for real-time detection of security incidents and breaches.
Continuous monitoring is the appropriate choice because cloud environments change rapidly, so a point-in-time audit can miss events that occur between review cycles. Under NIST SP 800-137, Information Security Continuous Monitoring (ISCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support near real-time risk response; in practice, that means incidents and breaches can be detected as they occur rather than only at scheduled audit intervals.
B. It eliminates the need for manual audit reviews and assessments.
C. It provides assurance that all cloud controls and configurations are up-to-date.
D. It enables auditors to conduct thorough penetration tests on cloud systems.