A company wants to migrate its critical application to a public cloud but the security administrator is
concerned with the application’s data confidentiality requirements. Which of the following can be
done to review if the appropriate management security controls are in place at the provider?
A.
Penetration testing
B.
Vulnerability assessment
C.
Performance and application testing
D.
Policy and procedure audit