ISACA CCAK Exam Practice Questions (P. 1)
- Full Access (325 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #1
Changes to which of the following will MOST likely influence the expansion or reduction of controls required to remediate the risk arising from changes to an organization’s SaaS vendor?
- ARisk exceptions policy
- BContractual requirementsMost Voted
- CRisk appetite
- DBoard oversight
send
light_mode
delete
Question #2
A CSP contracts for a penetration test to be conducted on its infrastructures. The auditor engages the target with no prior knowledge of its defenses, assets, or channels. The CSP’s security operation center is not notified in advance of the scope of the audit and the test vectors. Which mode is selected by the CSP?
send
light_mode
delete
Question #3
Due to cloud audit team resource constraints, an audit plan as initially approved cannot be completed. Assuming that the situation is communicated in the cloud audit report, which course of action is MOST relevant?
- AFocusing on auditing high-risk areas
- BTesting the adequacy of cloud controls design
- CRelying on management testing of cloud controls
- DTesting the operational effectiveness of cloud controls
Correct Answer:
A
A
send
light_mode
delete
Question #4
In an organization, how are policy violations MOST likely to occur?
- ABy accident
- BDeliberately by the ISP
- CDeliberately
- DDeliberately by the cloud provider
Correct Answer:
A
A
send
light_mode
delete
Question #5
Which of the following is the BEST tool to perform cloud security control audits?
- AGeneral Data Protection Regulation (GDPR)
- BISO 27001
- CFederal Information Processing Standard (FIPS) 140-2
- DCSA Cloud Control Matrix (CCM)
Correct Answer:
D
D
send
light_mode
delete
Question #6
Network environments and virtual instances shall be designed and configured to restrict and monitor traffic between trusted and untrusted connections. These configurations shall be reviewed at least annually, and supported by a documented justification for use for all allowed services, protocols, ports, and by compensating controls. Which of the following controls BEST matches this control description?
- ANetwork SecurityMost Voted
- BChange Detection
- CVirtual Instance and OS Hardening
- DNetwork Vulnerability Management
Correct Answer:
A
A
send
light_mode
delete
Question #7
After finding a vulnerability in an internet-facing server of an organization, a cybersecurity criminal is able to access an encrypted file system and successfully manages to overwrite part of some files with random data. In reference to the Top Threats Analysis methodology, how would you categorize the technical impact of this incident?
- AAs an integrity breachMost Voted
- BAs control breach
- CAs an availability breach
- DAs a confidentiality breach
send
light_mode
delete
Question #8
Organizations maintain mappings between the different control frameworks they adopt to:
- Ahelp identify controls with common assessment status.
- Bavoid duplication of work when assessing compliance.Most Voted
- Chelp identify controls with different assessment status.
- Dstart a compliance assessment using latest assessment.
send
light_mode
delete
Question #9
SAST testing is performed by:
- Ascanning the application source code.Most Voted
- Bscanning the application interface.
- Cscanning all infrastructure components.
- Dperforming manual actions to gain control of the application.
Correct Answer:
A
A
send
light_mode
delete
Question #10
When a client’s business process changes, the CSP SLA should:
- Abe reviewed, but the SLA cannot be updated.
- Bnot be reviewed, but the cloud contract should be cancelled immediately.
- Cnot be reviewed as the SLA cannot be updated.
- Dbe reviewed and updated if required.
Correct Answer:
D
D
send
light_mode
delete
All Pages