ExamGecko
Search Search Login
Home Home / Isaca / CCAK

Isaca CCAK Practice Test - Questions Answers, Page 6

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Policies and procedures shall be established, and supporting business processes and technical measures implemented, for maintenance of several items ensuring continuity and availability of operations and support personnel. Which of the following controls BEST matches this control description?
An organization deploying the Cloud Control Matrix (CCM) to perform a compliance assessment will encompass the use of the "Corporate Governance Relevance" feature to filter out those controls:
With regard to the Cloud Control Matrix (CCM), the 'Architectural Relevance' is a feature that enables the filtering of security controls by:
As a developer building codes into a container in a DevSecOps environment, which of the following is the appropriate place(s) to perform security tests?
In which control should a cloud service provider, upon request, inform customers of compliance impact and risk, especially if customer data is used as part of the services?
Which of the following is the MOST important audit scope document when conducting a review of a cloud service provider?
Which of the following is an example of a corrective control?
When establishing cloud governance, an organization should FIRST test by migrating:
In the context of Infrastructure as a Service (IaaS), a vulnerability assessment will scan virtual machines to identify vulnerabilities in:
To ensure that cloud audit resources deliver the best value to the organization, the PRIMARY step would be to:

Question 51

Report
Export
Collapse

You have been assigned the implementation of an ISMS, whose scope must cover both on premise and cloud infrastructure.

Which of the following is your BEST option?

A.
Implement ISO/IEC 27002 and complement it with additional controls from the CCM.
A.
Implement ISO/IEC 27002 and complement it with additional controls from the CCM.
Answers
B.
Implement ISO/IEC 27001 and complement it with additional controls from ISO/IEC 27017.
B.
Implement ISO/IEC 27001 and complement it with additional controls from ISO/IEC 27017.
Answers
C.
Implement ISO/IEC 27001 and complement it with additional controls from ISO/IEC 27002.
C.
Implement ISO/IEC 27001 and complement it with additional controls from ISO/IEC 27002.
Answers
D.
Implement ISO/IEC 27001 and complement it with additional controls from the NIST SP 800-145.
D.
Implement ISO/IEC 27001 and complement it with additional controls from the NIST SP 800-145.
Answers
Suggested answer: B

Question 52

Report
Export
Collapse

To identify key actors and requirements, which of the following MUST be considered when designing a cloud compliance program?

A.
Cloud service provider, internal and external audit perspectives
A.
Cloud service provider, internal and external audit perspectives
Answers
B.
Business/organizational, governance, cloud and risk perspectives
B.
Business/organizational, governance, cloud and risk perspectives
Answers
C.
Enterprise risk management, data protection, privacy and legal perspectives
C.
Enterprise risk management, data protection, privacy and legal perspectives
Answers
D.
Key stakeholders, enterprise risk management, and Internal audit perspectives
D.
Key stakeholders, enterprise risk management, and Internal audit perspectives
Answers
Suggested answer: B

Question 53

Report
Export
Collapse

Which of the following data destruction methods is the MOST effective and efficient?

A.
Crypto-shredding
A.
Crypto-shredding
Answers
B.
Degaussing
B.
Degaussing
Answers
C.
Multi-pass wipes
C.
Multi-pass wipes
Answers
D.
Physical destruction
D.
Physical destruction
Answers
Suggested answer: B

Explanation:

Reference: https://man.fas.org/dod-101/sys/ship/weaps/degaussing.htm

Question 54

Report
Export
Collapse

Which of the following is MOST important to consider when developing an effective threat model during the introduction of a new SaaS service into a customer organization's architecture? The threat model:

A.
recognizes the shared responsibility for risk management between the customer and the CSP.
A.
recognizes the shared responsibility for risk management between the customer and the CSP.
Answers
B.
leverages SaaS threat models developed by peer organizations.
B.
leverages SaaS threat models developed by peer organizations.
Answers
C.
is developed by an independent third-party with expertise in the organization's industry sector.
C.
is developed by an independent third-party with expertise in the organization's industry sector.
Answers
D.
considers the loss of visibility and control from transitioning to the cloud.
D.
considers the loss of visibility and control from transitioning to the cloud.
Answers
Suggested answer: A

Question 55

Report
Export
Collapse

Your company is purchasing an application from a vendor. They do not allow you to perform an on-site audit on their information system. However, they say, they will provide the third-party audit attestation on the adequate control design within their environment. Which report is the vendor providing you?

