Home / Isaca / CCAK

Question list

List of questions

Question 1

(0)

Which of the following BEST ensures adequate restriction on the number of people who can access the pipeline production environment?

Question 2

(0)

Which of the following metrics are frequently immature?

Question 3

(0)

Which of the following should be the FIRST step to establish a cloud assurance program during a cloud migration?

Question 4

(0)

From the perspective of a senior cloud security audit practitioner in an organization of a mature security program with cloud adoption, which of the following statements BEST describes the DevSecOps

Question 5

(0)

The Open Certification Framework is structured on three levels of trust. Those three levels of trust are:

Question 6

(0)

Due to cloud audit team resource constraints, an audit plan as initially approved cannot be completed. Assuming that the situation is communicated in the cloud audit report, which course of action i

Question 7

(0)

Which of the following is a corrective control that may be identified in a SaaS service provider?

Question 8

(0)

The criteria for limiting services allowing non-critical services or services requiring high availability and resilience to be moved to the cloud is an important consideration to be included PRIMARI

Question 9

(0)

When applying the Top Threats Analysis methodology following an incident, what is the scope of the technical impact identification step?

Question 10

(0)

An organization deploying the Cloud Control Matrix (CCM) to perform a compliance assessment will encompass the use of the "Corporate Governance Relevance" feature to filter out those controls:

Question 138 - CCAK discussion

During the cloud service provider evaluation process, which of the following BEST helps identify baseline configuration requirements?

Vendor requirements

Product benchmarks

Benchmark controls lists

Contract terms and conditions

Suggested answer: C

Explanation:

: During the cloud service provider evaluation process, benchmark controls lists BEST help identify baseline configuration requirements.Benchmark controls lists are standardized sets of security and compliance controls that are applicable to different cloud service models, deployment models, and industry sectors1.They provide a common framework and language for assessing and comparing the security posture and capabilities of cloud service providers2.They also help cloud customers to define their own security and compliance requirements and expectations based on best practices and industry standards3.

Some examples of benchmark controls lists are:

The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM), which is a comprehensive list of 133 control objectives that cover 16 domains of cloud security4.

The National Institute of Standards and Technology (NIST) Special Publication 800-53, which is a catalog of 325 security and privacy controls for federal information systems and organizations, including cloud-based systems5.

The International Organization for Standardization (ISO) / International Electrotechnical Commission (IEC) 27017, which is a code of practice that provides guidance on 121 information security controls for cloud services based on ISO/IEC 270026.

CSA Security Guidance for Cloud Computing | CSA1, section on Identify necessary security and compliance requirements

Evaluation Criteria for Cloud Infrastructure as a Service - Gartner2, section on Security Controls

Checklist: Cloud Services Provider Evaluation Criteria | Synoptek3, section on Security

Cloud Controls Matrix | CSA4, section on Overview

NIST Special Publication 800-53 - NIST Pages5, section on Abstract

ISO/IEC 27017:2015(en), Information technology --- Security techniques ...6, section on Scope

What is vendor management?Definition from WhatIs.com7, section on Vendor management

What is Benchmarking?Definition from WhatIs.com8, section on Benchmarking

What is Terms and Conditions?Definition from WhatIs.com9, section on Terms and Conditions

Show Answer

asked 17/11/2024

Fronzino Franco

35 questions

Your answer: A B C D

0 comments

Sorted by