ISACA CCAK Certificate of Cloud Auditing Knowledge Online Training
ISACA CCAK Online Training
The questions for CCAK were last updated at Nov 19,2024.
- Exam Code: CCAK
- Exam Name: Certificate of Cloud Auditing Knowledge
- Certification Provider: ISACA
- Latest update: Nov 19,2024
Which of the following controls framework should the cloud customer use to assess the overall security risk of a cloud provider?
- A . SOC3 – Type2
- B . Cloud Control Matrix (CCM)
- C . SOC2 – Type1
- D . SOC1 – Type1
Which of the following is the risk associated with storing data in a cloud that crosses jurisdictions?
- A . Compliance risk
- B . Provider administration risk
- C . Audit risk
- D . Virtualization risk
Which of the following CSP activities requires a client’s approval?
- A . Delete the guest account or test accounts
- B . Delete the master account or subscription owner accounts
- C . Delete the guest account or destroy test data
- D . Delete the test accounts or destroy test data
Which of the following is the MOST feasible way to validate the performance of CSPs for the delivery of technology resources?
- A . Cloud compliance program
- B . Legacy IT compliance program
- C . Internal audit program
- D . Service organization controls report
Which of the following would be a logical starting point for an auditor who has been engaged to assess the security of an organization’s DevOps pipeline?
- A . Verify the inclusion of security gates in the pipeline.
- B . Conduct an architectural assessment.
- C . Review the CI/CD pipeline audit logs.
- D . Verify separation of development and production pipelines.
Which of the following is an example of integrity technical impact?
- A . The cloud provider reports a breach of customer personal data from an unsecured server.
- B . A hacker using a stolen administrator identity alerts the discount percentage in the product database.
- C . A DDoS attack renders the customer’s cloud inaccessible for 24 hours.
- D . An administrator inadvertently click on Phish bait exposing his company to a ransomware attack.
Which of the following parties should have accountability for cloud compliance requirements?
- A . Customer
- B . Equally shared between customer and provider
- C . Provider
- D . Either customer or provider, depending on requirements
SAST testing is performed by:
- A . scanning the application source code.
- B . scanning the application interface.
- C . scanning all infrastructure components.
- D . performing manual actions to gain control of the application.
Under GDPR, an organization should report a data breach within what time frame?
- A . 72 hours
- B . 2 weeks
- C . 1 week
- D . 48 hours
When migrating to a cloud environment, which of the following should be the PRIMARY driver for the use of encryption?
- A . Cloud Service Provider encryption capabilities
- B . The presence of PII
- C . Organizational security policies
- D . Cost-benefit analysis
Latest CCAK Dumps Valid Version with 76 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
