ExamGecko
Search Search Login
Home Home / Isaca / CCAK

Isaca CCAK Practice Test - Questions Answers, Page 5

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Policies and procedures shall be established, and supporting business processes and technical measures implemented, for maintenance of several items ensuring continuity and availability of operations and support personnel. Which of the following controls BEST matches this control description?
An organization deploying the Cloud Control Matrix (CCM) to perform a compliance assessment will encompass the use of the "Corporate Governance Relevance" feature to filter out those controls:
With regard to the Cloud Control Matrix (CCM), the 'Architectural Relevance' is a feature that enables the filtering of security controls by:
As a developer building codes into a container in a DevSecOps environment, which of the following is the appropriate place(s) to perform security tests?
In which control should a cloud service provider, upon request, inform customers of compliance impact and risk, especially if customer data is used as part of the services?
Which of the following is the MOST important audit scope document when conducting a review of a cloud service provider?
Which of the following is an example of a corrective control?
When establishing cloud governance, an organization should FIRST test by migrating:
In the context of Infrastructure as a Service (IaaS), a vulnerability assessment will scan virtual machines to identify vulnerabilities in:
To ensure that cloud audit resources deliver the best value to the organization, the PRIMARY step would be to:

Question 41

Report
Export
Collapse

What areas should be reviewed when auditing a public cloud?

A.
Patching, source code reviews, hypervisor, access controls
A.
Patching, source code reviews, hypervisor, access controls
Answers
B.
Identity and access management, data protection
B.
Identity and access management, data protection
Answers
C.
Patching, configuration, hypervisor, backups
C.
Patching, configuration, hypervisor, backups
Answers
D.
Vulnerability management, cyber security reviews, patching
D.
Vulnerability management, cyber security reviews, patching
Answers
Suggested answer: B

Question 42

Report
Export
Collapse

A Dot Release of Cloud Control Matrix (CCM) indicates what?

A.
The introduction of new control frameworks mapped to previously-published CCM controls.
A.
The introduction of new control frameworks mapped to previously-published CCM controls.
Answers
B.
A revision of the CCM domain structure.
B.
A revision of the CCM domain structure.
Answers
C.
A technical change (revision or addition or deletion) of a number of controls is smaller than 10% compared to the previous "Full" release.
C.
A technical change (revision or addition or deletion) of a number of controls is smaller than 10% compared to the previous "Full" release.
Answers
D.
A technical change (revision or addition or deletion) of a number of controls is greater than 10% compared to the previous "Full" release.
D.
A technical change (revision or addition or deletion) of a number of controls is greater than 10% compared to the previous "Full" release.
Answers
Suggested answer: A

Question 43

Report
Export
Collapse

What aspect of SaaS functionality and operations would the cloud customer be responsible for and should be audited?

A.
Access controls
A.
Access controls
Answers
B.
Vulnerability management
B.
Vulnerability management
Answers
C.
Source code reviews
C.
Source code reviews
Answers
D.
Patching
D.
Patching
Answers
Suggested answer: A

Explanation:

Reference: https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=919233

Question 44

Report
Export
Collapse

To support customer's verification of the CSP claims regarding their responsibilities according to the shared responsibility model, which of the following tools and techniques is appropriate?

A.
Contractual agreement
A.
Contractual agreement
Answers
B.
Internal audit
B.
Internal audit
Answers
C.
External audit
C.
External audit
Answers
D.
Security assessment
D.
Security assessment
Answers
Suggested answer: D

Question 45

Report
Export
Collapse

Changes to which of the following will MOST likely influence the expansion or reduction of controls required to remediate the risk arising from changes to an organization's SaaS vendor?

