CCAK exam

Which of the following are the three MAIN phases of the Cloud Controls Matrix (CCM) mapping methodology?A . Initiation ― Execution ― Monitoring and ControllingB . Plan - Develop - ReleaseC . Preparation ― Execution - Peer Review and PublicationView AnswerAnswer: C Explanation: The three main phases of the Cloud...

What does “The Egregious 11" refer to?A . The OWASP Top 10 adapted to cloud computingB . A list of top shortcomings of cloud computingC . A list of top breaches in cloud computingD . A list of top threats to cloud computingView AnswerAnswer: D Explanation: The Egregious 11 refers...

What aspect of Software as a Service (SaaS) functionality and operations would the cloud customer be responsible for and should be audited?A . Access controlsB . Vulnerability managementC . PatchingD . Source code reviewsView AnswerAnswer: A Explanation: According to the cloud shared responsibility model, the cloud customer is responsible for...

What areas should be reviewed when auditing a public cloud?A . Identity and access management (IAM) and data protectionB . Source code reviews and hypervisorC . Patching and configurationD . Vulnerability management and cyber security reviewsView AnswerAnswer: A Explanation: When auditing a public cloud, it is essential to review areas...

Organizations maintain mappings between the different control frameworks they adopt to:A . help identify controls with common assessment status.B . avoid duplication of work when assessing compliance,C . help identify controls with different assessment status.D . start a compliance assessment using the latest assessment.View AnswerAnswer: B Explanation: Organizations maintain mappings...

Which of the following processes should be performed FIRST to properly implement the NIST SP 800-53 r4 control framework in an organization?A . A selection of the security objectives the organization wants to improveB . A security categorization of the information systemsC . A comprehensive business impact analysis (BIA)D ....

Regarding cloud service provider agreements and contracts, unless otherwise stated, the provider is:A . responsible to the cloud customer and its clients.B . responsible only to the cloud customer.C . not responsible at all to any external parties.D . responsible to the cloud customer and its end usersView AnswerAnswer: B...

In a multi-level supply chain structure where cloud service provider A relies on other sub cloud services, the provider should ensure that any compliance requirements relevant to the provider are:A . passed to the sub cloud service providers based on the sub cloud service providers' geographic location.B . passed to...

To assist an organization with planning a cloud migration strategy to execution, an auditor should recommend the use of:A . enterprise architecture (EA).B . object-oriented architecture.C . service-oriented architecture.D . software architectureView AnswerAnswer: A Explanation: To assist an organization with planning a cloud migration strategy to execution, an auditor should...

An auditor examining a cloud service provider's service level agreement (SLA) should be MOST concerned about whether: A. the agreement includes any operational matters that are material to the service operations. B. the agreement excludes any sourcing and financial matters that are material in meeting the service level agreement (SLA)....