ISACA CCAK Certificate of Cloud Auditing Knowledge Online Training
ISACA CCAK Online Training
The questions for CCAK were last updated at Nov 22,2024.
- Exam Code: CCAK
- Exam Name: Certificate of Cloud Auditing Knowledge
- Certification Provider: ISACA
- Latest update: Nov 22,2024
Which of the following is the BEST recommendation to offer an organization’s HR department planning to adopt a new public SaaS application to ease the recruiting process?
- A . Ensure HIPAA compliance
- B . Implement a cloud access security broker
- C . Consult the legal department
- D . Do not allow data to be in cleratext
Which of the following configuration change controls is acceptable to a cloud auditor?
- A . Development, test and production are hosted in the same network environment.
- B . Programmers have permanent access to production software.
- C . The Head of Development approves changes requested to production.
- D . Programmers cannot make uncontrolled changes to the source code production version.
What type of termination occurs at the initiative of one party, and without the fault of the other party?
- A . Termination for cause
- B . Termination for convenience
- C . Termination at the end of the term
- D . Termination without the fault
Which of the following is MOST important to consider when developing an effective threat model during the introduction of a new SaaS service into a customer organization’s architecture? The threat model:
- A . recognizes the shared responsibility for risk management between the customer and the CSP.
- B . leverages SaaS threat models developed by peer organizations.
- C . is developed by an independent third-party with expertise in the organization’s industry sector.
- D . considers the loss of visibility and control from transitioning to the cloud.
To ensure that integration of security testing is implemented on large code sets in environments where time to completion is critical, what form of validation should an auditor expect?
- A . Parallel testing
- B . Full application stack unit testing
- C . Regression testing
- D . Functional verification
Which of the following would be considered as a factor to trust in a cloud service provider?
- A . The level of exposure for public information
- B . The level of proved technical skills
- C . The level of willingness to cooperate
- D . The level of open source evidence available
An auditor is performing an audit on behalf of a cloud customer.
For assessing security awareness, the auditor should:
- A . assess the existence and adequacy of a security awareness training program at the cloud service provider’s organization as the cloud customer hired the auditor to review and cloud service.
- B . assess the existence and adequacy of a security awareness training program at both the cloud customer’s organization and the cloud service provider’s organization.
- C . assess the existence and adequacy of a security awareness training program at the cloud customer’s organization as they hired the auditor.
- D . not assess the security awareness training program as it is each organization’s responsibility
While performing the audit, the auditor found that an object storage bucket containing PII could be accessed by anyone on the Internet.
Given this discovery, what should be the most appropriate action for the auditor to perform?
- A . Highlighting the gap to the audit sponsor at the sponsor’s earliest possible availability
- B . Asking the organization’s cloud administrator to immediately close the gap by updating the configuration settings and making the object storage bucket private and hence inaccessible from the Internet
- C . Documenting the finding in the audit report and sharing the gap with the relevant stakeholders
- D . Informing the organization’s internal audit manager immediately about the gap
An organization that is utilizing a community cloud is contracting an auditor to conduct a review on behalf of the group of organizations within the cloud community.
From the following, to whom should the auditor report the findings?
- A . Public
- B . Management of organization being audited
- C . Shareholders/interested parties
- D . Cloud service provider
Which of the following standards is designed to be used by organizations for cloud services that intend to select controls within the process of implementing an Information Security Management System based on ISO/IEC 27001?
- A . ISO/IEC 27017:2015
- B . CSA Cloud Control Matrix (CCM)
- C . NIST SP 800-146
- D . ISO/IEC 27002
Latest CCAK Dumps Valid Version with 76 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
