ExamGecko
Search Search Login
Home Home / Isaca / CCAK

Isaca CCAK Practice Test - Questions Answers, Page 7

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Policies and procedures shall be established, and supporting business processes and technical measures implemented, for maintenance of several items ensuring continuity and availability of operations and support personnel. Which of the following controls BEST matches this control description?
An organization deploying the Cloud Control Matrix (CCM) to perform a compliance assessment will encompass the use of the "Corporate Governance Relevance" feature to filter out those controls:
With regard to the Cloud Control Matrix (CCM), the 'Architectural Relevance' is a feature that enables the filtering of security controls by:
As a developer building codes into a container in a DevSecOps environment, which of the following is the appropriate place(s) to perform security tests?
In which control should a cloud service provider, upon request, inform customers of compliance impact and risk, especially if customer data is used as part of the services?
Which of the following is the MOST important audit scope document when conducting a review of a cloud service provider?
Which of the following is an example of a corrective control?
When establishing cloud governance, an organization should FIRST test by migrating:
In the context of Infrastructure as a Service (IaaS), a vulnerability assessment will scan virtual machines to identify vulnerabilities in:
To ensure that cloud audit resources deliver the best value to the organization, the PRIMARY step would be to:

Question 61

Report
Export
Collapse

Which of the following is MOST important to consider when an organization is building a compliance program for the cloud?

A.
The rapidly changing service portfolio and architecture of the cloud.
A.
The rapidly changing service portfolio and architecture of the cloud.
Answers
B.
Cloud providers should not be part of the compliance program.
B.
Cloud providers should not be part of the compliance program.
Answers
C.
The fairly static nature of the service portfolio and architecture of the cloud.
C.
The fairly static nature of the service portfolio and architecture of the cloud.
Answers
D.
The cloud is similar to the on-premise environment in terms of compliance.
D.
The cloud is similar to the on-premise environment in terms of compliance.
Answers
Suggested answer: A

Question 62

Report
Export
Collapse

Which of the following is a fundamental concept of FedRAMP that intends to save costs, time, and staff conducting superfluous agency security assessments?

A.
Use often, provide many times
A.
Use often, provide many times
Answers
B.
Be economical, act deliberately
B.
Be economical, act deliberately
Answers
C.
Use existing, provide many times
C.
Use existing, provide many times
Answers
D.
Do once, use many times
D.
Do once, use many times
Answers
Suggested answer: D

Explanation:

Reference: https://www.fedramp.gov/assets/resources/documents/FedRAMP_Security_Assessment_Framework.pdf (2)

Question 63

Report
Export
Collapse

In all three cloud deployment models, (IaaS, PaaS, and SaaS), who is responsible for the patching of the hypervisor layer?

A.
Cloud service customer
A.
Cloud service customer
Answers
B.
Shared responsibility
B.
Shared responsibility
Answers
C.
Cloud service provider
C.
Cloud service provider
Answers
D.
Patching on hypervisor layer is not required
D.
Patching on hypervisor layer is not required
Answers
Suggested answer: A

Question 64

Report
Export
Collapse

To ensure that cloud audit resources deliver the best value to the organization, the PRIMARY step would be to:

A.
develop a cloud audit plan on the basis of a detailed risk assessment.
A.
develop a cloud audit plan on the basis of a detailed risk assessment.
Answers
B.
schedule the audits and monitor the time spent on each audit.
B.
schedule the audits and monitor the time spent on each audit.
Answers
C.
train the cloud audit staff on current technology used in the organization.
C.
train the cloud audit staff on current technology used in the organization.
Answers
D.
monitor progress of audits and initiate cost control measures.
D.
monitor progress of audits and initiate cost control measures.
Answers
Suggested answer: A

Explanation:

It delivers value to the organization are the resources and efforts being dedicated to, and focused on, the higher-risk areas.

Question 65

Report
Export
Collapse

The BEST way to deliver continuous compliance in a cloud environment is to:

A.
decrease the interval between attestations of compliance.
A.
decrease the interval between attestations of compliance.
Answers
B.
combine point-in-time assurance approaches with continuous monitoring.
B.
combine point-in-time assurance approaches with continuous monitoring.
Answers
C.
increase the frequency of external audits from annual to quarterly.
C.
increase the frequency of external audits from annual to quarterly.
Answers
D.
combine point-in-time assurance approaches with continuous auditing.
D.
combine point-in-time assurance approaches with continuous auditing.
Answers
Suggested answer: B

Question 66

Report
Export
Collapse

Which of the following is an example of integrity technical impact?

