Scribd Logo
Upload

Welcome to Scribd!

  • ISACA CCAK v2022-03-22 q27

    Uploaded by

    Deepa Nair
    245 views7 pages
    This document provides details about an exam for the ISACA Certificate of Cloud Auditing Knowledge (CCAK) certification, including the exam code, name, provider, and 26 sample multiple choice questions on topics related to cloud auditing and compliance. It also includes advertisements for CCAK exam preparation materials.

    Original Description:

    Original Title

    ISACA.CCAK.v2022-03-22.q27

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides details about an exam for the ISACA Certificate of Cloud Auditing Knowledge (CCAK) certification, including the exam code, name, provider, and 26 sample multiple choice questions on topics related to cloud auditing and compliance. It also includes advertisements for CCAK exam preparation materials.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    245 views7 pages

    ISACA CCAK v2022-03-22 q27

    Uploaded by

    Deepa Nair
    This document provides details about an exam for the ISACA Certificate of Cloud Auditing Knowledge (CCAK) certification, including the exam code, name, provider, and 26 sample multiple choice questions on topics related to cloud auditing and compliance. It also includes advertisements for CCAK exam preparation materials.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 7

    ISACA.CCAK.v2022-03-22.

    q27

    Exam Code: CCAK


    Exam Name: Certificate of Cloud Auditing Knowledge
    Certification Provider: ISACA
    Free Question Number: 27
    Version: v2022-03-22
    # of views: 104
    # of Questions views: 293
    https://www.freecram.net/torrent/ISACA.CCAK.v2022-03-22.q27.html

    NEW QUESTION: 1
    A cloud customer configured and developed a solution on top of the certified cloud
    services. Building on top of a compliant CSP:
    A. means that the cloud customer and client are both compliant.
    B. means that the cloud customer is also compliant.
    C. does not necessarily mean that the cloud customer is also compliant.
    D. means that the cloud customer is compliant but their client is not compliant.
    Answer: (SHOW ANSWER)

    NEW QUESTION: 2
    An organization has an ISMS implemented, following ISO 27001 and Annex A controls.
    The CIO would like to migrate some of the infrastructure to the cloud. Which of the
    following standards would BEST assist in identifying controls to consider for this migration?
    A. ISO/IEC 27701
    B. ISO/IEC 22301
    C. ISO/IEC 27002
    D. ISO/IEC 27017
    Answer: (SHOW ANSWER)
    Explanation
    ISO/IEC 27017 standard defines the requirements for an information security management
    system (ISMS).
    Note that the entire organization is not necessarily affected by the standard, because it all
    depends on the scope of the ISMS. The scope could be limited by the provider to one
    group within an organization, and there is no guarantee that any group outside of the
    scope has appropriate ISMSs in place. It is up to the auditor to verify that the scope of the
    engagement is "fit for purpose." As the customer, you are responsible for determining
    whether the scope of the certification is relevant for your purposes.
    NEW QUESTION: 3
    Which of the following approaches encompasses social engineering of staff, bypassing of
    physical access controls and penetration testing?
    A. White box
    B. Red team
    C. Blue team
    D. Gray box
    Answer: (SHOW ANSWER)

    NEW QUESTION: 4
    Which of the following would be considered as a factor to trust in a cloud service provider?
    A. The level of willingness to cooperate
    B. The level of proved technical skills
    C. The level of exposure for public information
    D. The level of open source evidence available
    Answer: (SHOW ANSWER)

    NEW QUESTION: 5
    To assist an organization with planning a cloud migration strategy to execution, an auditor
    should recommend the use of:
    A. service-oriented architecture.
    B. enterprise architecture.
    C. object-oriented architecture.
    D. software architecture.
    Answer: (SHOW ANSWER)

    NEW QUESTION: 6
    The PRIMARY objective of an audit initiation meeting with a cloud audit client is to:
    A. identify resource requirements of the cloud audit.
    B. discuss the scope of the cloud audit.
    C. select the methodology of an audit.
    D. review requested evidence provided by the audit client.
    Answer: (SHOW ANSWER)

