CCAK exam

Which of the following is the risk associated with storing data in a cloud that crosses jurisdictions?A . Compliance riskB . Provider administration riskC . Audit riskD . Virtualization riskView AnswerAnswer: A Explanation: Reference: http://webcache.googleusercontent.com/search?q=cache:9OK2cQSAR3oJ:www.aph.gov.au/DocumentStore.ashx%3Fid%3D88403640-14b5-4c3e-8dd7-315bb5067ba4+&cd=1&hl=en&ct=clnk&gl=pk

An auditor is performing an audit on behalf of a cloud customer. For assessing security awareness, the auditor should:A . assess the existence and adequacy of a security awareness training program at the cloud service provider’s organization as the cloud customer hired the auditor to review and cloud service.B ....

An independent contractor is assessing security maturity of a SaaS company against industry standards. The SaaS company has developed and hosted all their products using the cloud services provided by a third-party cloud service provider (CSP) . What is the optimal and most efficient mechanism to assess the controls CSP...

What type of termination occurs at the initiative of one party, and without the fault of the other party?A . Termination for causeB . Termination for convenienceC . Termination at the end of the termD . Termination without the faultView AnswerAnswer: C

Which of the following are the three MAIN phases of the cloud controls matrix (CCM) mapping methodology?A . Plan --> Develop --> ReleaseB . Deploy --> Monitor --> AuditC . Initiation --> Execution --> Monitoring and ControllingD . Preparation --> Execution --> Peer Review and PublicationView AnswerAnswer: D Explanation: Reference:...

When performing audits in relation to Business Continuity Management and Operational Resilience strategy, what would be the MOST critical aspect to audit in relation to the strategy of the cloud customer that should be formulated jointly with the cloud service provider?A . Validate if the strategy covers unavailability of all...

An organization is in the initial phases of cloud adoption. It is not very knowledgeable about cloud security and cloud shared responsibility models . Which of the following approaches is BEST suited for such an organization to evaluate its cloud security?A . Use of an established standard/regulation to map controls...

You have been assigned the implementation of an ISMS, whose scope must cover both on premise and cloud infrastructure . Which of the following is your BEST option?A . Implement ISO/IEC 27002 and complement it with additional controls from the CCC . Implement ISO/IEC 27001 and complement it with additional...

With regard to the Cloud Control Matrix (CCM), the ‘Architectural Relevance’ is a feature that enables the filtering of security controls by:A . relevant architecture frameworks such as the NIST Enterprise Architecture Model, the Federal Enterprise Architecture Framework (FEAF), The Open Group Architecture Framework (TOGAF), and the Zachman Framework for...

Which of the following is an example of integrity technical impact?A . The cloud provider reports a breach of customer personal data from an unsecured server.B . A hacker using a stolen administrator identity alerts the discount percentage in the product database.C . A DDoS attack renders the customer’s cloud...