CCAK exam

Which of the following defines the criteria designed by the American Institute of Certified Public Accountants (AICPA) to specify trusted services?A . Security, confidentiality, availability, privacy and processing integrityB . Security, applicability, availability, privacy and processing integrityC . Security, confidentiality, availability, privacy and trustworthinessD . Security, data integrity, availability, privacy...

Which of the following CSP activities requires a client’s approval?A . Delete the guest account or test accountsB . Delete the master account or subscription owner accountsC . Delete the guest account or destroy test dataD . Delete the test accounts or destroy test dataView AnswerAnswer: D

To ensure that integration of security testing is implemented on large code sets in environments where time to completion is critical, what form of validation should an auditor expect?A . Parallel testingB . Full application stack unit testingC . Regression testingD . Functional verificationView AnswerAnswer: B Explanation: Reference: https://www.sciencedirect.com/topics/computer-science/black-box-testing

Which of the following should be the FIRST step to establish a cloud assurance program during a cloud migration?A . DesignB . Stakeholder identificationC . DevelopmentD . Risk assessmentView AnswerAnswer: C

One of the Cloud Control Matrix’s (CCM’s) control specifications states that “Independent reviews and assessments shall be performed at least annually to ensure that the organization addresses nonconformities of established policies, standards, procedures, and compliance obligations.” Which of the following controls under the Audit Assurance and Compliance domain does this...

Under GDPR, an organization should report a data breach within what time frame?A . 72 hoursB . 2 weeksC . 1 weekD . 48 hoursView AnswerAnswer: A Explanation: Reference: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/personal-data-breaches/

After finding a vulnerability in an internet-facing server of an organization, a cybersecurity criminal is able to access an encrypted file system and successfully manages to overwrite part of some files with random data. In reference to the Top Threats Analysis methodology, how would you categorize the technical impact of...

To ensure that cloud audit resources deliver the best value to the organization, the PRIMARY step would be to:A . develop a cloud audit plan on the basis of a detailed risk assessment.B . schedule the audits and monitor the time spent on each audit.C . train the cloud audit...

Which of the following is the risk associated with storing data in a cloud that crosses jurisdictions?A . Compliance riskB . Provider administration riskC . Audit riskD . Virtualization riskView AnswerAnswer: A Explanation: Reference: http://webcache.googleusercontent.com/search?q=cache:9OK2cQSAR3oJ:www.aph.gov.au/DocumentStore.ashx%3Fid%3D88403640-14b5-4c3e-8dd7-315bb5067ba4+&cd=1&hl=en&ct=clnk&gl=pk

An auditor is performing an audit on behalf of a cloud customer. For assessing security awareness, the auditor should:A . assess the existence and adequacy of a security awareness training program at the cloud service provider’s organization as the cloud customer hired the auditor to review and cloud service.B ....