CCAK exam

An organization that is utilizing a community cloud is contracting an auditor to conduct a review on behalf of the group of organizations within the cloud community. From the following, to whom should the auditor report the findings?A . PublicB . Management of organization being auditedC . Shareholders/interested partiesD ....

In the context of Infrastructure as a Service (IaaS), a vulnerability assessment will scan virtual machines to identify vulnerabilities in:A . both operating system and application infrastructure contained within the CSP’s instances.B . both operating system and application infrastructure contained within the customer’s instancesC . only application infrastructure contained within...

Which of the following contract terms is necessary to meet a company’s requirement that needs to move data from one CSP to another?A . Drag and DropB . Lift and shiftC . Flexibility to moveD . Transition and data portabilityView AnswerAnswer: D Explanation: Reference: https://www.isaca.org/resources/isaca-journal/past-issues/2014/data-owners-responsibilities-when-migrating-to-the-cloud

Which of the following data destruction methods is the MOST effective and efficient?A . Crypto-shreddingB . DegaussingC . Multi-pass wipesD . Physical destructionView AnswerAnswer: B

The Cloud Octagon Model was developed to support organizations:A . risk assessment methodology.B . risk treatment methodology.C . incident response methodology.D . incident detection methodology.View AnswerAnswer: A

A large organization with subsidiaries in multiple locations has a business requirement to organize IT systems to have identified resources reside in particular locations with organizational personnel . Which access control method will allow IT personnel to be segregated across the various locations?A . Role Based Access ControlB . Attribute...

Which of the following configuration change controls is acceptable to a cloud auditor?A . Development, test and production are hosted in the same network environment.B . Programmers have permanent access to production software.C . The Head of Development approves changes requested to production.D . Programmers cannot make uncontrolled changes to...

Which of the following controls framework should the cloud customer use to assess the overall security risk of a cloud provider?A . SOC3 - Type2B . Cloud Control Matrix (CCM)C . SOC2 - Type1D . SOC1 - Type1View AnswerAnswer: C Explanation: Reference: https://www.isaca.org/resources/news-and-trends/newsletters/atisaca/2021/volume-22/preventing-the-next-cybersecurity-attack-with-effective-cloud-security-audits

Which of the following parties should have accountability for cloud compliance requirements?A . CustomerB . Equally shared between customer and providerC . ProviderD . Either customer or provider, depending on requirementsView AnswerAnswer: B

The MOST critical concept of managing the build and test of code in DevOps is:A . continuous build.B . continuous delivery.C . continuous deployment.D . continuous integration.View AnswerAnswer: B Explanation: Reference: https://smartbear.com/blog/devops-testing-strategy-best-practices-tools/