A.
SOC 3
A.
SOC 3
Answers
B.
SOC 2, TYPE 2
B.
SOC 2, TYPE 2
Answers
C.
SOC 1
C.
SOC 1
Answers
D.
SOC 2, TYPE 1
D.
SOC 2, TYPE 1
Answers
Suggested answer: B

Explanation:

Reference: https://www.isaca.org/resources/isaca-journal/issues/2019/volume-6/soc-reports-for-cloud-security-and-privacy

Question 56

Report
Export
Collapse

Since CCM allows cloud customers to build a detailed list of requirements and controls to be implemented by the CSP as part of their overall third-party risk management and procurement program, will CCM alone be enough to define all the items to be considered when operating/using cloud services?

A.
No. CCM must be completed with definitions established by the CSP because of its relevance to service continuity.
A.
No. CCM must be completed with definitions established by the CSP because of its relevance to service continuity.
Answers
B.
Yes. CCM suffices since it maps a huge library of widely accepted frameworks.
B.
Yes. CCM suffices since it maps a huge library of widely accepted frameworks.
Answers
C.
Yes. When implemented in the right manner, CCM alone can help to measure, assess and monitor the risk associated with a CSP or a particular service.
C.
Yes. When implemented in the right manner, CCM alone can help to measure, assess and monitor the risk associated with a CSP or a particular service.
Answers
D.
No. CCM can serve as a foundation for a cloud assessment program, but it needs to be completed with requirements applicable to each company.
D.
No. CCM can serve as a foundation for a cloud assessment program, but it needs to be completed with requirements applicable to each company.
Answers
Suggested answer: C

Question 57

Report
Export
Collapse

Which of the following cloud models prohibits penetration testing?

A.
Hybrid Cloud
A.
Hybrid Cloud
Answers
B.
Private Cloud
B.
Private Cloud
Answers
C.
Public Cloud
C.
Public Cloud
Answers
D.
Community Cloud
D.
Community Cloud
Answers
Suggested answer: B

Explanation:

Reference: https://downloads.cloudsecurityalliance.org/assets/research/security-guidance/csaguide.v3.0.pdf

Question 58

Report
Export
Collapse

Which statement about compliance responsibilities and ownership of accountability is correct?

A.
Organizations may be able to transfer their accountability for compliance with various regulatory requirements to their CSPs, but they retain the ownership of responsibility.
A.
Organizations may be able to transfer their accountability for compliance with various regulatory requirements to their CSPs, but they retain the ownership of responsibility.
Answers
B.
Organizations may be able to transfer their responsibility for compliance with various regulatory requirements to their CSPs, but they retain the ownership of accountability.
B.
Organizations may be able to transfer their responsibility for compliance with various regulatory requirements to their CSPs, but they retain the ownership of accountability.
Answers
C.
Organizations may transfer their responsibility and accountability for compliance with various regulatory requirements to their CSPs.
C.
Organizations may transfer their responsibility and accountability for compliance with various regulatory requirements to their CSPs.
Answers
D.
Organizations are not able to transfer their responsibility nor accountability for compliance with various regulatory requirements to their CSPs.
D.
Organizations are not able to transfer their responsibility nor accountability for compliance with various regulatory requirements to their CSPs.
Answers
Suggested answer: D

Explanation:

Reference: https://searchcloudsecurity.techtarget.com/tip/Top-cloud-security-challenges-and-how-to-combat-them

Question 59

Report
Export
Collapse

Which of the following attestation allows for immediate adoption of the Cloud Control Matrix (CCM) as additional criteria to AICPA Trust Service Criteria and provides the flexibility to update the criteria as technology and market requirements change?

A.
PC-IDSS
A.
PC-IDSS
Answers
B.
CSA STAR Attestation
B.
CSA STAR Attestation
Answers
C.
MTCS
C.
MTCS
Answers
D.
BSI Criteria Catalogue C5
D.
BSI Criteria Catalogue C5
Answers
Suggested answer: B

Explanation:

Reference: https://www.sciencedirect.com/topics/computer-science/cloud-controls-matrix

Question 60

Report
Export
Collapse

Which of the following approaches encompasses social engineering of staff, bypassing of physical access controls and penetration testing?

A.
Blue team
A.
Blue team
Answers
B.
White box
B.
White box
Answers
C.
Gray box
C.
Gray box
Answers
D.
Red team
D.
Red team
Answers
Suggested answer: B

Explanation:

Reference: https://www.isaca.org/resources/isaca-journal/issues/2016/volume-5/planning-for-information-security-testingapractical-approach

Total 170 questions
Go to page: of 17
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms