ExamGecko
Login
Home / Isaca / CCAK / List of questions
Ask Question

Isaca CCAK Practice Test - Questions Answers, Page 11

Add to Whishlist

List of questions

Question 101

Report Export Collapse

A large organization with subsidiaries in multiple locations has a business requirement to organize IT systems to have identified resources reside in particular locations with organizational personnel. Which access control method will allow IT personnel to be segregated across the various locations?

Become a Premium Member for full access
  Unlock Premium Member

Question 102

Report Export Collapse

When reviewing a third-party agreement with a cloud service provider, which of the following should be the GREATEST concern regarding customer data privacy?

Become a Premium Member for full access
  Unlock Premium Member

Question 103

Report Export Collapse

The MAIN difference between Cloud Control Matrix (CCM) and Consensus Assessment Initiative Questionnaire (CAIQ) is that:

Become a Premium Member for full access
  Unlock Premium Member

Question 104

Report Export Collapse

Which objective is MOST appropriate to measure the effectiveness of password policy?

Become a Premium Member for full access
  Unlock Premium Member

Question 105

Report Export Collapse

Supply chain agreements between CSP and cloud customers should, at minimum, include:

Become a Premium Member for full access
  Unlock Premium Member

Question 106

Report Export Collapse

Which of the following is an example of financial business impact?

Become a Premium Member for full access
  Unlock Premium Member

Question 107

Report Export Collapse

What should be the auditor's PRIMARY objective while examining a cloud service provider's (CSP's) SLA?

Become a Premium Member for full access
  Unlock Premium Member

Question 108

Report Export Collapse

The MOST critical concept of managing the build and test of code in DevOps is:

Become a Premium Member for full access
  Unlock Premium Member

Question 109

Report Export Collapse

A CSP contracts for a penetration test to be conducted on its infrastructures. The auditor engages the target with no prior knowledge of its defenses, assets, or channels. The CSP's security operation center is not notified in advance of the scope of the audit and the test vectors. Which mode is selected by the CSP?

Become a Premium Member for full access
  Unlock Premium Member

Question 110

Report Export Collapse

Which of the following contract terms is necessary to meet a company's requirement that needs to move data from one CSP to another?

Become a Premium Member for full access
  Unlock Premium Member
Total 195 questions
Go to page: of 20
Open VPLUS File
Convert VPLUS to PDF

Related questions

Policies and procedures shall be established, and supporting business processes and technical measures implemented, for maintenance of several items ensuring continuity and availability of operations and support personnel. Which of the following controls BEST matches this control description?
An organization deploying the Cloud Control Matrix (CCM) to perform a compliance assessment will encompass the use of the "Corporate Governance Relevance" feature to filter out those controls:
With regard to the Cloud Control Matrix (CCM), the 'Architectural Relevance' is a feature that enables the filtering of security controls by:
A certification target helps in the formation of a continuous certification framework by incorporating:
What is below the waterline in the context of cloud operationalization?
To ensure that cloud audit resources deliver the best value to the organization, the PRIMARY step would be to:
Which statement about compliance responsibilities and ownership of accountability is correct?
A Dot Release of Cloud Control Matrix (CCM) indicates what?
When establishing cloud governance, an organization should FIRST test by migrating:
Which of the following would be a logical starting point for an auditor who has been engaged to assess the security of an organization's DevOps pipeline?