ExamGecko
Search Search Login
Home Home / Isaca / CCAK
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Policies and procedures shall be established, and supporting business processes and technical measures implemented, for maintenance of several items ensuring continuity and availability of operations and support personnel. Which of the following controls BEST matches this control description?
An organization deploying the Cloud Control Matrix (CCM) to perform a compliance assessment will encompass the use of the "Corporate Governance Relevance" feature to filter out those controls:
With regard to the Cloud Control Matrix (CCM), the 'Architectural Relevance' is a feature that enables the filtering of security controls by:
As a developer building codes into a container in a DevSecOps environment, which of the following is the appropriate place(s) to perform security tests?
In which control should a cloud service provider, upon request, inform customers of compliance impact and risk, especially if customer data is used as part of the services?
Which of the following is the MOST important audit scope document when conducting a review of a cloud service provider?
Which of the following is an example of a corrective control?
A certification target helps in the formation of a continuous certification framework by incorporating:
When establishing cloud governance, an organization should FIRST test by migrating:
In the context of Infrastructure as a Service (IaaS), a vulnerability assessment will scan virtual machines to identify vulnerabilities in:

Question 157 - CCAK discussion

Report
Export

Which of the following cloud environments should be a concern to an organization s cloud auditor?

A.

The cloud service provider s data center is more than 100 miles away.

Answers
A.

The cloud service provider s data center is more than 100 miles away.

B.

The technical team is trained on only one vendor Infrastructure as a Service (laaS) platform, but the organization has subscribed to another vendor's laaS platform as an alternative.

Answers
B.

The technical team is trained on only one vendor Infrastructure as a Service (laaS) platform, but the organization has subscribed to another vendor's laaS platform as an alternative.

C.

The organization entirely depends on several proprietary Software as a Service (SaaS) applications.

Answers
C.

The organization entirely depends on several proprietary Software as a Service (SaaS) applications.

D.

The failover region of the cloud service provider is on another continent

Answers
D.

The failover region of the cloud service provider is on another continent

Suggested answer: B

Explanation:

This situation poses a significant concern for a cloud auditor because it indicates a potential gap in the technical team's ability to effectively manage and secure the IaaS platform provided by the alternative vendor. Without proper training on the specific features, security practices, and operational procedures of the new platform, the organization may face increased risks of misconfiguration, security vulnerabilities, and inefficiencies in cloud operations. It is crucial for the technical team to have a comprehensive understanding of all platforms in use to ensure they can maintain the security and performance standards required for a robust cloud environment.

Reference The concern is based on common cloud auditing challenges, such as controlling and monitoring user access, and ensuring the IT team is equipped to manage the cloud environment effectively12.Additionally, best practices suggest that network segmentation, user authentication, and access control are critical areas to address in a cloud audit3. These principles are widely recognized in the field of cloud security and compliance.

Show Answer
asked 17/11/2024
Anirban Ganguly
48 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms