Isaca CCAK Practice Test - Questions Answers, Page 6

To identify key actors and requirements, which of the following MUST be considered when designing a cloud compliance program?

Which of the following data destruction methods is the MOST effective and efficient?

Which of the following is MOST important to consider when developing an effective threat model during the introduction of a new SaaS service into a customer organization's architecture? The threat model:

Your company is purchasing an application from a vendor. They do not allow you to perform an on-site audit on their information system. However, they say, they will provide the third-party audit attestation on the adequate control design within their environment. Which report is the vendor providing you?

Since CCM allows cloud customers to build a detailed list of requirements and controls to be implemented by the CSP as part of their overall third-party risk management and procurement program, will CCM alone be enough to define all the items to be considered when operating/using cloud services?

Which of the following cloud models prohibits penetration testing?

Which statement about compliance responsibilities and ownership of accountability is correct?

Which of the following attestation allows for immediate adoption of the Cloud Control Matrix (CCM) as additional criteria to AICPA Trust Service Criteria and provides the flexibility to update the criteria as technology and market requirements change?

Which of the following approaches encompasses social engineering of staff, bypassing of physical access controls and penetration testing?