ExamGecko
Search Search Login
Home Home / Isaca / CCAK

Isaca CCAK Practice Test - Questions Answers, Page 8

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Policies and procedures shall be established, and supporting business processes and technical measures implemented, for maintenance of several items ensuring continuity and availability of operations and support personnel. Which of the following controls BEST matches this control description?
An organization deploying the Cloud Control Matrix (CCM) to perform a compliance assessment will encompass the use of the "Corporate Governance Relevance" feature to filter out those controls:
With regard to the Cloud Control Matrix (CCM), the 'Architectural Relevance' is a feature that enables the filtering of security controls by:
As a developer building codes into a container in a DevSecOps environment, which of the following is the appropriate place(s) to perform security tests?
In which control should a cloud service provider, upon request, inform customers of compliance impact and risk, especially if customer data is used as part of the services?
Which of the following is the MOST important audit scope document when conducting a review of a cloud service provider?
Which of the following is an example of a corrective control?
When establishing cloud governance, an organization should FIRST test by migrating:
In the context of Infrastructure as a Service (IaaS), a vulnerability assessment will scan virtual machines to identify vulnerabilities in:
To ensure that cloud audit resources deliver the best value to the organization, the PRIMARY step would be to:

Question 71

Report
Export
Collapse

When migrating to a cloud environment, which of the following should be the PRIMARY driver for the use of encryption?

A.
Cloud Service Provider encryption capabilities
A.
Cloud Service Provider encryption capabilities
Answers
B.
The presence of PII
B.
The presence of PII
Answers
C.
Organizational security policies
C.
Organizational security policies
Answers
D.
Cost-benefit analysis
D.
Cost-benefit analysis
Answers
Suggested answer: A

Question 72

Report
Export
Collapse

What type of termination occurs at the initiative of one party, and without the fault of the other party?

A.
Termination for cause
A.
Termination for cause
Answers
B.
Termination for convenience
B.
Termination for convenience
Answers
C.
Termination at the end of the term
C.
Termination at the end of the term
Answers
D.
Termination without the fault
D.
Termination without the fault
Answers
Suggested answer: C

Question 73

Report
Export
Collapse

Which of the following is the BEST control framework for a European manufacturing corporation that is migrating to the cloud?

A.
NIST SP 800-53
A.
NIST SP 800-53
Answers
B.
CSA's GDPR CoC
B.
CSA's GDPR CoC
Answers
C.
PCI-DSS
C.
PCI-DSS
Answers
D.
EU GDPR
D.
EU GDPR
Answers
Suggested answer: D

Explanation:

Reference: https://ec.europa.eu/info/sites/default/files/ec_cloud_strategy.pdf

Question 74

Report
Export
Collapse

Under GDPR, an organization should report a data breach within what time frame?

A.
72 hours
A.
72 hours
Answers
B.
2 weeks
B.
2 weeks
Answers
C.
1 week
C.
1 week
Answers
D.
48 hours
D.
48 hours
Answers
Suggested answer: A

Explanation:

Reference: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulationgdpr/personal-data-breaches/

Question 75

Report
Export
Collapse

Which plan will guide an organization on how to react to a security incident that might occur on the organization's systems, or that might be affecting one of their service providers?

A.
Incident Response Plans
A.
Incident Response Plans
Answers
B.
Security Incident Plans
B.
Security Incident Plans
Answers
C.
Unexpected Event Plans
C.
Unexpected Event Plans
Answers
D.
Emergency Incident Plans
D.
Emergency Incident Plans
Answers
Suggested answer: A

Question 76

Report
Export
Collapse

In an organization, how are policy violations MOST likely to occur?

A.
By accident
A.
By accident
Answers
B.
Deliberately by the ISP
B.
Deliberately by the ISP
Answers
C.
Deliberately
C.
Deliberately
Answers
D.
Deliberately by the cloud provider
D.
Deliberately by the cloud provider
Answers
Suggested answer: A

Question 77

Report
Export
Collapse

What is a sign of an organization that has adopted a shift-left concept of code release cycles?

A.
A waterfall model to move resources through the development to release phases
A.
A waterfall model to move resources through the development to release phases
Answers
B.
Incorporation of automation to identify and address software code problems early
B.
Incorporation of automation to identify and address software code problems early
Answers
C.
Maturity of start-up entities with high-iteration to low-volume code commits
C.
Maturity of start-up entities with high-iteration to low-volume code commits
Answers
D.
Large entities with slower release cadences and geographical dispersed systems
D.
Large entities with slower release cadences and geographical dispersed systems
Answers
Suggested answer: B

Explanation:

Reference: https://www.ibm.com/cloud/learn/devsecops

Question 78

Report
Export
Collapse

An organization that is utilizing a community cloud is contracting an auditor to conduct a review on behalf of the group of organizations within the cloud community. From the following, to whom should the auditor report the findings?

A.
Public
A.
Public
Answers
B.
Management of organization being audited
B.
Management of organization being audited
Answers
C.
Shareholders/interested parties
C.
Shareholders/interested parties
Answers
D.
Cloud service provider
D.
Cloud service provider
Answers
Suggested answer: D

Question 79

Report
Export
Collapse

After finding a vulnerability in an internet-facing server of an organization, a cybersecurity criminal is able to access an encrypted file system and successfully manages to overwrite part of some files with random data. In reference to the Top Threats Analysis methodology, how would you categorize the technical impact of this incident?

A.
As an integrity breach
A.
As an integrity breach
Answers
B.
As control breach
B.
As control breach
Answers
C.
As an availability breach
C.
As an availability breach
Answers
D.
As a confidentiality breach
D.
As a confidentiality breach
Answers
Suggested answer: B

Question 80

Report
Export
Collapse

Which of the following configuration change controls is acceptable to a cloud auditor?

A.
Development, test and production are hosted in the same network environment.
A.
Development, test and production are hosted in the same network environment.
Answers
B.
Programmers have permanent access to production software.
B.
Programmers have permanent access to production software.
Answers
C.
The Head of Development approves changes requested to production.
C.
The Head of Development approves changes requested to production.
Answers
D.
Programmers cannot make uncontrolled changes to the source code production version.
D.
Programmers cannot make uncontrolled changes to the source code production version.
Answers
Suggested answer: D
Total 170 questions
Go to page: of 17
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms