Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home ISACA CCAK

ISACA CCAK Exam Practice Questions (P. 5)

  • Full Access (265 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #21
Which of the following is MOST important to consider when developing an effective threat model during the introduction of a new SaaS service into a customer organization’s architecture? The threat model:
  1. A
    recognizes the shared responsibility for risk management between the customer and the CSP.
  2. B
    leverages SaaS threat models developed by peer organizations.
  3. C
    is developed by an independent third-party with expertise in the organization’s industry sector.
  4. D
    considers the loss of visibility and control from transitioning to the cloud.

Correct Answer:
A

Question #22
While performing the audit, the auditor found that an object storage bucket containing PII could be accessed by anyone on the Internet. Given this discovery, what should be the most appropriate action for the auditor to perform?
  1. A
    Highlighting the gap to the audit sponsor at the sponsor’s earliest possible availability
  2. B
    Asking the organization’s cloud administrator to immediately close the gap by updating the configuration settings and making the object storage bucket private and hence inaccessible from the Internet
  3. C
    Documenting the finding in the audit report and sharing the gap with the relevant stakeholders
  4. D
    Informing the organization’s internal audit manager immediately about the gap

Correct Answer:
C

Question #23
To qualify for CSA STAR attestation for a particular cloud system, the SOC 2 report must cover:
  1. A
    ISO/IЕС 27001: 2013 controls.
  2. B
    maturity model criteria.
  3. C
    all Cloud Control Matrix (CCM) controls and TSPC security principles.
  4. D
    Cloud Control Matrix (CCM) and ISO/IEC 27001:2013 controls.

Correct Answer:
C

Question #24
Which of the following is MOST important to consider when an organization is building a compliance program for the cloud?
  1. A
    The rapidly changing service portfolio and architecture of the cloud.
  2. B
    Cloud providers should not be part of the compliance program.
  3. C
    The fairly static nature of the service portfolio and architecture of the cloud.
  4. D
    The cloud is similar to the on-premise environment in terms of compliance.

Correct Answer:
A

Question #25
When developing a cloud compliance program, what is the PRIMARY reason for a cloud customer to review which cloud services will be deployed?
  1. A
    To determine how those services will fit within its policies and procedures
  2. B
    To determine the total cost of the cloud services to be deployed
  3. C
    To confirm which vendor will be selected based on the compliance with security requirements
  4. D
    To confirm if the compensating controls implemented are sufficient for the cloud

Correct Answer:
A

Previous Questions Next Questions

All Pages