2022 100% Free CCAK Daily Practice Exam With 128 Questions [Q16-Q36]

Share

2022 100% Free CCAK Daily Practice Exam With 128 Questions

CCAK exam torrent ISACA study guide


What is the Isaca CCAK Exam?

The Isaca CCAK (Certified Cloud Auditor Knowledge) exam is a globally recognized, cloud computing industry certification that validates the knowledge and skills of professionals who audit cloud computing environments. The CCAK certification is suitable for auditors and other people involved in cloud computing risk assessment, implementation, operations and security. This includes information security professionals and practitioners such as CISOs, IT auditors, IT managers and IT staff. The CCAK exam focuses on the fundamental concepts of cloud computing, including the business drivers and technical characteristics; existing and emerging standards; service models; risks and vulnerabilities; controls, policies and procedures; governance frameworks; security assessment techniques; strategies for control implementation; use cases for various vertical industries; intellectual property rights management protections; legal implications of cloud computing; application of risk management frameworks for cloud computing. Easy actual update of the content material. CCAK Dumps is written to be simple to be administered, with no extra time-consuming studying and a minimum of note-taking, so that the reader can benefit from the actual-time, on-the-spot, hands-on examples and experiences.

 

NEW QUESTION 16
In which type of environment is it impractical to allow the customer to conduct their own audit, making it important that the data center operators are required to provide auditing for the customers?

  • A. Multi-tenant environments
  • B. Distributed computing arrangements
  • C. Multi-application, single tenant environments
  • D. Long distance relationships
  • E. Single tenantenvironments

Answer: A

 

NEW QUESTION 17
Which of the following would be the GREATEST governance challenge to an organization where production is hosted in a public cloud and backups are held on the premises?

  • A. Aligning shared responsibilities between provider and customer
  • B. Aligning the cloud provider's SLA with the organization's policy
  • C. Aligning the cloud service delivery with the organization's objective
  • D. Aligning the organization's activity with the cloud provider's policy

Answer: C

 

NEW QUESTION 18
A CSP providing cloud services currently being used by the United States federal government should obtain which of the following to assure compliance to stringent government standards?

  • A. CSA STAR Level Certificate
  • B. FedRAMP Authorization
  • C. Multi-Tier Cloud Security (MTCS) Attestation
  • D. ISO/IEC 27001:2013 Certification

Answer: B

 

NEW QUESTION 19
Which of the following should be the FIRST step to establish a cloud assurance program during a cloud migration?

  • A. Stakeholder identification
  • B. Design
  • C. Risk assessment
  • D. Development

Answer: D

 

NEW QUESTION 20
The Open Certification Framework is structured on three levels of trust. Those three levels of trust are:

  • A. CSA STAR Self-Assessment, STAR Certification & Attestation (Third-party Assessment), STAR Compliance
  • B. CSA STAR Self-Assessment, STAR Certification & Attestation (Third-party Assessment), STAR Continuous
  • C. CSA STAR Audit, STAR Certification & Attestation (Third-party Assessment), STAR Continuous
  • D. CSA STAR Self-Assessment, STAR Certification & Attestation (Third-party Assessment), STAR Monitoring and Control

Answer: B

 

NEW QUESTION 21
Due to cloud audit team resource constraints, an audit plan as initially approved cannot be completed. Assuming that the situation is communicated in the cloud audit report which course of action is MOST relevant?

  • A. Relying on management testing of cloud controls
  • B. Testing the adequacy of cloud controls design
  • C. Testing the operational effectiveness of cloud controls
  • D. Focusing on auditing high-risk areas

Answer: D

 

NEW QUESTION 22
During a review, an IS auditor notes that an organization's marketing department has purchased a cloud-based software application without following the procurement process. What should the auditor do FIRST?

  • A. Review the business impact analysis (BIA).
  • B. Escalate to senior management.
  • C. Perform a risk analysis.
  • D. Review the procurement process.

Answer: C

 

NEW QUESTION 23
What should be the auditor's PRIMARY objective while examining a cloud service provider's (CSP's) SLA?

  • A. Verifying whether the SLA caters to the availability requirements of the cloud service customer (CSC)
  • B. Verifying whether the SLAs are well-defined and measurable
  • C. Verifying whether the SLA includes all the operational matters which are material to the operation of the service
  • D. Verifying whether commensurate compensation in the form of service credits is factored in if the CSC is unable to match its SLA obligations

Answer: A

 

NEW QUESTION 24
If the degree of verification for information shared with the auditor during an audit is low, the auditor should:

  • A. stop evaluating the requirement altogether and review other audit areas.
  • B. delve deeper to obtain the required information to decide conclusively.
  • C. reject the information as audit evidence.
  • D. use professional judgment to determine the degree of reliance that can be placed on the information as evidence.

Answer: D

 

NEW QUESTION 25
As a developer building codes into a container in a DevSecOps environment, which of the following is the appropriate place(s) to perform security tests?

