CCAK exam

Which of the following is a cloud-specific security standard?A . 15027017B . 15014001C . 15022301D . 15027701View AnswerAnswer: A Explanation: ISO/IEC 15027017 is a cloud-specific security standard that provides guidelines for information security controls applicable to the provision and use of cloud services. It is based on ISO/IEC 27002, which...

To support a customer's verification of the cloud service provider claims regarding its responsibilities according to the shared responsibility model, which of the following tools and techniques is appropriate?A . External auditB . Internal auditC . Contractual agreementD . Security assessmentView AnswerAnswer: A Explanation: An external audit is an appropriate...

Which of the following can be used to determine whether access keys are stored in the source code or any other configuration files during development?A . Static code reviewB . Dynamic code reviewC . Vulnerability scanningD . Credential scanningView AnswerAnswer: D Explanation: Credential scanning is a technique that can be...

Which of the following is the GREATEST risk associated with hidden interdependencies between cloud services?A . The IT department does not clearly articulate the cloud to the organization.B . There is a lack of visibility over the cloud service providers' supply chain.C . Customers do not understand cloud technologies in...

The PRIMARY objective for an auditor to understand the organization's context for a cloud audit is to:A . determine whether the organization has carried out control self-assessment (CSA) and validated audit reports of the cloud service providers.B . validate an understanding of the organization's current state and how the cloud...

Which of the following is the reason for designing the Consensus Assessments Initiative Questionnaire (CAIQ)?A . Cloud service providers need the CAIQ to improve quality of customer service.B . Cloud service providers can document their security and compliance controls.C . Cloud service providers can document roles and responsibilities for cloud...

An auditor identifies that a cloud service provider received multiple customer inquiries and requests for proposal (RFPs) during the last month. Which of the following What should be the BEST recommendation to reduce the provider’s burden?A . The provider can answer each customer individually.B . The provider can direct all...

When developing a cloud compliance program, what is the PRIMARY reason for a cloud customerA . To determine the total cost of the cloud services to be deployedB . To confirm whether the compensating controls implemented are sufficient for the cloud servicesC . To determine how those services will fit...

The MOST critical concept for managing the building and testing of code in DevOps is:A . continuous build.B . continuous delivery.C . continuous integration.D . continuous deployment.View AnswerAnswer: C Explanation: Continuous integration (CI) is the most critical concept for managing the building and testing of code in DevOps. CI is...

Which of the following is the BEST tool to perform cloud security control audits?A . Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM)B . General Data Protection Regulation (GDPR)C . Federal Information Processing Standard (FIPS) 140-2D . ISO 27001View AnswerAnswer: A Explanation: The CSA Cloud Controls Matrix (CCM) is the...