Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home ISACA CCAK

ISACA CCAK Exam Practice Questions (P. 3)

  • Full Access (325 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #21
Which of the following is MOST important to consider when developing an effective threat model during the introduction of a new SaaS service into a customer organization’s architecture? The threat model:
  1. A
    recognizes the shared responsibility for risk management between the customer and the CSP.
  2. B
    leverages SaaS threat models developed by peer organizations.
  3. C
    is developed by an independent third-party with expertise in the organization’s industry sector.
  4. D
    considers the loss of visibility and control from transitioning to the cloud.

Correct Answer:
A

Question #22
While performing the audit, the auditor found that an object storage bucket containing PII could be accessed by anyone on the Internet. Given this discovery, what should be the most appropriate action for the auditor to perform?
  1. A
    Highlighting the gap to the audit sponsor at the sponsor’s earliest possible availability
  2. B
    Asking the organization’s cloud administrator to immediately close the gap by updating the configuration settings and making the object storage bucket private and hence inaccessible from the Internet
  3. C
    Documenting the finding in the audit report and sharing the gap with the relevant stakeholders
  4. D
    Informing the organization’s internal audit manager immediately about the gap

Correct Answer:
C

Question #23
To qualify for CSA STAR attestation for a particular cloud system, the SOC 2 report must cover:
  1. A
    ISO/IЕС 27001: 2013 controls.
  2. B
    maturity model criteria.
  3. C
    all Cloud Control Matrix (CCM) controls and TSPC security principles.
  4. D
    Cloud Control Matrix (CCM) and ISO/IEC 27001:2013 controls.

Correct Answer:
C

Question #24
Which of the following is MOST important to consider when an organization is building a compliance program for the cloud?
  1. A
    The rapidly changing service portfolio and architecture of the cloud.
  2. B
    Cloud providers should not be part of the compliance program.
  3. C
    The fairly static nature of the service portfolio and architecture of the cloud.
  4. D
    The cloud is similar to the on-premise environment in terms of compliance.

Correct Answer:
A

Question #25
When developing a cloud compliance program, what is the PRIMARY reason for a cloud customer to review which cloud services will be deployed?
  1. A
    To determine how those services will fit within its policies and procedures
  2. B
    To determine the total cost of the cloud services to be deployed
  3. C
    To confirm which vendor will be selected based on the compliance with security requirements
  4. D
    To confirm if the compensating controls implemented are sufficient for the cloud

Correct Answer:
A

Question #26
Which of the following attestation allows for immediate adoption of the Cloud Control Matrix (CCM) as additional criteria to AICPA Trust Service Criteria and provides the flexibility to update the criteria as technology and market requirements change?
  1. A
    PC-IDSS
  2. B
    CSA STAR Attestation
  3. C
    MTCS
  4. D
    BSI Criteria Catalogue C5

Correct Answer:
B

Question #27
To ensure that cloud audit resources deliver the best value to the organization, the PRIMARY step would be to:
  1. A
    develop a cloud audit plan on the basis of a detailed risk assessment.
  2. B
    schedule the audits and monitor the time spent on each audit.
  3. C
    train the cloud audit staff on current technology used in the organization.
  4. D
    monitor progress of audits and initiate cost control measures.

Correct Answer:
A

Question #28
Which of the following is an example of integrity technical impact?
  1. A
    The cloud provider reports a breach of customer personal data from an unsecured server.
  2. B
    A hacker using a stolen administrator identity alerts the discount percentage in the product database.
  3. C
    A DDoS attack renders the customer’s cloud inaccessible for 24 hours.
  4. D
    An administrator inadvertently clicked on Phish bait exposing his company to a ransomware attack.

Correct Answer: B ?️

Question #29
What is a sign of an organization that has adopted a shift-left concept of code release cycles?
  1. A
    A waterfall model to move resources through the development to release phases
  2. B
    Incorporation of automation to identify and address software code problems early
  3. C
    Maturity of start-up entities with high-iteration to low-volume code commits
  4. D
    Large entities with slower release cadences and geographical dispersed systems

Correct Answer:
B

Question #30
Cloud Control Matrix (CCM) controls can be used by cloud customers to:
  1. A
    develop new security baselines for the industry.
  2. B
    define different control frameworks for different cloud service providers.
  3. C
    facilitate communication with their legal department.
  4. D
    build an operational cloud risk management program.

Correct Answer: D ?️

Previous Questions Next Questions

All Pages