  • A. Within the CI/CD server
  • B. Within developer's laptop
  • C. Within version repositories
  • D. Within the CI/CD pipeline

Answer: D

 

NEW QUESTION 26
To qualify for CSA STAR attestation for a particular cloud system, the SOC 2 report must cover:

  • A. maturity model criteria.
  • B. all Cloud Control Matrix (CCM) controls and TSPC security principles.
  • C. ISO/IEC 27001: 2013 controls.
  • D. Cloud Control Matrix (CCM) and ISO/IEC 27001:2013 controls.

Answer: B

 

NEW QUESTION 27
Which of the following CSP activities requires a client's approval?

  • A. Delete the guest account or destroy test data
  • B. Delete the guest account or test accounts
  • C. Delete the test accounts or destroy test data
  • D. Delete the master account or subscription owner accounts

Answer: C

 

NEW QUESTION 28
What areas should be reviewed when auditing a public cloud?

  • A. Identity and access management, data protection
  • B. Patching, source code reviews, hypervisor, access controls
  • C. Vulnerability management, cyber security reviews, patching
  • D. Patching, configuration, hypervisor, backups

Answer: A

 

NEW QUESTION 29
How is encryption managed on multi-tenant storage?

  • A. Multiple keys per data owner
  • B. The answer could be A, B, or C depending on the provider
  • C. C for data subject to the EU Data Protection Directive; B for all others
  • D. Single key for all data owners
  • E. One key per data owner

Answer: E

 

NEW QUESTION 30
Which of the following is the BEST control framework for a European manufacturing corporation that is migrating to the cloud?

  • A. CSA's GDPR CoC
  • B. PCI-DSS
  • C. NIST SP 800-53
  • D. EU GDPR

Answer: D

 

NEW QUESTION 31
Which of the following would be a logical starting point for an auditor who has been engaged to assess the security of an organization's DevOps pipeline?

  • A. Verify separation of development and production pipelines.
  • B. Review the CI/CD pipeline audit logs.
  • C. Conduct an architectural assessment.
  • D. Verify the inclusion of security gates in the pipeline.

Answer: B

 

NEW QUESTION 32
What aspect of SaaS functionality and operations would the cloud customer be responsible for and should be audited?

  • A. Access controls
  • B. Source code reviews
  • C. Vulnerability management
  • D. Patching

Answer: A

 

NEW QUESTION 33
An organization has an ISMS implemented, following ISO 27001 and Annex A controls. The CIO would like to migrate some of the infrastructure to the cloud. Which of the following standards would BEST assist in identifying controls to consider for this migration?

  • A. ISO/IEC 22301
  • B. ISO/IEC 27002
  • C. ISO/IEC 27701
  • D. ISO/IEC 27017

Answer: D

Explanation:
Explanation
ISO/IEC 27017 standard defines the requirements for an information security management system (ISMS).
Note that the entire organization is not necessarily affected by the standard, because it all depends on the scope of the ISMS. The scope could be limited by the provider to one group within an organization, and there is no guarantee that any group outside of the scope has appropriate ISMSs in place. It is up to the auditor to verify that the scope of the engagement is "fit for purpose." As the customer, you are responsible for determining whether the scope of the certification is relevant for your purposes.

 

NEW QUESTION 34
When performing audits in relation to Business Continuity Management and Operational Resilience strategy, what would be the MOST critical aspect to audit in relation to the strategy of the cloud customer that should be formulated jointly with the cloud service provider?

  • A. Validate if the strategy covers unavailability of all components required to operate the business-as-usual or in disrupted mode, in parts or total- when impacted by a disruption.
  • B. Validate if the strategy covers all activities required to continue and recover prioritized activities within identified time frames and agreed capacity, aligned to the risk appetite of the organization including the invocation of continuity plans and crisis management capabilities.
  • C. Validate if the strategy covers all aspects of Business Continuity and Resilience planning, taking inputs from the assessed impact and risks, to consider activities for before, during, and after a disruption.
  • D. Validate if the strategy is developed by both cloud service providers and cloud service consumers within the acceptable limits of their risk appetite.

Answer: C

 

NEW QUESTION 35
ENISA: Lock-in is ranked as a high risk in ENISA research, a key underlying vulnerability causing lock in is:

  • A. Lack of completeness and transparency in terms of use
  • B. No source escrow agreement
  • C. Lack of information onjurisdictions
  • D. Unclear asset ownership
  • E. Audit or certification not available to customers

Answer: A

 

NEW QUESTION 36
......

Use Valid New CCAK Test Notes & CCAK Valid Exam Guide: https://www.testpassking.com/CCAK-exam-testking-pass.html

CCAK Actual Questions Answers PDF 100% Cover Real Exam Questions: https://drive.google.com/open?id=1a3IZAAFfK0CobuWxiSj6ZGdjgCtFR0OO