CCAK exam

The Open Certification Framework is structured on three levels of trust. Those three levels of trust are:A . CSA STAR Self-Assessment, STAR Certification & Attestation (Third-party Assessment), STAR ComplianceB . CSA STAR Audit, STAR Certification & Attestation (Third-party Assessment), STAR ContinuousC . CSA STAR Self-Assessment, STAR Certification & Attestation (Third-party...

Supply chain agreements between CSP and cloud customers should, at minimum, include:A . Organization chart of the CSPB . Policies and procedures of the cloud customerC . Audits, assessments and independent verification of compliance certifications with agreement termsD . Regulatory guidelines impacting the cloud customerView AnswerAnswer: C Explanation: Reference: https://searchitchannel.techtarget.com/definition/cloud-service-provider-cloud-provider

In which control should a cloud service provider, upon request, inform customers of compliance impact and risk, especially if customer data is used as part of the services?A . Service Provider controlB . Impact and Risk controlC . Data Inventory controlD . Compliance controlView AnswerAnswer: A Explanation: Reference: https://rmas.fad.harvard.edu/cloud-service-providers

Your company is purchasing an application from a vendor. They do not allow you to perform an on-site audit on their information system. However, they say, they will provide the third-party audit attestation on the adequate control design within their environment. Which report is the vendor providing you?A . SOC...

When performing audits in relation to Business Continuity Management and Operational Resilience strategy, what would be the MOST critical aspect to audit in relation to the strategy of the cloud customer that should be formulated jointly with the cloud service provider?A . Validate if the strategy covers unavailability of all...

The criteria for limiting services allowing non-critical services or services requiring high availability and resilience to be moved to the cloud is an important consideration to be included PRIMARILY in the:A . risk management policy.B . cloud policy.C . business continuity plan.D . information security standard for cloud technologies.View AnswerAnswer:...

The Cloud Octagon Model was developed to support organizations:A . risk assessment methodology.B . risk treatment methodology.C . incident response methodology.D . incident detection methodology.View AnswerAnswer: A

An organization is in the initial phases of cloud adoption. It is not very knowledgeable about cloud security and cloud shared responsibility models. Which of the following approaches is BEST suited for such an organization to evaluate its cloud security?A . Use of an established standard/regulation to map controls and...

What areas should be reviewed when auditing a public cloud?A . Patching, source code reviews, hypervisor, access controlsB . Identity and access management, data protectionC . Patching, configuration, hypervisor, backupsD . Vulnerability management, cyber security reviews, patchingView AnswerAnswer: B

Which of the following would be the MOST critical finding of an application security and DevOps audit?A . The organization is not using a unified framework to integrate cloud compliance with regulatory requirements.B . Application architecture and configurations did not consider security measures.C . Outsourced cloud service interruption, breach or...