ExamGecko
Login
Home / Isaca / CCAK / List of questions
Ask Question

Isaca CCAK Practice Test - Questions Answers, Page 5

List of questions

Question 41

Report Export Collapse

What areas should be reviewed when auditing a public cloud?

Patching, source code reviews, hypervisor, access controls
Patching, source code reviews, hypervisor, access controls
Identity and access management, data protection
Identity and access management, data protection
Patching, configuration, hypervisor, backups
Patching, configuration, hypervisor, backups
Vulnerability management, cyber security reviews, patching
Vulnerability management, cyber security reviews, patching
Suggested answer: B
asked 18/09/2024
Elizabeth Holland
44 questions

Question 42

Report Export Collapse

A Dot Release of Cloud Control Matrix (CCM) indicates what?

The introduction of new control frameworks mapped to previously-published CCM controls.
The introduction of new control frameworks mapped to previously-published CCM controls.
A revision of the CCM domain structure.
A revision of the CCM domain structure.
A technical change (revision or addition or deletion) of a number of controls is smaller than 10% compared to the previous "Full" release.
A technical change (revision or addition or deletion) of a number of controls is smaller than 10% compared to the previous "Full" release.
A technical change (revision or addition or deletion) of a number of controls is greater than 10% compared to the previous "Full" release.
A technical change (revision or addition or deletion) of a number of controls is greater than 10% compared to the previous "Full" release.
Suggested answer: A
asked 18/09/2024
Grzegorz GÅ‚ogowski
37 questions

Question 43

Report Export Collapse

What aspect of SaaS functionality and operations would the cloud customer be responsible for and should be audited?

Access controls
Access controls
Vulnerability management
Vulnerability management
Source code reviews
Source code reviews
Patching
Patching
Suggested answer: A
Explanation:

Reference: https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=919233

Isaca CCAK image Question 43 explanation 41463 09182024210218000000

asked 18/09/2024
Peter Sundstrom
35 questions

Question 44

Report Export Collapse

To support customer's verification of the CSP claims regarding their responsibilities according to the shared responsibility model, which of the following tools and techniques is appropriate?

Contractual agreement
Contractual agreement
Internal audit
Internal audit
External audit
External audit
Security assessment
Security assessment
Suggested answer: D
asked 18/09/2024
David Murinda
47 questions

Question 45

Report Export Collapse

Changes to which of the following will MOST likely influence the expansion or reduction of controls required to remediate the risk arising from changes to an organization's SaaS vendor?

Risk exceptions policy
Risk exceptions policy
Contractual requirements
Contractual requirements
Risk appetite
Risk appetite
Board oversight
Board oversight
Suggested answer: C
Explanation:

Reference: https://assets.kpmg/content/dam/kpmg/ch/pdf/key-risks-internal-audit-2018.pdf

asked 18/09/2024
Aaron Whitlow
37 questions

Question 46

Report Export Collapse

The Cloud Octagon Model was developed to support organizations:

risk assessment methodology.
risk assessment methodology.
risk treatment methodology.
risk treatment methodology.
incident response methodology.
incident response methodology.
incident detection methodology.
incident detection methodology.
Suggested answer: A
asked 18/09/2024
Venkataramanan R
42 questions

Question 47

Report Export Collapse

To ensure that integration of security testing is implemented on large code sets in environments where time to completion is critical, what form of validation should an auditor expect?

Parallel testing
Parallel testing
Full application stack unit testing
Full application stack unit testing
Regression testing
Regression testing
Functional verification
Functional verification
Suggested answer: B
Explanation:

Reference: https://www.sciencedirect.com/topics/computer-science/black-box-testing

asked 18/09/2024
Laxman Paudel
26 questions

Question 48

Report Export Collapse

When performing audits in relation to Business Continuity Management and Operational Resilience strategy, what would be the MOST critical aspect to audit in relation to the strategy of the cloud customer that should be formulated jointly with the cloud service provider?

Validate if the strategy covers unavailability of all components required to operate the business-as-usual or in disrupted mode, in parts or total- when impacted by a disruption.
Validate if the strategy covers unavailability of all components required to operate the business-as-usual or in disrupted mode, in parts or total- when impacted by a disruption.
Validate if the strategy covers all aspects of Business Continuity and Resilience planning, taking inputs from the assessed impact and risks, to consider activities for before, during, and after a disruption.
Validate if the strategy covers all aspects of Business Continuity and Resilience planning, taking inputs from the assessed impact and risks, to consider activities for before, during, and after a disruption.
Validate if the strategy covers all activities required to continue and recover prioritized activities within identified time frames and agreed capacity, aligned to the risk appetite of the organization including the invocation of continuity plans and crisis management capabilities.
Validate if the strategy covers all activities required to continue and recover prioritized activities within identified time frames and agreed capacity, aligned to the risk appetite of the organization including the invocation of continuity plans and crisis management capabilities.
Validate if the strategy is developed by both cloud service providers and cloud service consumers within the acceptable limits of their risk appetite.
Validate if the strategy is developed by both cloud service providers and cloud service consumers within the acceptable limits of their risk appetite.
Suggested answer: B
asked 18/09/2024
Jahcorey Howze
40 questions

Question 49

Report Export Collapse

Which of the following standards is designed to be used by organizations for cloud services that intend to select controls within the process of implementing an

Information Security Management System based on ISO/IEC 27001?

ISO/IEC 27017:2015
ISO/IEC 27017:2015
CSA Cloud Control Matrix (CCM)
CSA Cloud Control Matrix (CCM)
NIST SP 800-146
NIST SP 800-146
ISO/IEC 27002
ISO/IEC 27002
Suggested answer: D
Explanation:

Reference: https://cyber.gc.ca/en/guidance/guidance-cloud-security-assessment-and-authorization-itsp50105

asked 18/09/2024
Amirouche Rahani
50 questions

Question 50

Report Export Collapse

Which of the following aspects of risk management involves identifying the potential reputational harm and/or financial harm when an incident occurs?

Mitigations
Mitigations
Residual risk
Residual risk
Likelihood
Likelihood
Impact Analysis
Impact Analysis
Suggested answer: D
Explanation:

Reference: https://compliancecosmos.org/chapter-5-step-three-determining-impact-occurrence

Isaca CCAK image Question 50 explanation 41470 09182024210218000000

asked 18/09/2024
walterio mendez
33 questions
Total 195 questions
Go to page: of 20
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Policies and procedures shall be established, and supporting business processes and technical measures implemented, for maintenance of several items ensuring continuity and availability of operations and support personnel. Which of the following controls BEST matches this control description?
An organization deploying the Cloud Control Matrix (CCM) to perform a compliance assessment will encompass the use of the "Corporate Governance Relevance" feature to filter out those controls:
With regard to the Cloud Control Matrix (CCM), the 'Architectural Relevance' is a feature that enables the filtering of security controls by:
A certification target helps in the formation of a continuous certification framework by incorporating:
What is below the waterline in the context of cloud operationalization?
To ensure that cloud audit resources deliver the best value to the organization, the PRIMARY step would be to:
Which statement about compliance responsibilities and ownership of accountability is correct?
A Dot Release of Cloud Control Matrix (CCM) indicates what?
When establishing cloud governance, an organization should FIRST test by migrating:
Which of the following would be a logical starting point for an auditor who has been engaged to assess the security of an organization's DevOps pipeline?