ExamGecko
Login
Home / Isaca / CCAK / List of questions
Ask Question

Isaca CCAK Practice Test - Questions Answers, Page 4

Add to Whishlist

List of questions

Question 31

Report Export Collapse

As a developer building codes into a container in a DevSecOps environment, which of the following is the appropriate place(s) to perform security tests?

Within developer's laptop
Within developer's laptop
Within the CI/CD server
Within the CI/CD server
Within version repositories
Within version repositories
Within the CI/CD pipeline
Within the CI/CD pipeline
Suggested answer: D
asked 18/09/2024
Werner Deysel
41 questions

Question 32

Report Export Collapse

In which control should a cloud service provider, upon request, inform customers of compliance impact and risk, especially if customer data is used as part of the services?

Service Provider control
Service Provider control
Impact and Risk control
Impact and Risk control
Data Inventory control
Data Inventory control
Compliance control
Compliance control
Suggested answer: A
Explanation:

Reference: https://rmas.fad.harvard.edu/cloud-service-providers

asked 18/09/2024
Jordi Nogués
41 questions

Question 33

Report Export Collapse

With regard to the Cloud Control Matrix (CCM), the 'Architectural Relevance' is a feature that enables the filtering of security controls by:

relevant architecture frameworks such as the NIST Enterprise Architecture Model, the Federal Enterprise Architecture Framework (FEAF), The Open GroupArchitecture Framework (TOGAF), and the Zachman Framework for Enterprise Architecture.
relevant architecture frameworks such as the NIST Enterprise Architecture Model, the Federal Enterprise Architecture Framework (FEAF), The Open GroupArchitecture Framework (TOGAF), and the Zachman Framework for Enterprise Architecture.
relevant delivery models such as Software as a Service, Platform as a Service, Infrastructure as a Service.
relevant delivery models such as Software as a Service, Platform as a Service, Infrastructure as a Service.
relevant architectural paradigms such as Client-Server, Mainframe, Peer-to-Peer, and SmartClient-Backend.
relevant architectural paradigms such as Client-Server, Mainframe, Peer-to-Peer, and SmartClient-Backend.
relevant architectural components such as Physical, Network, Compute, Storage, Application, and Data.
relevant architectural components such as Physical, Network, Compute, Storage, Application, and Data.
Suggested answer: D
Explanation:

Reference: https://downloads.cloudsecurityalliance.org/initiatives/ccm/CSA_CCM_v3.0.xlsx

asked 18/09/2024
Jesus Ignacio Morales Vivancos
48 questions

Question 34

Report Export Collapse

What should be the control audit frequency for Business Continuity Management?

Quarterly
Quarterly
Annually
Annually
Monthly
Monthly
Semi-annually
Semi-annually
Suggested answer: B
Explanation:

Reference: https://repository.stcloudstate.edu/cgi/viewcontent.cgi?article=1068&context=msia_etds

asked 18/09/2024
Salvatore Andrisani
49 questions

Question 35

Report Export Collapse

The PRIMARY objective of an audit initiation meeting with a cloud audit client is to:

select the methodology of the audit.
select the methodology of the audit.
review requested evidence provided by the audit client.
review requested evidence provided by the audit client.
discuss the scope of the cloud audit.
discuss the scope of the cloud audit.
identify resource requirements of the cloud audit.
identify resource requirements of the cloud audit.
Suggested answer: C
asked 18/09/2024
Azwihangwisi Ntikane
42 questions

Question 36

Report Export Collapse

Which of the following key stakeholders should be identified the earliest when an organization is designing a cloud compliance program?

Cloud process owners
Cloud process owners
Internal control function
Internal control function
Legal functions
Legal functions
Cloud strategy owners
Cloud strategy owners
Suggested answer: A
asked 18/09/2024
Rio Ordonez
58 questions

Question 37

Report Export Collapse

Customer management interface, if compromised over public internet, can lead to:

customer's computing and data compromise.
customer's computing and data compromise.
access to the RAM of neighboring cloud computer.
access to the RAM of neighboring cloud computer.
ease of acquisition of cloud services.
ease of acquisition of cloud services.
incomplete wiping of the data.
incomplete wiping of the data.
Suggested answer: A
asked 18/09/2024
aakriti grover
60 questions

Question 38

Report Export Collapse

Which of the following is the BEST recommendation to offer an organization's HR department planning to adopt a new public SaaS application to ease the recruiting process?

Ensure HIPAA compliance
Ensure HIPAA compliance
Implement a cloud access security broker
Implement a cloud access security broker
Consult the legal department
Consult the legal department
Do not allow data to be in cleratext
Do not allow data to be in cleratext
Suggested answer: B
Explanation:

Reference: https://www.mcafee.com/enterprise/en-us/security-awareness/cloud/what-is-a-casb.html

asked 18/09/2024
Donnie Roach
32 questions

Question 39

Report Export Collapse

Within an organization, which of the following functions should be responsible for defining the cloud adoption approach?

Become a Premium Member for full access
  Unlock Premium Member

Question 40

Report Export Collapse

An organization is in the initial phases of cloud adoption. It is not very knowledgeable about cloud security and cloud shared responsibility models. Which of the following approaches is BEST suited for such an organization to evaluate its cloud security?

Become a Premium Member for full access
  Unlock Premium Member
Total 195 questions
Go to page: of 20
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Policies and procedures shall be established, and supporting business processes and technical measures implemented, for maintenance of several items ensuring continuity and availability of operations and support personnel. Which of the following controls BEST matches this control description?
An organization deploying the Cloud Control Matrix (CCM) to perform a compliance assessment will encompass the use of the "Corporate Governance Relevance" feature to filter out those controls:
With regard to the Cloud Control Matrix (CCM), the 'Architectural Relevance' is a feature that enables the filtering of security controls by:
A certification target helps in the formation of a continuous certification framework by incorporating:
What is below the waterline in the context of cloud operationalization?
To ensure that cloud audit resources deliver the best value to the organization, the PRIMARY step would be to:
Which statement about compliance responsibilities and ownership of accountability is correct?
A Dot Release of Cloud Control Matrix (CCM) indicates what?
When establishing cloud governance, an organization should FIRST test by migrating:
Which of the following would be a logical starting point for an auditor who has been engaged to assess the security of an organization's DevOps pipeline?