ExamGecko
Search Search Login
Home Home / Isaca / CCAK

Isaca CCAK Practice Test - Questions Answers, Page 3

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Policies and procedures shall be established, and supporting business processes and technical measures implemented, for maintenance of several items ensuring continuity and availability of operations and support personnel. Which of the following controls BEST matches this control description?
An organization deploying the Cloud Control Matrix (CCM) to perform a compliance assessment will encompass the use of the "Corporate Governance Relevance" feature to filter out those controls:
With regard to the Cloud Control Matrix (CCM), the 'Architectural Relevance' is a feature that enables the filtering of security controls by:
As a developer building codes into a container in a DevSecOps environment, which of the following is the appropriate place(s) to perform security tests?
In which control should a cloud service provider, upon request, inform customers of compliance impact and risk, especially if customer data is used as part of the services?
Which of the following is the MOST important audit scope document when conducting a review of a cloud service provider?
Which of the following is an example of a corrective control?
When establishing cloud governance, an organization should FIRST test by migrating:
In the context of Infrastructure as a Service (IaaS), a vulnerability assessment will scan virtual machines to identify vulnerabilities in:
To ensure that cloud audit resources deliver the best value to the organization, the PRIMARY step would be to:

Question 21

Report
Export
Collapse

Which of the following is the common cause of misconfiguration in a cloud environment?

A.
Absence of effective change control
A.
Absence of effective change control
Answers
B.
Using multiple cloud service providers
B.
Using multiple cloud service providers
Answers
C.
New cloud computing techniques
C.
New cloud computing techniques
Answers
D.
Traditional change process mechanisms
D.
Traditional change process mechanisms
Answers
Suggested answer: A

Explanation:

Reference: https://businessinsights.bitdefender.com/the-top-5-cloud-threats-that-smbs-need-to-address

Question 22

Report
Export
Collapse

Which of the following controls framework should the cloud customer use to assess the overall security risk of a cloud provider?

A.
SOC3 - Type2
A.
SOC3 - Type2
Answers
B.
Cloud Control Matrix (CCM)
B.
Cloud Control Matrix (CCM)
Answers
C.
SOC2 - Type1
C.
SOC2 - Type1
Answers
D.
SOC1 - Type1
D.
SOC1 - Type1
Answers
Suggested answer: C

Explanation:

Reference: https://www.isaca.org/resources/news-and-trends/newsletters/atisaca/2021/volume-22/preventing-the-nextcybersecurity-attack-with-effective-cloud-security-audits

Question 23

Report
Export
Collapse

The BEST method to report continuous assessment of a cloud provider's services to the CSA is through:

A.
a set of dedicated application programming interfaces (APIs).
A.
a set of dedicated application programming interfaces (APIs).
Answers
B.
SOC 2 Type 2 attestation.
B.
SOC 2 Type 2 attestation.
Answers
C.
CCM assessment by a third-party auditor on a periodic basis.
C.
CCM assessment by a third-party auditor on a periodic basis.
Answers
D.
tools selected by the third-party auditor.
D.
tools selected by the third-party auditor.
Answers
Suggested answer: C

Explanation:

Reference: https://cloudsecurityalliance.org/press-releases/2019/03/04/csa-launches-star-continuous-complianceassessment-program-for-cloud-service-providers/

Question 24

Report
Export
Collapse

Which of the following is the MOST important audit scope document when conducting a review of a cloud service provider?

A.
Updated audit/work program
A.
Updated audit/work program
Answers
B.
Documentation criteria for the audit evidence
B.
Documentation criteria for the audit evidence
Answers
C.
Processes and systems to be audited
C.
Processes and systems to be audited
Answers
D.
Testing procedure to be performed
D.
Testing procedure to be performed
Answers
Suggested answer: B

Question 25

Report
Export
Collapse

Which of the following is a cloud-native solution designed to counter threats that do not exist within the enterprise?

A.
Policy based access control
A.
Policy based access control
Answers
B.
Attribute based access control
B.
Attribute based access control
Answers
C.
Rule based access control
C.
Rule based access control
Answers
D.
Role based access control
D.
Role based access control
Answers
Suggested answer: C

Question 26

Report
Export
Collapse

Which of the following is the risk associated with storing data in a cloud that crosses jurisdictions?

A.
Compliance risk
A.
Compliance risk
Answers
B.
Provider administration risk
B.
Provider administration risk
Answers
C.
Audit risk
C.
Audit risk
Answers
D.
Virtualization risk
D.
Virtualization risk
Answers
Suggested answer: A

Explanation:

Reference: http://webcache.googleusercontent.com/search?q=cache:9OK2cQSAR3oJ:www.aph.gov.au/DocumentStore.ashx%3Fid%3 D88403640-14b5-4c3e-8dd7-315bb5067ba4 +&cd=1&hl=en&ct=clnk&gl=pk

Question 27

Report
Export
Collapse

Prioritizing assurance activities for an organization's cloud services portfolio depends PRIMARILY on an organization's ability to:

A.
schedule frequent reviews with high-risk cloud service providers.
A.
schedule frequent reviews with high-risk cloud service providers.
Answers
B.
develop plans using a standardized risk-based approach.
B.
develop plans using a standardized risk-based approach.
Answers
C.
maintain a comprehensive cloud service inventory.
C.
maintain a comprehensive cloud service inventory.
Answers
D.
collate views from various business functions using cloud services.
D.
collate views from various business functions using cloud services.
Answers
Suggested answer: A

Question 28

Report
Export
Collapse

Which of the following has the MOST substantial impact on how aggressive or conservative the cloud approach of an organization will be?

A.
Internal policies and technical standards
A.
Internal policies and technical standards
Answers
B.
Risk scoring criteria
B.
Risk scoring criteria
Answers
C.
Applicable laws and regulations
C.
Applicable laws and regulations
Answers
D.
Risk appetite and budget constraints
D.
Risk appetite and budget constraints
Answers
Suggested answer: C

Question 29

Report
Export
Collapse

Policies and procedures shall be established, and supporting business processes and technical measures implemented, for maintenance of several items ensuring continuity and availability of operations and support personnel. Which of the following controls BEST matches this control description?

A.
Operations Maintenance
A.
Operations Maintenance
Answers
B.
System Development Maintenance
B.
System Development Maintenance
Answers
C.
Equipment Maintenance
C.
Equipment Maintenance
Answers
D.
System Maintenance
D.
System Maintenance
Answers
Suggested answer: A

Explanation:

Reference: https://www.sapidata.sm/img/cms/CAIQ_v3-1_2020-01-13.pdf (2)

Question 30

Report
Export
Collapse

Which of the following is the BEST way for a client to enforce a policy violation committed by a cloud service provider (CSP)?

A.
The violation is agreed upon and documented.
A.
The violation is agreed upon and documented.
Answers
B.
Nothing can be done to enforce violations as this is a cloud service.
B.
Nothing can be done to enforce violations as this is a cloud service.
Answers
C.
The violation is agreed to verbally by the CSP.
C.
The violation is agreed to verbally by the CSP.
Answers
D.
Violations will be automatically enforced so no action is needed.
D.
Violations will be automatically enforced so no action is needed.
Answers
Suggested answer: A

Explanation:

Reference: https://www.omg.org/cloud/deliverables/CSCC-Security-for-Cloud-Computing-10-Steps-to-Ensure-Success.pdf

Total 170 questions
Go to page: of 17
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms