ISACA CCAK Exam Practice Questions (P. 4)
- Full Access (325 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #31
Within an organization, which of the following functions should be responsible for defining the cloud adoption approach?
send
light_mode
delete
Question #32
An independent contractor is assessing security maturity of a SaaS company against industry standards. The SaaS company has developed and hosted all their products using the cloud services provided by a third-party cloud service provider (CSP). What is the optimal and most efficient mechanism to assess the controls CSP is responsible for?
- AReview third-party audit reports.Most Voted
- BReview CSP’s published questionnaires.
- CDirectly audit the CSP.
- DSend supplier questionnaire to the CSP.
send
light_mode
delete
Question #33
What areas should be reviewed when auditing a public cloud?
- APatching, source code reviews, hypervisor, access controls
- BIdentity and access management, data protection
- CPatching, configuration, hypervisor, backups
- DVulnerability management, cyber security reviews, patching
Correct Answer:
B
B
send
light_mode
delete
Question #34
Which of the following key stakeholders should be identified the earliest when an organization is designing a cloud compliance program?
- ACloud process owners
- BInternal control function
- CLegal functions
- DCloud strategy ownersMost Voted
send
light_mode
delete
Question #35
Which of the following CSP activities requires a client’s approval?
- ADelete the guest account or test accounts
- BDelete the master account or subscription owner accountsMost Voted
- CDelete the guest account or destroy test data
- DDelete the test accounts or destroy test data
send
light_mode
delete
Question #36
A cloud service provider does not allow audits using automated tools as these tools could be considered destructive techniques for the cloud environment. Which of the following aspects of the audit will be constrained?
send
light_mode
delete
Question #37
An organization has an ISMS implemented, following ISO 27001 and Annex A controls. The CIO would like to migrate some of the infrastructure to the cloud. Which of the following standards would BEST assist in identifying controls to consider for this migration?
send
light_mode
delete
Question #38
An organization is in the initial phases of cloud adoption. It is not very knowledgeable about cloud security and cloud shared responsibility models. Which of the following approaches is BEST suited for such an organization to evaluate its cloud security?
- AUse of an established standard/regulation to map controls and use as the audit criteria
- BFor efficiency reasons, use of its on-premises systems’ audit criteria to audit the cloud environment
- CAs this is the initial stage, the ISO/IEC 27001 certificate shared by the cloud service provider is sufficient for audit and compliance purposes.
- DDevelopment of the cloud security audit criteria based on its own internal audit test plans to ensure appropriate coverage
Correct Answer:
A
A
send
light_mode
delete
Question #39
Which of the following controls framework should the cloud customer use to assess the overall security risk of a cloud provider?
- ASOC3 - Type2
- BCloud Control Matrix (CCM)Most Voted
- CSOC2 - Type1
- DSOC1 - Type1
send
light_mode
delete
Question #40
Which of the following aspects of risk management involves identifying the potential reputational harm and/or financial harm when an incident occurs?
send
light_mode
delete
All Pages