2022 Summer Express Limited Time 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 5763r953

Welcome To DumpsPedia
  1. Home
  2. Isaca
  3. Cloud Security Alliance
  4. CCAK
  5. Certificate of Cloud Auditing Knowledge Questions and Answers

CCAK Sample Questions Answers

Questions 4

Which of the following is the MOST feasible way to validate the performance of CSPs for the delivery of technology resources?

Options:

A.

Cloud compliance program

B.

Legacy IT compliance program

C.

Internal audit program

D.

Service organization controls report

Buy Now
Questions 5

Which of the following contract terms is necessary to meet a company’s requirement that needs to move data from one CSP to another?

Options:

A.

Drag and Drop

B.

Lift and shift

C.

Flexibility to move

D.

Transition and data portability

Buy Now
Questions 6

An organization that is utilizing a community cloud is contracting an auditor to conduct a review on behalf of the group of organizations within the cloud community. From the following, to whom should the auditor report the findings?

Options:

A.

Public

B.

Management of organization being audited

C.

Shareholders/interested parties

D.

Cloud service provider

Buy Now
Questions 7

During an audit it was identified that a critical application hosted in an off-premises cloud is not part of the organization’s DRP (Disaster Recovery Plan). Management stated that it is responsible for ensuring that the cloud service provider (CSP) has a plan that is tested annually. What should be the auditor’s NEXT course of action?

Options:

A.

Review the CSP audit reports.

B.

Review the security white paper of the CSP.

C.

Review the contract and DR capability.

D.

Plan an audit of the CSP.

Buy Now
Questions 8

Your company is purchasing an application from a vendor. They do not allow you to perform an on-site audit on their information system. However, they say, they will provide the third-party audit attestation on the adequate control design within their environment. Which report is the vendor providing you?

Options:

A.

SOC 3

B.

SOC 2, TYPE 2

C.

SOC 1

D.

SOC 2, TYPE 1

Buy Now
Questions 9

As a developer building codes into a container in a DevSecOps environment, which of the following is the appropriate place(s) to perform security tests?

Options:

A.

Within developer’s laptop

B.

Within the CI/CD server

C.

Within version repositories

D.

Within the CI/CD pipeline

Buy Now
Questions 10

While performing the audit, the auditor found that an object storage bucket containing PII could be accessed by anyone on the Internet. Given this discovery, what should be the most appropriate action for the auditor to perform?

Options:

A.

Highlighting the gap to the audit sponsor at the sponsor’s earliest possible availability

B.

Asking the organization’s cloud administrator to immediately close the gap by updating the configuration settings and making the object storage bucket private and hence inaccessible from the Internet

C.

Documenting the finding in the audit report and sharing the gap with the relevant stakeholders

D.

Informing the organization’s internal audit manager immediately about the gap

Buy Now
Questions 11

After finding a vulnerability in an internet-facing server of an organization, a cybersecurity criminal is able to access an encrypted file system and successfully manages to overwrite part of some files with random data. In reference to the Top Threats Analysis methodology, how would you categorize the technical impact of this incident?

Options:

A.

As an integrity breach

B.

As control breach

C.

As an availability breach

D.

As a confidentiality breach

Buy Now
Questions 12

Which best describes the difference between a type 1 and a type 2 SOC report?

Options:

A.

A type 2 SOC report validates the operating effectiveness of controls whereas a type 1 SOC report validates the suitability of the design of the controls.

B.

A type 2 SOC report validates the suitability of the design of the controls whereas a type 1 SOC report validates the operating effectiveness of controls.

C.

A type 1 SOC report provides an attestation whereas a type 2 SOC report offers a certification.

D.

There is no difference between a type 2 and type 1 SOC report.

Buy Now
Questions 13

A cloud service provider does not allow audits using automated tools as these tools could be considered destructive techniques for the cloud environment. Which of the following aspects of the audit will be constrained?

Options:

A.

Purpose

B.

Objectives

C.

Nature of relationship

D.

Scope

Buy Now
Questions 14

Which of the following is a direct benefit of mapping the Cloud Control Matrix (CCM) to other international standards and regulations?

Options:

A.

CCM mapping entitles cloud service providers to be listed as an approved supplier for tenders and government contracts.

B.

CCM mapping enables cloud service providers and customers alike to streamline their own compliance and security efforts.

C.

CCM mapping enables an uninterrupted data flow and, in particular, the export of personal data across different jurisdictions.

D.

CCM mapping entitles cloud service providers to be certified under the CSA STAR program.

Buy Now
Questions 15

Supply chain agreements between CSP and cloud customers should, at minimum, include:

Options:

A.

Organization chart of the CSP

B.

Policies and procedures of the cloud customer

C.

Audits, assessments and independent verification of compliance certifications with agreement terms

D.

Regulatory guidelines impacting the cloud customer

Buy Now
Questions 16

To identify key actors and requirements, which of the following MUST be considered when designing a cloud compliance program?

Options:

A.

Cloud service provider, internal and external audit perspectives

B.

Business/organizational, governance, cloud and risk perspectives

C.

Enterprise risk management, data protection, privacy and legal perspectives

D.

Key stakeholders, enterprise risk management, and Internal audit perspectives

Buy Now
Questions 17

Customer management interface, if compromised over public internet, can lead to:

Options:

A.

customer’s computing and data compromise.

B.

access to the RAM of neighboring cloud computer.

C.

ease of acquisition of cloud services.

D.

incomplete wiping of the data.

Buy Now
Questions 18

Which plan will guide an organization on how to react to a security incident that might occur on the organization’s systems, or that might be affecting one of their service providers?

Options:

A.

Incident Response Plans

B.

Security Incident Plans

C.

Unexpected Event Plans

D.

Emergency Incident Plans

Buy Now
Exam Code: CCAK
Exam Name: Certificate of Cloud Auditing Knowledge
Last Update: May 10, 2022
Questions: 126
$72  $159.99
$54  $119.99
$45  $99.99
buy now CCAK