ISACA CCAK Certificate of Cloud Auditing Knowledge Online Training
ISACA CCAK Online Training
The questions for CCAK were last updated at Nov 26,2024.
- Exam Code: CCAK
- Exam Name: Certificate of Cloud Auditing Knowledge
- Certification Provider: ISACA
- Latest update: Nov 26,2024
Which of the following contract terms is necessary to meet a company’s requirement that needs to move data from one CSP to another?
- A . Drag and Drop
- B . Lift and shift
- C . Flexibility to move
- D . Transition and data portability
Which plan will guide an organization on how to react to a security incident that might occur on the organization’s systems, or that might be affecting one of their service providers?
- A . Incident Response Plans
- B . Security Incident Plans
- C . Unexpected Event Plans
- D . Emergency Incident Plans
You have been assigned the implementation of an ISMS, whose scope must cover both on premise and cloud infrastructure .
Which of the following is your BEST option?
- A . Implement ISO/IEC 27002 and complement it with additional controls from the CCM.
- B . Implement ISO/IEC 27001 and complement it with additional controls from ISO/IEC 27017.
- C . Implement ISO/IEC 27001 and complement it with additional controls from ISO/IEC 27002.
- D . Implement ISO/IEC 27001 and complement it with additional controls from the NIST SP 800-145.
Which of the following should be the FIRST step to establish a cloud assurance program during a cloud migration?
- A . Design
- B . Stakeholder identification
- C . Development
- D . Risk assessment
Which of the following approaches encompasses social engineering of staff, bypassing of physical access controls and penetration testing?
- A . Blue team
- B . White box
- C . Gray box
- D . Red team
One of the Cloud Control Matrix’s (CCM’s) control specifications states that “Independent reviews and assessments shall be performed at least annually to ensure that the organization addresses nonconformities of established policies, standards, procedures, and compliance obligations.”
Which of the following controls under the Audit Assurance and Compliance domain does this match to?
- A . Audit planning
- B . Information system and regulatory mapping
- C . GDPR auditing
- D . Independent audits
What areas should be reviewed when auditing a public cloud?
- A . Patching, source code reviews, hypervisor, access controls
- B . Identity and access management, data protection
- C . Patching, configuration, hypervisor, backups
- D . Vulnerability management, cyber security reviews, patching
In all three cloud deployment models, (IaaS, PaaS, and SaaS), who is responsible for the patching of the hypervisor layer?
- A . Cloud service customer
- B . Shared responsibility
- C . Cloud service provider
- D . Patching on hypervisor layer is not required
Which of the following is a corrective control that may be identified in a SaaS service provider?
- A . Log monitoring
- B . Penetration testing
- C . Incident response plans
- D . Vulnerability scan
A large organization with subsidiaries in multiple locations has a business requirement to organize IT systems to have identified resources reside in particular locations with organizational personnel .
Which access control method will allow IT personnel to be segregated across the various locations?
- A . Role Based Access Control
- B . Attribute Based Access Control
- C . Policy Based Access Control
- D . Rule Based Access Control
Latest CCAK Dumps Valid Version with 76 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
