ExamGecko
Login
Home / Isaca / CCAK / List of questions
Ask Question

Isaca CCAK Practice Test - Questions Answers, Page 3

Add to Whishlist

List of questions

Question 21

Report Export Collapse

Which of the following is the common cause of misconfiguration in a cloud environment?

Absence of effective change control
Absence of effective change control
Using multiple cloud service providers
Using multiple cloud service providers
New cloud computing techniques
New cloud computing techniques
Traditional change process mechanisms
Traditional change process mechanisms
Suggested answer: A
Explanation:

Reference: https://businessinsights.bitdefender.com/the-top-5-cloud-threats-that-smbs-need-to-address

Isaca CCAK image Question 21 explanation 41441 09182024210218000000

asked 18/09/2024
GLAUCIA C N SILVA
48 questions

Question 22

Report Export Collapse

Which of the following controls framework should the cloud customer use to assess the overall security risk of a cloud provider?

SOC3 - Type2
SOC3 - Type2
Cloud Control Matrix (CCM)
Cloud Control Matrix (CCM)
SOC2 - Type1
SOC2 - Type1
SOC1 - Type1
SOC1 - Type1
Suggested answer: C
Explanation:

Reference: https://www.isaca.org/resources/news-and-trends/newsletters/atisaca/2021/volume-22/preventing-the-nextcybersecurity-attack-with-effective-cloud-security-audits

Isaca CCAK image Question 22 explanation 41442 09182024210218000000

asked 18/09/2024
Narmada Balaji
34 questions

Question 23

Report Export Collapse

The BEST method to report continuous assessment of a cloud provider's services to the CSA is through:

a set of dedicated application programming interfaces (APIs).
a set of dedicated application programming interfaces (APIs).
SOC 2 Type 2 attestation.
SOC 2 Type 2 attestation.
CCM assessment by a third-party auditor on a periodic basis.
CCM assessment by a third-party auditor on a periodic basis.
tools selected by the third-party auditor.
tools selected by the third-party auditor.
Suggested answer: C
Explanation:

Reference: https://cloudsecurityalliance.org/press-releases/2019/03/04/csa-launches-star-continuous-complianceassessment-program-for-cloud-service-providers/

asked 18/09/2024
Kaliannan K
41 questions

Question 24

Report Export Collapse

Which of the following is the MOST important audit scope document when conducting a review of a cloud service provider?

Updated audit/work program
Updated audit/work program
Documentation criteria for the audit evidence
Documentation criteria for the audit evidence
Processes and systems to be audited
Processes and systems to be audited
Testing procedure to be performed
Testing procedure to be performed
Suggested answer: B
asked 18/09/2024
Alexander Yakovenko
42 questions

Question 25

Report Export Collapse

Which of the following is a cloud-native solution designed to counter threats that do not exist within the enterprise?

Policy based access control
Policy based access control
Attribute based access control
Attribute based access control
Rule based access control
Rule based access control
Role based access control
Role based access control
Suggested answer: C
asked 18/09/2024
RJ MOTAUNG
48 questions

Question 26

Report Export Collapse

Which of the following is the risk associated with storing data in a cloud that crosses jurisdictions?

Compliance risk
Compliance risk
Provider administration risk
Provider administration risk
Audit risk
Audit risk
Virtualization risk
Virtualization risk
Suggested answer: A
Explanation:

Reference: http://webcache.googleusercontent.com/search?q=cache:9OK2cQSAR3oJ:www.aph.gov.au/DocumentStore.ashx%3Fid%3 D88403640-14b5-4c3e-8dd7-315bb5067ba4 +&cd=1&hl=en&ct=clnk&gl=pk

Isaca CCAK image Question 26 explanation 41446 09182024210218000000

asked 18/09/2024
Kurt Van Rymenant
51 questions

Question 27

Report Export Collapse

Prioritizing assurance activities for an organization's cloud services portfolio depends PRIMARILY on an organization's ability to:

schedule frequent reviews with high-risk cloud service providers.
schedule frequent reviews with high-risk cloud service providers.
develop plans using a standardized risk-based approach.
develop plans using a standardized risk-based approach.
maintain a comprehensive cloud service inventory.
maintain a comprehensive cloud service inventory.
collate views from various business functions using cloud services.
collate views from various business functions using cloud services.
Suggested answer: A
asked 18/09/2024
William Sorensen
46 questions

Question 28

Report Export Collapse

Which of the following has the MOST substantial impact on how aggressive or conservative the cloud approach of an organization will be?

Internal policies and technical standards
Internal policies and technical standards
Risk scoring criteria
Risk scoring criteria
Applicable laws and regulations
Applicable laws and regulations
Risk appetite and budget constraints
Risk appetite and budget constraints
Suggested answer: C
asked 18/09/2024
Selim OZIS
38 questions

Question 29

Report Export Collapse

Policies and procedures shall be established, and supporting business processes and technical measures implemented, for maintenance of several items ensuring continuity and availability of operations and support personnel. Which of the following controls BEST matches this control description?

Operations Maintenance
Operations Maintenance
System Development Maintenance
System Development Maintenance
Equipment Maintenance
Equipment Maintenance
System Maintenance
System Maintenance
Suggested answer: A
Explanation:

Reference: https://www.sapidata.sm/img/cms/CAIQ_v3-1_2020-01-13.pdf (2)

asked 18/09/2024
Marcos Losa Torviso
58 questions

Question 30

Report Export Collapse

Which of the following is the BEST way for a client to enforce a policy violation committed by a cloud service provider (CSP)?

The violation is agreed upon and documented.
The violation is agreed upon and documented.
Nothing can be done to enforce violations as this is a cloud service.
Nothing can be done to enforce violations as this is a cloud service.
The violation is agreed to verbally by the CSP.
The violation is agreed to verbally by the CSP.
Violations will be automatically enforced so no action is needed.
Violations will be automatically enforced so no action is needed.
Suggested answer: A
Explanation:

Reference: https://www.omg.org/cloud/deliverables/CSCC-Security-for-Cloud-Computing-10-Steps-to-Ensure-Success.pdf

asked 18/09/2024
Premier Lane
43 questions
Total 195 questions
Go to page: of 20
Open VPLUS File
Convert VPLUS to PDF

Related questions

Policies and procedures shall be established, and supporting business processes and technical measures implemented, for maintenance of several items ensuring continuity and availability of operations and support personnel. Which of the following controls BEST matches this control description?
An organization deploying the Cloud Control Matrix (CCM) to perform a compliance assessment will encompass the use of the "Corporate Governance Relevance" feature to filter out those controls:
With regard to the Cloud Control Matrix (CCM), the 'Architectural Relevance' is a feature that enables the filtering of security controls by:
A certification target helps in the formation of a continuous certification framework by incorporating:
What is below the waterline in the context of cloud operationalization?
To ensure that cloud audit resources deliver the best value to the organization, the PRIMARY step would be to:
Which statement about compliance responsibilities and ownership of accountability is correct?
A Dot Release of Cloud Control Matrix (CCM) indicates what?
When establishing cloud governance, an organization should FIRST test by migrating:
Which of the following would be a logical starting point for an auditor who has been engaged to assess the security of an organization's DevOps pipeline?