    NEW QUESTION: 7
    In all three cloud deployment models, (IaaS, PaaS, and SaaS), who is responsible for the
    patching of the hypervisor layer?
    A. Cloud service provider
    B. Cloud service customer
    C. Patching on hypervisor layer is not required
    D. Shared responsibility
    Answer: (SHOW ANSWER)

    NEW QUESTION: 8
    To qualify for CSA STAR attestation for a particular cloud system, the SOC 2 report must
    cover:
    A. maturity model criteria.
    B. ISO/I 27001: 2013 controls.
    C. Cloud Control Matrix (CCM) and ISO/IEC 27001:2013 controls.
    D. all Cloud Control Matrix (CCM) controls and TSPC security principles.
    Answer: (SHOW ANSWER)

    NEW QUESTION: 9
    The rapid and dynamic rate of changes found in a cloud environment affects the
    organization's:
    A. risk profile.
    B. risk scoring.
    C. risk communication.
    D. risk appetite.
    Answer: (SHOW ANSWER)

    NEW QUESTION: 10
    A. Residual risk
    B. Impact Analysis
    C. Likelihood
    D. Mitigations
    Answer: (SHOW ANSWER)

    NEW QUESTION: 11
    A CSP providing cloud services currently being used by the United States federal
    government should obtain which of the following to assure compliance to stringent
    government standards?
    A. Multi-Tier Cloud Security (MTCS) Attestation
    B. FedRAMP Authorization
    C. CSA STAR Level Certificate
    D. ISO/IEC 27001:2013 Certification
    Answer: (SHOW ANSWER)

    NEW QUESTION: 12
    When developing a cloud compliance program, what is the PRIMARY reason for a cloud
    customer to review which cloud services will be deployed?
    A. To determine the total cost of the cloud services to be deployed
    B. To confirm if the compensating controls implemented are sufficient for the cloud
    C. To confirm which vendor will be selected based on the compliance with security
    requirements
    D. To determine how those services will fit within its policies and procedures
    Answer: (SHOW ANSWER)

    NEW QUESTION: 13
    Which of the following quantitative measures is KEY for an auditor to review when
    assessing the implementation of continuous auditing of performance on a cloud system?
    A. Service Level Objective (SLO)
    B. Service Level Agreement (SLA)
    C. Recovery Point Objectives (RPO)
    D. Recovery Time Objectives (RTO)
    Answer: (SHOW ANSWER)

    NEW QUESTION: 14
    How should controls be designed by an organization?
    A. Using the organization's risk management framework
    B. By the internal audit team
    C. Using the ISO27001 framework
    D. By the cloud provider
    Answer: (SHOW ANSWER)

    NEW QUESTION: 15
    What areas should be reviewed when auditing a public cloud?
    A. Vulnerability management, cyber security reviews, patching
    B. Identity and access management, data protection
    C. Patching, configuration, hypervisor, backups
    D. Patching, source code reviews, hypervisor, access controls
    Answer: (SHOW ANSWER)

    NEW QUESTION: 16
    Supply chain agreements between CSP and cloud customers should, at minimum, include:
    A. Audits, assessments and independent verification of compliance certifications with
    agreement terms
    B. Regulatory guidelines impacting the cloud customer
    C. Policies and procedures of the cloud customer
    D. Organization chart of the CSP
    Answer: (SHOW ANSWER)
    Valid CCAK Dumps shared by Fast2test.com for Helping Passing CCAK Exam!
    Fast2test.com now offer the newest CCAK exam dumps, the Fast2test.com CCAK
    exam questions have been updated and answers have been corrected get the
    newest Fast2test.com CCAK dumps with Test Engine here:
    https://www.fast2test.com/CCAK-premium-file.html (128 Q&As Dumps, 30%OFF
    Special Discount: freecram)

    NEW QUESTION: 17
    From the perspective of a senior cloud security audit practitioner in an organization of a
    mature security program with cloud adoption, which of the following statements BEST
    describes the DevSecOps concept?
    A. Operational framework that promotes software consistency through automation
    B. Process of security integration using automation in software development
    C. Development standards for addressing integration, testing, and deployment issues
    D. Making software development simpler, faster, and easier using automation
    Answer: (SHOW ANSWER)

