Home / Isaca / CCAK

Question list

List of questions

Question 1

(0)

Which of the following BEST ensures adequate restriction on the number of people who can access the pipeline production environment?

Question 2

(0)

Which of the following metrics are frequently immature?

Question 3

(0)

Which of the following should be the FIRST step to establish a cloud assurance program during a cloud migration?

Question 4

(0)

From the perspective of a senior cloud security audit practitioner in an organization of a mature security program with cloud adoption, which of the following statements BEST describes the DevSecOps

Question 5

(0)

The Open Certification Framework is structured on three levels of trust. Those three levels of trust are:

Question 6

(0)

Due to cloud audit team resource constraints, an audit plan as initially approved cannot be completed. Assuming that the situation is communicated in the cloud audit report, which course of action i

Question 7

(0)

Which of the following is a corrective control that may be identified in a SaaS service provider?

Question 8

(0)

The criteria for limiting services allowing non-critical services or services requiring high availability and resilience to be moved to the cloud is an important consideration to be included PRIMARI

Question 9

(0)

When applying the Top Threats Analysis methodology following an incident, what is the scope of the technical impact identification step?

Question 10

(0)

An organization deploying the Cloud Control Matrix (CCM) to perform a compliance assessment will encompass the use of the "Corporate Governance Relevance" feature to filter out those controls:

Question 128 - CCAK discussion

While using Software as a Service (SaaS) to store secret customer information, an organization identifies a risk of disclosure to unauthorized parties. Although the SaaS service continues to be used, secret customer data is not processed. Which of the following risk treatment methods is being practiced?