CCAK exam

The FINAL decision to include a material finding in a cloud audit report should be made by the:A . auditee's senior management.B . organization's chief executive officer (CEO).C . cloud auditor.D . organization's chief information security officer (CISO)View AnswerAnswer: C Explanation: According to the ISACA Cloud Auditing Knowledge Certificate Study...

Which of the following has the MOST substantial impact on how aggressive or conservative the cloud approach of an organization will be?A . Applicable laws and regulationsB . Internal policies and technical standardsC . Risk scoring criteriaD . Risk appetite and budget constraintsView AnswerAnswer: D Explanation: Risk appetite and budget...

Supply chain agreements between a cloud service provider and cloud customers should, at a minimum, include:A . regulatory guidelines impacting the cloud customer.B . audits, assessments, and independent verification of compliance certifications with agreement terms.C . the organizational chart of the provider.D . policies and procedures of the cloud customerView...

A cloud service provider utilizes services of other service providers for its cloud service. Which of the following is the BEST approach for the auditor while performing the audit for the cloud service?A . The auditor should review the service providers' security controls even more strictly, as they are further...

An organization that is utilizing a community cloud is contracting an auditor to conduct a review on behalf of the group of organizations within the cloud community. Of the following, to whom should the auditor report the findings?A . Management of the organization being auditedB . Shareholders and interested partiesC...

When applying the Top Threats Analysis methodology following an incident, what is the scope of the technical impact identification step?A . Determine the impact on confidentiality, integrity, and availability of the information system.B . Determine the impact on the physical and environmental security of the organization, excluding informational assets.C ....

A contract containing the phrase "You automatically consent to these terms by using or logging into the service to which they pertain" is establishing a contract of:A . exclusivity.B . adhesion.C . execution.D . exclusion.View AnswerAnswer: B Explanation: A contract containing the phrase “You automatically consent to these terms by...

It is MOST important for an auditor to be aware that an inventory of assets within a cloud environment:A . should be mapped only if discovered during the audit.B . is not fundamental for the security management program, as this is a cloud service.C . can be a misleading source...

Which of the following is the MOST relevant question in the cloud compliance program design phase?A . Who owns the cloud services strategy?B . Who owns the cloud strategy?C . Who owns the cloud governance strategy?D . Who owns the cloud portfolio strategy?View AnswerAnswer: C Explanation: The most relevant question...

Which of the following is the PRIMARY component to determine the success or failure of an organization’s cloud compliance program?A . Defining the metrics and indicators to monitor the implementation of the compliance programB . Determining the risk treatment options to be used in the compliance programC . Mapping who...