ExamGecko
Search Search Login
Home Home / Isaca / CCAK

Isaca CCAK Practice Test - Questions Answers, Page 11

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Policies and procedures shall be established, and supporting business processes and technical measures implemented, for maintenance of several items ensuring continuity and availability of operations and support personnel. Which of the following controls BEST matches this control description?
An organization deploying the Cloud Control Matrix (CCM) to perform a compliance assessment will encompass the use of the "Corporate Governance Relevance" feature to filter out those controls:
With regard to the Cloud Control Matrix (CCM), the 'Architectural Relevance' is a feature that enables the filtering of security controls by:
As a developer building codes into a container in a DevSecOps environment, which of the following is the appropriate place(s) to perform security tests?
In which control should a cloud service provider, upon request, inform customers of compliance impact and risk, especially if customer data is used as part of the services?
Which of the following is the MOST important audit scope document when conducting a review of a cloud service provider?
Which of the following is an example of a corrective control?
When establishing cloud governance, an organization should FIRST test by migrating:
In the context of Infrastructure as a Service (IaaS), a vulnerability assessment will scan virtual machines to identify vulnerabilities in:
To ensure that cloud audit resources deliver the best value to the organization, the PRIMARY step would be to:

Question 101

Report
Export
Collapse

A large organization with subsidiaries in multiple locations has a business requirement to organize IT systems to have identified resources reside in particular locations with organizational personnel. Which access control method will allow IT personnel to be segregated across the various locations?

A.
Role Based Access Control
A.
Role Based Access Control
Answers
B.
Attribute Based Access Control
B.
Attribute Based Access Control
Answers
C.
Policy Based Access Control
C.
Policy Based Access Control
Answers
D.
Rule Based Access Control
D.
Rule Based Access Control
Answers
Suggested answer: A

Question 102

Report
Export
Collapse

When reviewing a third-party agreement with a cloud service provider, which of the following should be the GREATEST concern regarding customer data privacy?

A.
Data retention, backup, and recovery
A.
Data retention, backup, and recovery
Answers
B.
Patch management process
B.
Patch management process
Answers
C.
Return or destruction of information
C.
Return or destruction of information
Answers
D.
Network intrusion detection
D.
Network intrusion detection
Answers
Suggested answer: A

Explanation:

Reference: https://arxiv.org/pdf/1303.4814.pdf

Question 103

Report
Export
Collapse

The MAIN difference between Cloud Control Matrix (CCM) and Consensus Assessment Initiative Questionnaire (CAIQ) is that:

A.
CCM assesses the presence of controls, whereas CAIQ assesses overall security of a service.
A.
CCM assesses the presence of controls, whereas CAIQ assesses overall security of a service.
Answers
B.
CCM has a set of security questions, whereas CAIQ has a set of security controls.
B.
CCM has a set of security questions, whereas CAIQ has a set of security controls.
Answers
C.
CCM has 14 domains and CAIQ has 16 domains.
C.
CCM has 14 domains and CAIQ has 16 domains.
Answers
D.
CCM provides a controls framework, whereas CAIQ provides industry-accepted ways to document which security controls exist in IaaS, PaaS, and SaaS offerings.
D.
CCM provides a controls framework, whereas CAIQ provides industry-accepted ways to document which security controls exist in IaaS, PaaS, and SaaS offerings.
Answers
Suggested answer: D

Explanation:

Reference: https://sdtimes.com/cloud-security-alliance-unveils-governance-risk-management-and-compliance-grc-stack/

Question 104

Report
Export
Collapse

Which objective is MOST appropriate to measure the effectiveness of password policy?

A.
The number of related incidents increases.
A.
The number of related incidents increases.
Answers
B.
Attempts to log with weak credentials increases.
B.
Attempts to log with weak credentials increases.
Answers
C.
Newly created account credentials satisfy requirements.
C.
Newly created account credentials satisfy requirements.
Answers
D.
The number of related incidents decreases.
D.
The number of related incidents decreases.
Answers
Suggested answer: D

Question 105

Report
Export
Collapse

Supply chain agreements between CSP and cloud customers should, at minimum, include:

A.
Organization chart of the CSP
A.
Organization chart of the CSP
Answers
B.
Policies and procedures of the cloud customer
B.
Policies and procedures of the cloud customer
Answers
C.
Audits, assessments and independent verification of compliance certifications with agreement terms
C.
Audits, assessments and independent verification of compliance certifications with agreement terms
Answers
D.
Regulatory guidelines impacting the cloud customer
D.
Regulatory guidelines impacting the cloud customer
Answers
Suggested answer: C

Explanation:

Reference: https://searchitchannel.techtarget.com/definition/cloud-service-provider-cloud-provider

Question 106

Report
Export
Collapse

Which of the following is an example of financial business impact?

