ExamGecko
Search Search Login
Home Home / Isaca / CCAK

Isaca CCAK Practice Test - Questions Answers, Page 12

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Policies and procedures shall be established, and supporting business processes and technical measures implemented, for maintenance of several items ensuring continuity and availability of operations and support personnel. Which of the following controls BEST matches this control description?
An organization deploying the Cloud Control Matrix (CCM) to perform a compliance assessment will encompass the use of the "Corporate Governance Relevance" feature to filter out those controls:
With regard to the Cloud Control Matrix (CCM), the 'Architectural Relevance' is a feature that enables the filtering of security controls by:
As a developer building codes into a container in a DevSecOps environment, which of the following is the appropriate place(s) to perform security tests?
In which control should a cloud service provider, upon request, inform customers of compliance impact and risk, especially if customer data is used as part of the services?
Which of the following is the MOST important audit scope document when conducting a review of a cloud service provider?
Which of the following is an example of a corrective control?
When establishing cloud governance, an organization should FIRST test by migrating:
In the context of Infrastructure as a Service (IaaS), a vulnerability assessment will scan virtual machines to identify vulnerabilities in:
To ensure that cloud audit resources deliver the best value to the organization, the PRIMARY step would be to:

Question 111

Report
Export
Collapse

What is the advantage of using dynamic application security testing (DAST) over static application security testing (SAST) methodology?

A.
Unlike SAST, DAST is a blackbox and programming language agnostic.
A.
Unlike SAST, DAST is a blackbox and programming language agnostic.
Answers
B.
DAST can dynamically integrate with most CI/CD tools.
B.
DAST can dynamically integrate with most CI/CD tools.
Answers
C.
DAST delivers more false positives than SAST.
C.
DAST delivers more false positives than SAST.
Answers
D.
DAST is slower but thorough.
D.
DAST is slower but thorough.
Answers
Suggested answer: A

Explanation:

Reference: https://www.synopsys.com/blogs/software-security/sast-vs-dast-difference/

Question 112

Report
Export
Collapse

Which of the following is a cloud-specific security standard?

A.
ISO27017
A.
ISO27017
Answers
B.
ISO27701
B.
ISO27701
Answers
C.
ISO22301
C.
ISO22301
Answers
D.
ISO14001
D.
ISO14001
Answers
Suggested answer: A

Explanation:

Reference:

https://en.wikipedia.org/wiki/ISO/IEC_27017#:~:text=ISO%2FIEC%2027017%20is%20a,the%20risk%20of%20security%20problems

Question 113

Report
Export
Collapse

Cloud Control Matrix (CCM) controls can be used by cloud customers to:

A.
develop new security baselines for the industry.
A.
develop new security baselines for the industry.
Answers
B.
define different control frameworks for different cloud service providers.
B.
define different control frameworks for different cloud service providers.
Answers
C.
facilitate communication with their legal department.
C.
facilitate communication with their legal department.
Answers
D.
build an operational cloud risk management program.
D.
build an operational cloud risk management program.
Answers
Suggested answer: B

Explanation:

Reference: https://cloudsecurityalliance.org/blog/2020/10/16/what-is-the-cloud-controls-matrix-ccm/

Question 114

Report
Export
Collapse

Account design in the cloud should be driven by:

A.
security requirements.
A.
security requirements.
Answers
B.
organizational structure.
B.
organizational structure.
Answers
C.
business continuity policies.
C.
business continuity policies.
Answers
D.
management structure.
D.
management structure.
Answers
Suggested answer: A

Question 115

Report
Export
Collapse

In the context of Infrastructure as a Service (IaaS), a vulnerability assessment will scan virtual machines to identify vulnerabilities in:

A.
both operating system and application infrastructure contained within the CSP's instances.
A.
both operating system and application infrastructure contained within the CSP's instances.
Answers
B.
both operating system and application infrastructure contained within the customer's instances
B.
both operating system and application infrastructure contained within the customer's instances
Answers
C.
only application infrastructure contained within the CSP's instances.
C.
only application infrastructure contained within the CSP's instances.
Answers
D.
only application infrastructure contained within the customer's instances.
D.
only application infrastructure contained within the customer's instances.
Answers
Suggested answer: C

Question 116

Report
Export
Collapse

When using a SaaS solution, who is responsible for application security?

A.
The cloud service provider only
A.
The cloud service provider only
Answers
B.
The cloud service consumer only
B.
The cloud service consumer only
Answers
C.
Both cloud consumer and the enterprise
C.
Both cloud consumer and the enterprise
Answers
D.
Both cloud provider and the consumer
D.
Both cloud provider and the consumer
Answers
Suggested answer: A

Explanation:

Reference: https://www.paloaltonetworks.com/cyberpedia/cloud-security-is-a-sharedresponsibility#:~:text=SaaS%3A%20SaaS%20vendors%20are%20primarily,how%20customers%20use%20the%20applications

Question 117

Report
Export
Collapse

The PRIMARY objective for an auditor to understand the organization's context for a cloud audit is to:

A.
determine whether the organization has carried out control self-assessment and validated audit reports of the cloud service providers (CSP).
A.
determine whether the organization has carried out control self-assessment and validated audit reports of the cloud service providers (CSP).
Answers
B.
validate an understanding of the organization's current state and how the cloud audit plan fits into the existing audit approach.
B.
validate an understanding of the organization's current state and how the cloud audit plan fits into the existing audit approach.
Answers
C.
validate whether an organization has a cloud audit plan in place.
C.
validate whether an organization has a cloud audit plan in place.
Answers
D.
validate the organization's performance effectiveness utilizing cloud service providers (CSP) solutions.
D.
validate the organization's performance effectiveness utilizing cloud service providers (CSP) solutions.
Answers
Suggested answer: B

Question 118

Report
Export
Collapse

A cloud service provider does not allow audits using automated tools as these tools could be considered destructive techniques for the cloud environment. Which of the following aspects of the audit will be constrained?

A.
Purpose
A.
Purpose
Answers
B.
Objectives
B.
Objectives
Answers
C.
Nature of relationship
C.
Nature of relationship
Answers
D.
Scope
D.
Scope
Answers
Suggested answer: B

Explanation:

Reference: https://www.isaca.org/-/media/files/isacadp/project/isaca/articles/journal/2018/volume-5/journal-volume-5-2018

Question 119

Report
Export
Collapse

When establishing cloud governance, an organization should FIRST test by migrating:

A.
all applications at once to the cloud.
A.
all applications at once to the cloud.
Answers
B.
complex applications to the cloud.
B.
complex applications to the cloud.
Answers
C.
legacy applications to the cloud.
C.
legacy applications to the cloud.
Answers
D.
a few applications to the cloud.
D.
a few applications to the cloud.
Answers
Suggested answer: D

Question 120

Report
Export
Collapse

When building a cloud governance model, which of the following requirements will focus more on the cloud service provider's evaluation and control checklist?

A.
Security requirements
A.
Security requirements
Answers
B.
Legal requirements
B.
Legal requirements
Answers
C.
Compliance requirements
C.
Compliance requirements
Answers
D.
Operational requirements
D.
Operational requirements
Answers
Suggested answer: D
Total 170 questions
Go to page: of 17
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms