Home / Isaca / CCAK

Question list

List of questions

Question 1

(0)

Which of the following BEST ensures adequate restriction on the number of people who can access the pipeline production environment?

Question 2

(0)

Which of the following metrics are frequently immature?

Question 3

(0)

Which of the following should be the FIRST step to establish a cloud assurance program during a cloud migration?

Question 4

(0)

From the perspective of a senior cloud security audit practitioner in an organization of a mature security program with cloud adoption, which of the following statements BEST describes the DevSecOps

Question 5

(0)

The Open Certification Framework is structured on three levels of trust. Those three levels of trust are:

Question 6

(0)

Due to cloud audit team resource constraints, an audit plan as initially approved cannot be completed. Assuming that the situation is communicated in the cloud audit report, which course of action i

Question 7

(0)

Which of the following is a corrective control that may be identified in a SaaS service provider?

Question 8

(0)

The criteria for limiting services allowing non-critical services or services requiring high availability and resilience to be moved to the cloud is an important consideration to be included PRIMARI

Question 9

(0)

When applying the Top Threats Analysis methodology following an incident, what is the scope of the technical impact identification step?

Question 10

(0)

An organization deploying the Cloud Control Matrix (CCM) to perform a compliance assessment will encompass the use of the "Corporate Governance Relevance" feature to filter out those controls:

Question 79 - CCAK discussion

After finding a vulnerability in an internet-facing server of an organization, a cybersecurity criminal is able to access an encrypted file system and successfully manages to overwrite part of some files with random data. In reference to the Top Threats Analysis methodology, how would you categorize the technical impact of this incident?