    NEW QUESTION: 18
    Which of the following CSP activities requires a client's approval?
    A. Delete the guest account or destroy test data
    B. Delete the test accounts or destroy test data
    C. Delete the guest account or test accounts
    D. Delete the master account or subscription owner accounts
    Answer: (SHOW ANSWER)

    NEW QUESTION: 19
    Changes to which of the following will MOST likely influence the expansion or reduction of
    controls required to remediate the risk arising from changes to an organization's SaaS
    vendor?
    A. Risk exceptions policy
    B. Contractual requirements
    C. Risk appetite
    D. Board oversight
    Answer: (SHOW ANSWER)

    NEW QUESTION: 20
    A. As a confidentiality breach
    B. As control breach
    C. As an integrity breach
    D. As an availability breach
    Answer: (SHOW ANSWER)

    NEW QUESTION: 21
    Which of the following is MOST important to consider when developing an effective threat
    model during the introduction of a new SaaS service into a customer organization's
    architecture? The threat model:
    A. leverages SaaS threat models developed by peer organizations.
    B. recognizes the shared responsibility for risk management between the customer and
    the CSP.
    C. is developed by an independent third-party with expertise in the organization's industry
    sector.
    D. considers the loss of visibility and control from transitioning to the cloud.
    Answer: (SHOW ANSWER)

    NEW QUESTION: 22
    Which of the following is the risk associated with storing data in a cloud that crosses
    jurisdictions?
    A. Provider administration risk
    B. Compliance risk
    C. Virtualization risk
    D. Audit risk
    Answer: (SHOW ANSWER)

    NEW QUESTION: 23
    Which of the following is the BEST tool to perform cloud security control audits?
    A. ISO 27001
    B. General Data Protection Regulation (GDPR)
    C. Federal Information Processing Standard (FIPS) 140-2
    D. CSA Cloud Control Matrix (CCM)
    Answer: (SHOW ANSWER)

    NEW QUESTION: 24
    During an audit it was identified that a critical application hosted in an off-premises cloud is
    not part of the organization's DRP (Disaster Recovery Plan). Management stated that it is
    responsible for ensuring that the cloud service provider (CSP) has a plan that is tested
    annually. What should be the auditor's NEXT course of action?
    A. Review the CSP audit reports.
    B. Plan an audit of the CSP.
    C. Review the contract and DR capability.
    D. Review the security white paper of the CSP.
    Answer: (SHOW ANSWER)

    NEW QUESTION: 25
    Which of the following should be the FIRST step to establish a cloud assurance program
    during a cloud migration?
    A. Development
    B. Risk assessment
    C. Stakeholder identification
    D. Design
    Answer: (SHOW ANSWER)

    NEW QUESTION: 26
    Which of the following is an example of integrity technical impact?
    A. An administrator inadvertently click on Phish bait exposing his company to a
    ransomware attack.
    B. The cloud provider reports a breach of customer personal data from an unsecured
    server.
    C. A DDoS attack renders the customer's cloud inaccessible for 24 hours.
    D. A hacker using a stolen administrator identity alerts the discount percentage in the
    product database.
    Answer: (SHOW ANSWER)

    NEW QUESTION: 27
    Within an organization, which of the following functions should be responsible for defining
    the cloud adoption approach?
    A. IT manager
    B. Compliance manager
    C. Audit committee
    D. Senior management
    Answer: (SHOW ANSWER)

    Valid CCAK Dumps shared by Fast2test.com for Helping Passing CCAK Exam!
    Fast2test.com now offer the newest CCAK exam dumps, the Fast2test.com CCAK
    exam questions have been updated and answers have been corrected get the
    newest Fast2test.com CCAK dumps with Test Engine here:
    https://www.fast2test.com/CCAK-premium-file.html (128 Q&As Dumps, 30%OFF
    Special Discount: freecram)

    You might also like