Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home ISACA CCAK

ISACA CCAK Exam Practice Questions (P. 5)

  • Full Access (325 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #41
When using a SaaS solution, who is responsible for application security?
  1. A
    The cloud service provider only
  2. B
    The cloud service consumer only
  3. C
    Both cloud consumer and the enterprise
  4. D
    Both cloud provider and the consumer

Correct Answer: D ?️

Question #42
Which of the following would be the GREATEST governance challenge to an organization where production is hosted in a public cloud and backups are held on the premises?
  1. A
    Aligning the cloud service delivery with the organization’s objective
  2. B
    Aligning the cloud provider’s SLA with the organization’s policy
  3. C
    Aligning shared responsibilities between provider and customer
  4. D
    Aligning the organization’s activity with the cloud provider’s policy

Correct Answer: C ?️

Question #43
What aspect of SaaS functionality and operations would the cloud customer be responsible for and should be audited?
  1. A
    Access controls
  2. B
    Vulnerability management
  3. C
    Source code reviews
  4. D
    Patching

Correct Answer:
A

Question #44
The Open Certification Framework is structured on three levels of trust. Those three levels of trust are:
  1. A
    CSA STAR Self-Assessment, STAR Certification & Attestation (Third-party Assessment), STAR Compliance
  2. B
    CSA STAR Audit, STAR Certification & Attestation (Third-party Assessment), STAR Continuous
  3. C
    CSA STAR Self-Assessment, STAR Certification & Attestation (Third-party Assessment), STAR Monitoring and Control
  4. D
    CSA STAR Self-Assessment, STAR Certification & Attestation (Third-party Assessment), STAR Continuous

Correct Answer:
D

Question #45
Which of the following is a fundamental concept of FedRAMP that intends to save costs, time, and staff conducting superfluous agency security assessments?
  1. A
    Use often, provide many times
  2. B
    Be economical, act deliberately
  3. C
    Use existing, provide many times
  4. D
    Do once, use many times

Correct Answer:
D

Question #46
Which of the following is the risk associated with storing data in a cloud that crosses jurisdictions?
  1. A
    Compliance risk
  2. B
    Provider administration risk
  3. C
    Audit risk
  4. D
    Virtualization risk

Correct Answer:
A

Question #47
Since CCM allows cloud customers to build a detailed list of requirements and controls to be implemented by the CSP as part of their overall third-party risk management and procurement program, will CCM alone be enough to define all the items to be considered when operating/using cloud services?
  1. A
    No. CCM must be completed with definitions established by the CSP because of its relevance to service continuity.
  2. B
    Yes. CCM suffices since it maps a huge library of widely accepted frameworks.
  3. C
    Yes. When implemented in the right manner, CCM alone can help to measure, assess and monitor the risk associated with a CSP or a particular service.
  4. D
    No. CCM can serve as a foundation for a cloud assessment program, but it needs to be completed with requirements applicable to each company.

Correct Answer: D ?️

Question #48
During an audit it was identified that a critical application hosted in an off-premises cloud is not part of the organization’s DRP (Disaster Recovery Plan). Management stated that it is responsible for ensuring that the cloud service provider (CSP) has a plan that is tested annually. What should be the auditor’s NEXT course of action?
  1. A
    Review the CSP audit reports.
  2. B
    Review the security white paper of the CSP.
  3. C
    Review the contract and DR capability.
  4. D
    Plan an audit of the CSP.

Correct Answer: C ?️

Question #49
Which of the following is the BEST recommendation to offer an organization’s HR department planning to adopt a new public SaaS application to ease the recruiting process?
  1. A
    Ensure HIPAA compliance
  2. B
    Implement a cloud access security broker
  3. C
    Consult the legal department
  4. D
    Do not allow data to be in cleratext

Correct Answer: C ?️

Question #50
In which control should a cloud service provider, upon request, inform customers of compliance impact and risk, especially if customer data is used as part of the services?
  1. A
    Service Provider control
  2. B
    Impact and Risk control
  3. C
    Data Inventory control
  4. D
    Compliance control

Correct Answer: D ?️

Previous Questions Next Questions

All Pages