Isaca CCAK Practice Test - Questions Answers, Page 17

An auditor is reviewing an organization's virtual machines (VMs) hosted in the cloud. The organization utilizes a configuration management (CM) tool to enforce password policies on its VMs. Which of the following is the BEST approach for the auditor to use to review the operating effectiveness of the password requirement?

Which of the following is the MOST important strategy and governance documents to provide to the auditor prior to a cloud service provider review?

What should be the control audit frequency for an organization's business continuity management and operational resilience strategy?

From the perspective of a senior cloud security audit practitioner in an organization with a mature security program and cloud adoption, which of the following statements BEST describes the DevSecOps concept?

Which of the following BEST describes the difference between a Type 1 and a Type 2 SOC report?

Which of the following is a KEY benefit of using the Cloud Controls Matrix (CCM)?

A cloud service customer is looking to subscribe to a finance solution provided by a cloud service provider. The provider has clarified that the audit logs cannot be taken out of the cloud environment by the customer to its security information and event management (SIEM) solution for monitoring purposes. Which of the following should be the GREATEST concern to the auditor?

As Infrastructure as a Service (laaS) cloud service providers often do not allow the cloud service customers to perform on-premise audits, the BEST approach for the auditor should be to:

Which of the following is MOST important to ensure effective cloud application controls are maintained in an organization?