ISACA CCAK Certificate of Cloud Auditing Knowledge Online Training
ISACA CCAK Online Training
The questions for CCAK were last updated at Nov 26,2024.
- Exam Code: CCAK
- Exam Name: Certificate of Cloud Auditing Knowledge
- Certification Provider: ISACA
- Latest update: Nov 26,2024
Which of the following data destruction methods is the MOST effective and efficient?
- A . Crypto-shredding
- B . Degaussing
- C . Multi-pass wipes
- D . Physical destruction
An organization is in the initial phases of cloud adoption. It is not very knowledgeable about cloud security and cloud shared responsibility models .
Which of the following approaches is BEST suited for such an organization to evaluate its cloud security?
- A . Use of an established standard/regulation to map controls and use as the audit criteria
- B . For efficiency reasons, use of its on-premises systems’ audit criteria to audit the cloud environment
- C . As this is the initial stage, the ISO/IEC 27001 certificate shared by the cloud service provider is sufficient for audit and compliance purposes.
- D . Development of the cloud security audit criteria based on its own internal audit test plans to ensure appropriate coverage
The Cloud Octagon Model was developed to support organizations:
- A . risk assessment methodology.
- B . risk treatment methodology.
- C . incident response methodology.
- D . incident detection methodology.
If the degree of verification for information shared with the auditor during an audit is low, the auditor should:
- A . reject the information as audit evidence.
- B . stop evaluating the requirement altogether and review other audit areas.
- C . delve deeper to obtain the required information to decide conclusively.
- D . use professional judgment to determine the degree of reliance that can be placed on the information as evidence.
Which of the following is an example of financial business impact?
- A . A hacker using a stolen administrator identity brings down the SaaS sales and marketing systems, resulting in the inability to process customer orders or manage customer relationships.
- B . While the breach was reported in a timely manner to the CEO, the CFO and CISO blamed each other in public, resulting in a loss of public confidence that led the board to replace all three.
- C . A DDoS attack renders the customer’s cloud inaccessible for 24 hours resulting in millions in lost sales.
- D . The cloud provider fails to report a breach of customer personal data from an unsecured server, resulting in GDPR fines of 10 million euro.
Which of the following defines the criteria designed by the American Institute of Certified Public Accountants (AICPA) to specify trusted services?
- A . Security, confidentiality, availability, privacy and processing integrity
- B . Security, applicability, availability, privacy and processing integrity
- C . Security, confidentiality, availability, privacy and trustworthiness
- D . Security, data integrity, availability, privacy and processing integrity
What aspect of SaaS functionality and operations would the cloud customer be responsible for and should be audited?
- A . Access controls
- B . Vulnerability management
- C . Source code reviews
- D . Patching
Which of the following are the three MAIN phases of the cloud controls matrix (CCM) mapping methodology?
- A . Plan –> Develop –> Release
- B . Deploy –> Monitor –> Audit
- C . Initiation –> Execution –> Monitoring and Controlling
- D . Preparation –> Execution –> Peer Review and Publication
When performing audits in relation to Business Continuity Management and Operational Resilience strategy, what would be the MOST critical aspect to audit in relation to the strategy of the cloud customer that should be formulated jointly with the cloud service provider?
- A . Validate if the strategy covers unavailability of all components required to operate the business-as-usual or in disrupted mode, in parts or total- when impacted by a disruption.
- B . Validate if the strategy covers all aspects of Business Continuity and Resilience planning, taking inputs from the assessed impact and risks, to consider activities for before, during, and after a disruption.
- C . Validate if the strategy covers all activities required to continue and recover prioritized activities within identified time frames and agreed capacity, aligned to the risk appetite of the organization including the invocation of continuity plans and crisis management capabilities.
- D . Validate if the strategy is developed by both cloud service providers and cloud service consumers within the acceptable limits of their risk appetite.
With regard to the Cloud Control Matrix (CCM), the ‘Architectural Relevance’ is a feature that enables the filtering of security controls by:
- A . relevant architecture frameworks such as the NIST Enterprise Architecture Model, the Federal Enterprise Architecture Framework (FEAF), The Open Group Architecture Framework (TOGAF), and the Zachman Framework for Enterprise Architecture.
- B . relevant delivery models such as Software as a Service, Platform as a Service, Infrastructure as a Service.
- C . relevant architectural paradigms such as Client-Server, Mainframe, Peer-to-Peer, and SmartClient-Backend.
- D . relevant architectural components such as Physical, Network, Compute, Storage, Application, and Data.
Latest CCAK Dumps Valid Version with 76 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
