Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home ISACA CCAK

ISACA CCAK Exam Practice Questions (P. 4)

  • Full Access (265 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #16
When performing audits in relation to Business Continuity Management and Operational Resilience strategy, what would be the MOST critical aspect to audit in relation to the strategy of the cloud customer that should be formulated jointly with the cloud service provider?
  1. A
    Validate if the strategy covers unavailability of all components required to operate the business-as-usual or in disrupted mode, in parts or total- when impacted by a disruption.
  2. B
    Validate if the strategy covers all aspects of Business Continuity and Resilience planning, taking inputs from the assessed impact and risks, to consider activities for before, during, and after a disruption.
  3. C
    Validate if the strategy covers all activities required to continue and recover prioritized activities within identified time frames and agreed capacity, aligned to the risk appetite of the organization including the invocation of continuity plans and crisis management capabilities.
  4. D
    Validate if the strategy is developed by both cloud service providers and cloud service consumers within the acceptable limits of their risk appetite.

Correct Answer:
B

Question #17
Which of the following metrics are frequently immature?
  1. A
    Metrics around Infrastructure as a Service (IaaS) storage and network environments
  2. B
    Metrics around Platform as a Service (PaaS) development environments
  3. C
    Metrics around Infrastructure as a Service (IaaS) computing environments
  4. D
    Metrics around specific Software as a Service (SaaS) application services

Correct Answer:
A

Question #18
The MAIN difference between Cloud Control Matrix (CCM) and Consensus Assessment Initiative Questionnaire (CAIQ) is that:
  1. A
    CCM assesses the presence of controls, whereas CAIQ assesses overall security of a service.
  2. B
    CCM has a set of security questions, whereas CAIQ has a set of security controls.
  3. C
    CCM has 14 domains and CAIQ has 16 domains.
  4. D
    CCM provides a controls framework, whereas CAIQ provides industry-accepted ways to document which security controls exist in IaaS, PaaS, and SaaS offerings.

Correct Answer:
D

Question #19
Which of the following is an example of financial business impact?
  1. A
    A hacker using a stolen administrator identity brings down the SaaS sales and marketing systems, resulting in the inability to process customer orders or manage customer relationships.
  2. B
    While the breach was reported in a timely manner to the CEO, the CFO and CISO blamed each other in public, resulting in a loss of public confidence that led the board to replace all three.
  3. C
    A DDoS attack renders the customer's cloud inaccessible for 24 hours resulting in millions in lost sales.
  4. D
    The cloud provider fails to report a breach of customer personal data from an unsecured server, resulting in GDPR fines of 10 million euro.

Correct Answer:
C

Question #20
From the perspective of a senior cloud security audit practitioner in an organization of a mature security program with cloud adoption, which of the following statements BEST describes the DevSecOps concept?
  1. A
    Process of security integration using automation in software development
  2. B
    Development standards for addressing integration, testing, and deployment issues
  3. C
    Operational framework that promotes software consistency through automation
  4. D
    Making software development simpler, faster, and easier using automation

Correct Answer:
B

Previous Questions Next Questions

All Pages