A.
A hacker using a stolen administrator identity brings down the SaaS sales and marketing systems, resulting in the inability to process customer orders or manage customer relationships.
A.
A hacker using a stolen administrator identity brings down the SaaS sales and marketing systems, resulting in the inability to process customer orders or manage customer relationships.
Answers
B.
While the breach was reported in a timely manner to the CEO, the CFO and CISO blamed each other in public, resulting in a loss of public confidence that led the board to replace all three.
B.
While the breach was reported in a timely manner to the CEO, the CFO and CISO blamed each other in public, resulting in a loss of public confidence that led the board to replace all three.
Answers
C.
A DDoS attack renders the customer's cloud inaccessible for 24 hours resulting in millions in lost sales.
C.
A DDoS attack renders the customer's cloud inaccessible for 24 hours resulting in millions in lost sales.
Answers
D.
The cloud provider fails to report a breach of customer personal data from an unsecured server, resulting in GDPR fines of 10 million euro.
D.
The cloud provider fails to report a breach of customer personal data from an unsecured server, resulting in GDPR fines of 10 million euro.
Answers
Suggested answer: C

Question 107

Report
Export
Collapse

What should be the auditor's PRIMARY objective while examining a cloud service provider's (CSP's) SLA?

A.
Verifying whether commensurate compensation in the form of service credits is factored in if the CSC is unable to match its SLA obligations
A.
Verifying whether commensurate compensation in the form of service credits is factored in if the CSC is unable to match its SLA obligations
Answers
B.
Verifying whether the SLA includes all the operational matters which are material to the operation of the service
B.
Verifying whether the SLA includes all the operational matters which are material to the operation of the service
Answers
C.
Verifying whether the SLA caters to the availability requirements of the cloud service customer (CSC)
C.
Verifying whether the SLA caters to the availability requirements of the cloud service customer (CSC)
Answers
D.
Verifying whether the SLAs are well-defined and measurable
D.
Verifying whether the SLAs are well-defined and measurable
Answers
Suggested answer: C

Question 108

Report
Export
Collapse

The MOST critical concept of managing the build and test of code in DevOps is:

A.
continuous build.
A.
continuous build.
Answers
B.
continuous delivery.
B.
continuous delivery.
Answers
C.
continuous deployment.
C.
continuous deployment.
Answers
D.
continuous integration.
D.
continuous integration.
Answers
Suggested answer: B

Explanation:

Reference: https://smartbear.com/blog/devops-testing-strategy-best-practices-tools/

Question 109

Report
Export
Collapse

A CSP contracts for a penetration test to be conducted on its infrastructures. The auditor engages the target with no prior knowledge of its defenses, assets, or channels. The CSP's security operation center is not notified in advance of the scope of the audit and the test vectors. Which mode is selected by the CSP?

A.
Double gray box
A.
Double gray box
Answers
B.
Tandem
B.
Tandem
Answers
C.
Reversal
C.
Reversal
Answers
D.
Double blind
D.
Double blind
Answers
Suggested answer: D

Explanation:

Reference: https://business-iq.net/articles/4327-EN-these-are-the-different-types-of-penetration-testing

Question 110

Report
Export
Collapse

Which of the following contract terms is necessary to meet a company's requirement that needs to move data from one CSP to another?

A.
Drag and Drop
A.
Drag and Drop
Answers
B.
Lift and shift
B.
Lift and shift
Answers
C.
Flexibility to move
C.
Flexibility to move
Answers
D.
Transition and data portability
D.
Transition and data portability
Answers
Suggested answer: D

Explanation:

Reference: https://www.isaca.org/resources/isaca-journal/past-issues/2014/data-owners-responsibilities-when-migrating-tothe-cloud

Total 170 questions
Go to page: of 17
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms