CCAK exam

An organization is in the initial phases of cloud adoption. It is not very knowledgeable about cloud security and cloud shared responsibility models . Which of the following approaches is BEST suited for such an organization to evaluate its cloud security?A . Use of an established standard/regulation to map controls...

You have been assigned the implementation of an ISMS, whose scope must cover both on premise and cloud infrastructure . Which of the following is your BEST option?A . Implement ISO/IEC 27002 and complement it with additional controls from the CCC . Implement ISO/IEC 27001 and complement it with additional...

With regard to the Cloud Control Matrix (CCM), the ‘Architectural Relevance’ is a feature that enables the filtering of security controls by:A . relevant architecture frameworks such as the NIST Enterprise Architecture Model, the Federal Enterprise Architecture Framework (FEAF), The Open Group Architecture Framework (TOGAF), and the Zachman Framework for...

Which of the following is an example of integrity technical impact?A . The cloud provider reports a breach of customer personal data from an unsecured server.B . A hacker using a stolen administrator identity alerts the discount percentage in the product database.C . A DDoS attack renders the customer’s cloud...

Which of the following would be a logical starting point for an auditor who has been engaged to assess the security of an organization’s DevOps pipeline?A . Verify the inclusion of security gates in the pipeline.B . Conduct an architectural assessment.C . Review the CI/CD pipeline audit logs.D . Verify...

Which plan will guide an organization on how to react to a security incident that might occur on the organization’s systems, or that might be affecting one of their service providers?A . Incident Response PlansB . Security Incident PlansC . Unexpected Event PlansD . Emergency Incident PlansView AnswerAnswer: A

An organization that is utilizing a community cloud is contracting an auditor to conduct a review on behalf of the group of organizations within the cloud community. From the following, to whom should the auditor report the findings?A . PublicB . Management of organization being auditedC . Shareholders/interested partiesD ....

In the context of Infrastructure as a Service (IaaS), a vulnerability assessment will scan virtual machines to identify vulnerabilities in:A . both operating system and application infrastructure contained within the CSP’s instances.B . both operating system and application infrastructure contained within the customer’s instancesC . only application infrastructure contained within...

Which of the following contract terms is necessary to meet a company’s requirement that needs to move data from one CSP to another?A . Drag and DropB . Lift and shiftC . Flexibility to moveD . Transition and data portabilityView AnswerAnswer: D Explanation: Reference: https://www.isaca.org/resources/isaca-journal/past-issues/2014/data-owners-responsibilities-when-migrating-to-the-cloud

Which of the following data destruction methods is the MOST effective and efficient?A . Crypto-shreddingB . DegaussingC . Multi-pass wipesD . Physical destructionView AnswerAnswer: B