CCAK exam

Customer management interface, if compromised over public internet, can lead to:A . customer’s computing and data compromise.B . access to the RAM of neighboring cloud computer.C . ease of acquisition of cloud services.D . incomplete wiping of the data.View AnswerAnswer: A

A cloud customer configured and developed a solution on top of the certified cloud services. Building on top of a compliant CSP:A . means that the cloud customer is also compliant.B . means that the cloud customer and client are both compliant.C . means that the cloud customer is compliant...

Which of the following quantitative measures is KEY for an auditor to review when assessing the implementation of continuous auditing of performance on a cloud system?A . Service Level Objective (SLO)B . Recovery Point Objectives (RPO)C . Service Level Agreement (SLA)D . Recovery Time Objectives (RTO)View AnswerAnswer: C

Which of the following metrics are frequently immature?A . Metrics around Infrastructure as a Service (IaaS) storage and network environmentsB . Metrics around Platform as a Service (PaaS) development environmentsC . Metrics around Infrastructure as a Service (IaaS) computing environmentsD . Metrics around specific Software as a Service (SaaS) application...

Which of the following attestation allows for immediate adoption of the Cloud Control Matrix (CCM) as additional criteria to AICPA Trust Service Criteria and provides the flexibility to update the criteria as technology and market requirements change?A . PC-IDSSB . CSA STAR AttestationC . MTCSD . BSI Criteria Catalogue C5View...

Which of the following BEST ensures adequate restriction on the number of people who can access the pipeline production environment?A . Ensuring segregation of duties in the production and development pipelines.B . Role-based access controls in the production and development pipelines.C . Separation of production and development pipelines.D . Periodic...

Which of the following would be considered as a factor to trust in a cloud service provider?A . The level of exposure for public informationB . The level of proved technical skillsC . The level of willingness to cooperateD . The level of open source evidence availableView AnswerAnswer: C

Which of the following is the risk associated with storing data in a cloud that crosses jurisdictions?A . Compliance riskB . Provider administration riskC . Audit riskD . Virtualization riskView AnswerAnswer: A Explanation: Reference: http://webcache.googleusercontent.com/search?q=cache:9OK2cQSAR3oJ:www.aph.gov.au/DocumentStore.ashx%3Fid%3D88403640-14b5-4c3e-8dd7-315bb5067ba4+&cd=1&hl=en&ct=clnk&gl=pk

Which of the following is an example of integrity technical impact?A . The cloud provider reports a breach of customer personal data from an unsecured server.B . A hacker using a stolen administrator identity alerts the discount percentage in the product database.C . A DDoS attack renders the customer’s cloud...

Which of the following is an example of financial business impact?A . A hacker using a stolen administrator identity brings down the SaaS sales and marketing systems, resulting in the inability to process customer orders or manage customer relationships.B . While the breach was reported in a timely manner to...