A.
The cloud provider reports a breach of customer personal data from an unsecured server.
A.
The cloud provider reports a breach of customer personal data from an unsecured server.
Answers
B.
A hacker using a stolen administrator identity alerts the discount percentage in the product database.
B.
A hacker using a stolen administrator identity alerts the discount percentage in the product database.
Answers
C.
A DDoS attack renders the customer's cloud inaccessible for 24 hours.
C.
A DDoS attack renders the customer's cloud inaccessible for 24 hours.
Answers
D.
An administrator inadvertently clicked on Phish bait exposing his company to a ransomware attack.
D.
An administrator inadvertently clicked on Phish bait exposing his company to a ransomware attack.
Answers
Suggested answer: D

Explanation:

Reference: https://www.kroll.com/en/insights/publications/technology-impact-on-integrity-and-business-practices

Question 67

Report
Export
Collapse

Which of the following would be the GREATEST governance challenge to an organization where production is hosted in a public cloud and backups are held on the premises?

A.
Aligning the cloud service delivery with the organization's objective
A.
Aligning the cloud service delivery with the organization's objective
Answers
B.
Aligning the cloud provider's SLA with the organization's policy
B.
Aligning the cloud provider's SLA with the organization's policy
Answers
C.
Aligning shared responsibilities between provider and customer
C.
Aligning shared responsibilities between provider and customer
Answers
D.
Aligning the organization's activity with the cloud provider's policy
D.
Aligning the organization's activity with the cloud provider's policy
Answers
Suggested answer: A

Explanation:

Reference: https://arxiv.org/ftp/arxiv/papers/1303/1303.4814.pdf

Question 68

Report
Export
Collapse

A CSP providing cloud services currently being used by the United States federal government should obtain which of the following to assure compliance to stringent government standards?

A.
Multi-Tier Cloud Security (MTCS) Attestation
A.
Multi-Tier Cloud Security (MTCS) Attestation
Answers
B.
FedRAMP Authorization
B.
FedRAMP Authorization
Answers
C.
ISO/IEC 27001:2013 Certification
C.
ISO/IEC 27001:2013 Certification
Answers
D.
CSA STAR Level Certificate
D.
CSA STAR Level Certificate
Answers
Suggested answer: B

Explanation:

Reference: https://www.ftptoday.com/blog/benefits-using-fedramp-authorized-cloud-service-provider

Question 69

Report
Export
Collapse

To qualify for CSA STAR attestation for a particular cloud system, the SOC 2 report must cover:

A.
ISO/I?? 27001: 2013 controls.
A.
ISO/I?? 27001: 2013 controls.
Answers
B.
maturity model criteria.
B.
maturity model criteria.
Answers
C.
all Cloud Control Matrix (CCM) controls and TSPC security principles.
C.
all Cloud Control Matrix (CCM) controls and TSPC security principles.
Answers
D.
Cloud Control Matrix (CCM) and ISO/IEC 27001:2013 controls.
D.
Cloud Control Matrix (CCM) and ISO/IEC 27001:2013 controls.
Answers
Suggested answer: C

Explanation:

Reference: https://downloads.cloudsecurityalliance.org/star/attestation/GuidelinesforCPAsv2.pdf (8)

Question 70

Report
Export
Collapse

When a client's business process changes, the CSP SLA should:

A.
be reviewed, but the SLA cannot be updated.
A.
be reviewed, but the SLA cannot be updated.
Answers
B.
not be reviewed, but the cloud contract should be cancelled immediately.
B.
not be reviewed, but the cloud contract should be cancelled immediately.
Answers
C.
not be reviewed as the SLA cannot be updated.
C.
not be reviewed as the SLA cannot be updated.
Answers
D.
be reviewed and updated if required.
D.
be reviewed and updated if required.
Answers
Suggested answer: D

Explanation:

Reference: http://www.diva-portal.org/smash/get/diva2:1312384/FULLTEXT01.pdf

Total 170 questions
Go to page: of 17
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms