CCAK exam

An independent contractor is assessing security maturity of a SaaS company against industry standards. The SaaS company has developed and hosted all their products using the cloud services provided by a third-party cloud service provider (CSP) . What is the optimal and most efficient mechanism to assess the controls CSP...

What type of termination occurs at the initiative of one party, and without the fault of the other party?A . Termination for causeB . Termination for convenienceC . Termination at the end of the termD . Termination without the faultView AnswerAnswer: C

Which of the following are the three MAIN phases of the cloud controls matrix (CCM) mapping methodology?A . Plan --> Develop --> ReleaseB . Deploy --> Monitor --> AuditC . Initiation --> Execution --> Monitoring and ControllingD . Preparation --> Execution --> Peer Review and PublicationView AnswerAnswer: D Explanation: Reference:...

When performing audits in relation to Business Continuity Management and Operational Resilience strategy, what would be the MOST critical aspect to audit in relation to the strategy of the cloud customer that should be formulated jointly with the cloud service provider?A . Validate if the strategy covers unavailability of all...

An organization is in the initial phases of cloud adoption. It is not very knowledgeable about cloud security and cloud shared responsibility models . Which of the following approaches is BEST suited for such an organization to evaluate its cloud security?A . Use of an established standard/regulation to map controls...

You have been assigned the implementation of an ISMS, whose scope must cover both on premise and cloud infrastructure . Which of the following is your BEST option?A . Implement ISO/IEC 27002 and complement it with additional controls from the CCC . Implement ISO/IEC 27001 and complement it with additional...

With regard to the Cloud Control Matrix (CCM), the ‘Architectural Relevance’ is a feature that enables the filtering of security controls by:A . relevant architecture frameworks such as the NIST Enterprise Architecture Model, the Federal Enterprise Architecture Framework (FEAF), The Open Group Architecture Framework (TOGAF), and the Zachman Framework for...

Which of the following is an example of integrity technical impact?A . The cloud provider reports a breach of customer personal data from an unsecured server.B . A hacker using a stolen administrator identity alerts the discount percentage in the product database.C . A DDoS attack renders the customer’s cloud...

Which of the following would be a logical starting point for an auditor who has been engaged to assess the security of an organization’s DevOps pipeline?A . Verify the inclusion of security gates in the pipeline.B . Conduct an architectural assessment.C . Review the CI/CD pipeline audit logs.D . Verify...

Which plan will guide an organization on how to react to a security incident that might occur on the organization’s systems, or that might be affecting one of their service providers?A . Incident Response PlansB . Security Incident PlansC . Unexpected Event PlansD . Emergency Incident PlansView AnswerAnswer: A