CCAK exam

An organization that is utilizing a community cloud is contracting an auditor to conduct a review on behalf of the group of organizations within the cloud community. Of the following, to whom should the auditor report the findings?A . Management of the organization being auditedB . Shareholders and interested partiesC...

When applying the Top Threats Analysis methodology following an incident, what is the scope of the technical impact identification step?A . Determine the impact on confidentiality, integrity, and availability of the information system.B . Determine the impact on the physical and environmental security of the organization, excluding informational assets.C ....

A contract containing the phrase "You automatically consent to these terms by using or logging into the service to which they pertain" is establishing a contract of:A . exclusivity.B . adhesion.C . execution.D . exclusion.View AnswerAnswer: B Explanation: A contract containing the phrase “You automatically consent to these terms by...

It is MOST important for an auditor to be aware that an inventory of assets within a cloud environment:A . should be mapped only if discovered during the audit.B . is not fundamental for the security management program, as this is a cloud service.C . can be a misleading source...

Which of the following is the MOST relevant question in the cloud compliance program design phase?A . Who owns the cloud services strategy?B . Who owns the cloud strategy?C . Who owns the cloud governance strategy?D . Who owns the cloud portfolio strategy?View AnswerAnswer: C Explanation: The most relevant question...

Which of the following is the PRIMARY component to determine the success or failure of an organization’s cloud compliance program?A . Defining the metrics and indicators to monitor the implementation of the compliance programB . Determining the risk treatment options to be used in the compliance programC . Mapping who...

Which of the following would be the MOST critical finding of an application security and DevOps audit?A . Certifications with global security standards specific to cloud are not reviewed, and the impact of noted findings are not assessed.B . Application architecture and configurations did not consider security measures.C . Outsourced...

The MOST important factor to consider when implementing cloud-related controls is the:A . shared responsibility model.B . effectiveness of the controls.C . risk reporting.D . risk ownershipView AnswerAnswer: A Explanation: The most important factor to consider when implementing cloud-related controls is the shared responsibility model. The shared responsibility model is...

The MAIN limitation of relying on traditional cloud compliance assurance approaches such as SOC2 attestations is that:A . they can only be performed by skilled cloud audit service providers.B . they are subject to change when the regulatory climate changes.C . they provide a point-in-time snapshot of an organization's compliance...

Which of the following is the MOST important audit scope document when conducting a review of a cloud service provider?A . Documentation criteria for the audit evidenceB . Testing procedure to be performedC . Processes and systems to be auditedD . Updated audit work programView AnswerAnswer: C Explanation: The most...