ExamGecko
Search Search Login
Home Home / Isaca / CCAK

Isaca CCAK Practice Test - Questions Answers, Page 4

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Policies and procedures shall be established, and supporting business processes and technical measures implemented, for maintenance of several items ensuring continuity and availability of operations and support personnel. Which of the following controls BEST matches this control description?
An organization deploying the Cloud Control Matrix (CCM) to perform a compliance assessment will encompass the use of the "Corporate Governance Relevance" feature to filter out those controls:
With regard to the Cloud Control Matrix (CCM), the 'Architectural Relevance' is a feature that enables the filtering of security controls by:
As a developer building codes into a container in a DevSecOps environment, which of the following is the appropriate place(s) to perform security tests?
In which control should a cloud service provider, upon request, inform customers of compliance impact and risk, especially if customer data is used as part of the services?
Which of the following is the MOST important audit scope document when conducting a review of a cloud service provider?
Which of the following is an example of a corrective control?
When establishing cloud governance, an organization should FIRST test by migrating:
In the context of Infrastructure as a Service (IaaS), a vulnerability assessment will scan virtual machines to identify vulnerabilities in:
To ensure that cloud audit resources deliver the best value to the organization, the PRIMARY step would be to:

Question 31

Report
Export
Collapse

As a developer building codes into a container in a DevSecOps environment, which of the following is the appropriate place(s) to perform security tests?

A.
Within developer's laptop
A.
Within developer's laptop
Answers
B.
Within the CI/CD server
B.
Within the CI/CD server
Answers
C.
Within version repositories
C.
Within version repositories
Answers
D.
Within the CI/CD pipeline
D.
Within the CI/CD pipeline
Answers
Suggested answer: D

Question 32

Report
Export
Collapse

In which control should a cloud service provider, upon request, inform customers of compliance impact and risk, especially if customer data is used as part of the services?

A.
Service Provider control
A.
Service Provider control
Answers
B.
Impact and Risk control
B.
Impact and Risk control
Answers
C.
Data Inventory control
C.
Data Inventory control
Answers
D.
Compliance control
D.
Compliance control
Answers
Suggested answer: A

Explanation:

Reference: https://rmas.fad.harvard.edu/cloud-service-providers

Question 33

Report
Export
Collapse

With regard to the Cloud Control Matrix (CCM), the 'Architectural Relevance' is a feature that enables the filtering of security controls by:

A.
relevant architecture frameworks such as the NIST Enterprise Architecture Model, the Federal Enterprise Architecture Framework (FEAF), The Open GroupArchitecture Framework (TOGAF), and the Zachman Framework for Enterprise Architecture.
A.
relevant architecture frameworks such as the NIST Enterprise Architecture Model, the Federal Enterprise Architecture Framework (FEAF), The Open GroupArchitecture Framework (TOGAF), and the Zachman Framework for Enterprise Architecture.
Answers
B.
relevant delivery models such as Software as a Service, Platform as a Service, Infrastructure as a Service.
B.
relevant delivery models such as Software as a Service, Platform as a Service, Infrastructure as a Service.
Answers
C.
relevant architectural paradigms such as Client-Server, Mainframe, Peer-to-Peer, and SmartClient-Backend.
C.
relevant architectural paradigms such as Client-Server, Mainframe, Peer-to-Peer, and SmartClient-Backend.
Answers
D.
relevant architectural components such as Physical, Network, Compute, Storage, Application, and Data.
D.
relevant architectural components such as Physical, Network, Compute, Storage, Application, and Data.
Answers
Suggested answer: D

Explanation:

Reference: https://downloads.cloudsecurityalliance.org/initiatives/ccm/CSA_CCM_v3.0.xlsx

Question 34

Report
Export
Collapse

What should be the control audit frequency for Business Continuity Management?