A.
Risk exceptions policy
A.
Risk exceptions policy
Answers
B.
Contractual requirements
B.
Contractual requirements
Answers
C.
Risk appetite
C.
Risk appetite
Answers
D.
Board oversight
D.
Board oversight
Answers
Suggested answer: C

Explanation:

Reference: https://assets.kpmg/content/dam/kpmg/ch/pdf/key-risks-internal-audit-2018.pdf

Question 46

Report
Export
Collapse

The Cloud Octagon Model was developed to support organizations:

A.
risk assessment methodology.
A.
risk assessment methodology.
Answers
B.
risk treatment methodology.
B.
risk treatment methodology.
Answers
C.
incident response methodology.
C.
incident response methodology.
Answers
D.
incident detection methodology.
D.
incident detection methodology.
Answers
Suggested answer: A

Question 47

Report
Export
Collapse

To ensure that integration of security testing is implemented on large code sets in environments where time to completion is critical, what form of validation should an auditor expect?

A.
Parallel testing
A.
Parallel testing
Answers
B.
Full application stack unit testing
B.
Full application stack unit testing
Answers
C.
Regression testing
C.
Regression testing
Answers
D.
Functional verification
D.
Functional verification
Answers
Suggested answer: B

Explanation:

Reference: https://www.sciencedirect.com/topics/computer-science/black-box-testing

Question 48

Report
Export
Collapse

When performing audits in relation to Business Continuity Management and Operational Resilience strategy, what would be the MOST critical aspect to audit in relation to the strategy of the cloud customer that should be formulated jointly with the cloud service provider?

A.
Validate if the strategy covers unavailability of all components required to operate the business-as-usual or in disrupted mode, in parts or total- when impacted by a disruption.
A.
Validate if the strategy covers unavailability of all components required to operate the business-as-usual or in disrupted mode, in parts or total- when impacted by a disruption.
Answers
B.
Validate if the strategy covers all aspects of Business Continuity and Resilience planning, taking inputs from the assessed impact and risks, to consider activities for before, during, and after a disruption.
B.
Validate if the strategy covers all aspects of Business Continuity and Resilience planning, taking inputs from the assessed impact and risks, to consider activities for before, during, and after a disruption.
Answers
C.
Validate if the strategy covers all activities required to continue and recover prioritized activities within identified time frames and agreed capacity, aligned to the risk appetite of the organization including the invocation of continuity plans and crisis management capabilities.
C.
Validate if the strategy covers all activities required to continue and recover prioritized activities within identified time frames and agreed capacity, aligned to the risk appetite of the organization including the invocation of continuity plans and crisis management capabilities.
Answers
D.
Validate if the strategy is developed by both cloud service providers and cloud service consumers within the acceptable limits of their risk appetite.
D.
Validate if the strategy is developed by both cloud service providers and cloud service consumers within the acceptable limits of their risk appetite.
Answers
Suggested answer: B

Question 49

Report
Export
Collapse

Which of the following standards is designed to be used by organizations for cloud services that intend to select controls within the process of implementing an

Information Security Management System based on ISO/IEC 27001?

A.
ISO/IEC 27017:2015
A.
ISO/IEC 27017:2015
Answers
B.
CSA Cloud Control Matrix (CCM)
B.
CSA Cloud Control Matrix (CCM)
Answers
C.
NIST SP 800-146
C.
NIST SP 800-146
Answers
D.
ISO/IEC 27002
D.
ISO/IEC 27002
Answers
Suggested answer: D

Explanation:

Reference: https://cyber.gc.ca/en/guidance/guidance-cloud-security-assessment-and-authorization-itsp50105

Question 50

Report
Export
Collapse

Which of the following aspects of risk management involves identifying the potential reputational harm and/or financial harm when an incident occurs?

A.
Mitigations
A.
Mitigations
Answers
B.
Residual risk
B.
Residual risk
Answers
C.
Likelihood
C.
Likelihood
Answers
D.
Impact Analysis
D.
Impact Analysis
Answers
Suggested answer: D

Explanation:

Reference: https://compliancecosmos.org/chapter-5-step-three-determining-impact-occurrence

Total 170 questions
Go to page: of 17
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms