An organization is planning to host a number of its critical applications in the cloud. Which of the following is the BEST way to gain a broad assurance of the cloud provider’s security posture?
A. A review that includes interviewing key security stakeholders and identifying the key controls that they operate
B. A review that includes security policies, evidence of the controls, physical site assessment and vulnerability scanning
C. A review that includes the right to audit on a yearly basis and review of the security clauses on the contract
D. A review that includes security applications, external audits, intrusion detection and firewall policy reviews