A.
Quarterly
A.
Quarterly
Answers
B.
Annually
B.
Annually
Answers
C.
Monthly
C.
Monthly
Answers
D.
Semi-annually
D.
Semi-annually
Answers
Suggested answer: B

Explanation:

Reference: https://repository.stcloudstate.edu/cgi/viewcontent.cgi?article=1068&context=msia_etds

Question 35

Report
Export
Collapse

The PRIMARY objective of an audit initiation meeting with a cloud audit client is to:

A.
select the methodology of the audit.
A.
select the methodology of the audit.
Answers
B.
review requested evidence provided by the audit client.
B.
review requested evidence provided by the audit client.
Answers
C.
discuss the scope of the cloud audit.
C.
discuss the scope of the cloud audit.
Answers
D.
identify resource requirements of the cloud audit.
D.
identify resource requirements of the cloud audit.
Answers
Suggested answer: C

Question 36

Report
Export
Collapse

Which of the following key stakeholders should be identified the earliest when an organization is designing a cloud compliance program?

A.
Cloud process owners
A.
Cloud process owners
Answers
B.
Internal control function
B.
Internal control function
Answers
C.
Legal functions
C.
Legal functions
Answers
D.
Cloud strategy owners
D.
Cloud strategy owners
Answers
Suggested answer: A

Question 37

Report
Export
Collapse

Customer management interface, if compromised over public internet, can lead to:

A.
customer's computing and data compromise.
A.
customer's computing and data compromise.
Answers
B.
access to the RAM of neighboring cloud computer.
B.
access to the RAM of neighboring cloud computer.
Answers
C.
ease of acquisition of cloud services.
C.
ease of acquisition of cloud services.
Answers
D.
incomplete wiping of the data.
D.
incomplete wiping of the data.
Answers
Suggested answer: A

Question 38

Report
Export
Collapse

Which of the following is the BEST recommendation to offer an organization's HR department planning to adopt a new public SaaS application to ease the recruiting process?

A.
Ensure HIPAA compliance
A.
Ensure HIPAA compliance
Answers
B.
Implement a cloud access security broker
B.
Implement a cloud access security broker
Answers
C.
Consult the legal department
C.
Consult the legal department
Answers
D.
Do not allow data to be in cleratext
D.
Do not allow data to be in cleratext
Answers
Suggested answer: B

Explanation:

Reference: https://www.mcafee.com/enterprise/en-us/security-awareness/cloud/what-is-a-casb.html

Question 39

Report
Export
Collapse

Within an organization, which of the following functions should be responsible for defining the cloud adoption approach?

A.
Audit committee
A.
Audit committee
Answers
B.
Compliance manager
B.
Compliance manager
Answers
C.
IT manager
C.
IT manager
Answers
D.
Senior management
D.
Senior management
Answers
Suggested answer: D

Explanation:

Reference: https://www.coso.org/documents/cloud-computing-thought-paper.pdf

Question 40

Report
Export
Collapse

An organization is in the initial phases of cloud adoption. It is not very knowledgeable about cloud security and cloud shared responsibility models. Which of the following approaches is BEST suited for such an organization to evaluate its cloud security?

A.
Use of an established standard/regulation to map controls and use as the audit criteria
A.
Use of an established standard/regulation to map controls and use as the audit criteria
Answers
B.
For efficiency reasons, use of its on-premises systems' audit criteria to audit the cloud environment
B.
For efficiency reasons, use of its on-premises systems' audit criteria to audit the cloud environment
Answers
C.
As this is the initial stage, the ISO/IEC 27001 certificate shared by the cloud service provider is sufficient for audit and compliance purposes.
C.
As this is the initial stage, the ISO/IEC 27001 certificate shared by the cloud service provider is sufficient for audit and compliance purposes.
Answers
D.
Development of the cloud security audit criteria based on its own internal audit test plans to ensure appropriate coverage
D.
Development of the cloud security audit criteria based on its own internal audit test plans to ensure appropriate coverage
Answers
Suggested answer: A
Total 170 questions
Go to page: of 17
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms