CCAK exam

What legal documents should be provided to the auditors in relation to risk management?A . Enterprise cloud strategy and policyB . Contracts and service level agreements (SLAs) of cloud service providersC . Policies and procedures established around third-party risk assessmentsD . Inventory of third-party attestation reportsView AnswerAnswer: B Explanation: Contracts...

Which of the following BEST ensures adequate restriction on the number of people who can access the pipeline production environment?A . Separation of production and development pipelinesB . Ensuring segregation of duties in the production and development pipelinesC . Role-based access controls in the production and development pipelinesD . Periodic...

A cloud service provider contracts for a penetration test to be conducted on its infrastructures. The auditor engages the target with no prior knowledge of its defenses, assets, or channels. The provider's security operation center is not notified in advance of the scope of the audit and the test vectors....

The CSA STAR Certification is based on criteria outlined the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) in addition to:A . ISO/IEC 27001 implementation.B . GB/T 22080-2008.C . SOC 2 Type 1 or 2 reports.D . GDPR CoC certification.View AnswerAnswer: A Explanation: The CSA STAR Certification is based on...

Which of the following is an example of financial business impact?A . A distributed denial of service (DDoS) attack renders the customer’s cloud inaccessible for 24 hours, resulting in millions in lost sales.B . A hacker using a stolen administrator identity brings down the Software of a Service (SaaS) sales...

The PRIMARY purpose of Open Certification Framework (OCF) for the CSA STAR program is to:A . facilitate an effective relationship between the cloud service provider and cloud client.B . enable the cloud service provider to prioritize resources to meet its own requirements.C . provide global, accredited, and trusted certification of...

An auditor wants to get information about the operating effectiveness of controls addressing privacy, availability, and confidentiality of a service organization. Which of the following can BEST help to gain the required information?A . ISAE 3402 reportB . ISO/IEC 27001 certificationC . SOC1 Type 1 reportD . SOC2 Type 2...

When an organization is using cloud services, the security responsibilities largely vary depending on the service delivery model used, while the accountability for compliance should remain with the:A . cloud user.B . cloud service provider. 0C . cloud customer.D . certification authority (CA)View AnswerAnswer: C Explanation: According to the ISACA...

Which of the following is an example of availability technical impact?A . The cloud provider reports a breach of customer personal data from an unsecured server.B . A hacker using a stolen administrator identity alters the discount percentage in the product database.C . A distributed denial of service (DDoS) attack...

During the planning phase of a cloud audit, the PRIMARY goal of a cloud auditor is to:A . specify appropriate tests.B . address audit objectives.C . minimize audit resources.D . collect sufficient evidence.View AnswerAnswer: B Explanation: According to the ISACA Cloud Auditing Knowledge Certificate Study Guide, the primary goal of...