
100% Passing Guarantee - Brilliant CCAK Exam Questions PDF [Nov-2021]
CCAK Dumps 2021 - NewISACA CCAK Exam Questions
NEW QUESTION 41
In an organization, how are policy violations MOST likely to occur?
- A. Deliberately
- B. Deliberately by the ISP
- C. By accident
- D. Deliberately by the cloud provider
Answer: C
NEW QUESTION 42
A CSP providing cloud services currently being used by the United States federal government should obtain which of the following to assure compliance to stringent government standards?
- A. CSA STAR Level Certificate
- B. ISO/IEC 27001:2013 Certification
- C. Multi-Tier Cloud Security (MTCS) Attestation
- D. FedRAMP Authorization
Answer: D
NEW QUESTION 43
Policies and procedures shall be established, and supporting business processes and technical measures implemented, for maintenance of several items ensuring continuity and availability of operations and support personnel. Which of the following controls BEST matches this control description?
- A. System Development Maintenance
- B. Operations Maintenance
- C. Equipment Maintenance
- D. System Maintenance
Answer: B
NEW QUESTION 44
Which of the following is a perceived advantage or disadvantage of managing enterprise risk for cloud deployments?
- A. Greater reliance on contracts, audits, and assessments due to lack of visibility or management.
- B. More physical control over assets and processes.
- C. None of the above.
- D. Increased need, but reduction in costs, for managing risks accepted by the cloud provider.
- E. Decreased requirement for proactive management of relationship and adherence to contracts.
Answer: A
NEW QUESTION 45
When a client's business process changes, the CSP SLA should:
- A. not be reviewed as the SLA cannot be updated.
- B. not be reviewed, but the cloud contract should be cancelled immediately.
- C. be reviewed and updated if required.
- D. be reviewed, but the SLA cannot be updated.
Answer: C
NEW QUESTION 46
Which of the following cloud deployment models would BEST meet the needs of a startup software development organization with limited initial capital?
- A. Private
- B. Hybrid
- C. Public
- D. Community
Answer: C
NEW QUESTION 47
An organization recently implemented a cloud document storage solution and removed the ability for end users to save data to their local workstation hard drives Which of the following findings should be the IS auditor's GREATEST concern?
- A. The business continuity plan (BCP) was not updated.
- B. Mobile devices are not encrypted.
- C. Users are not required to sign updated acceptable
- D. Users have not been trained on the new system.
Answer: A
NEW QUESTION 48
The rapid and dynamic rate of changes found in a cloud environment affects the organization's:
- A. risk appetite.
- B. risk communication.
- C. risk scoring.
- D. risk profile.
Answer: A
NEW QUESTION 49
Which of the following is an example of integrity technical impact?
- A. A DDoS attack renders the customer's cloud inaccessible for 24 hours.
- B. The cloud provider reports a breach of customer personal data from an unsecured server.
- C. An administrator inadvertently click on Phish bait exposing his company to a ransomware attack.
- D. A hacker using a stolen administrator identity alerts the discount percentage in the product database.
Answer: C
NEW QUESTION 50
Which of the following is a direct benefit of mapping the Cloud Control Matrix (CCM) to other international standards and regulations?
- A. CCM mapping enables an uninterrupted data flow and, in particular, the export of personal data across different jurisdictions.
- B. CCM mapping entitles cloud service providers to be listed as an approved supplier for tenders and government contracts.
- C. CCM mapping entitles cloud service providers to be certified under the CSA STAR program.
- D. CCM mapping enables cloud service providers and customers alike to streamline their own compliance and security efforts.
Answer: D
NEW QUESTION 51
CCM: In the CCM tool, ais a measure that modifies risk and includes any process, policy, device, practice or any other actions which modify risk.
- A. Risk Impact
- B. Control Specification
- C. Domain
Answer: B
NEW QUESTION 52
How can virtual machine communications bypass network security controls?
- A. Hypervisors depend upon multiple network interfaces
- B. VM images can contain rootkits programmed to bypass firewalls
- C. VM communications may use a virtual network on the same hardware host
- D. Most network security systems do not recognize encrypted VM traffic
- E. The guest OS can invoke stealth mode
Answer: C
NEW QUESTION 53
Which of the following is MOST important to consider when an organization is building a compliance program for the cloud?
- A. The rapidly changing service portfolio and architecture of the cloud.
- B. Cloud providers should not be part of the compliance program.
- C. The cloud is similar to the on-premise environment in terms of compliance.
- D. The fairly static nature of the service portfolio and architecture of the cloud.
Answer: A
NEW QUESTION 54
Supply chain agreements between CSP and cloud customers should, at minimum, include:
- A. Audits, assessments and independent verification of compliance certifications with agreement terms
- B. Regulatory guidelines impacting the cloud customer
- C. Policies and procedures of the cloud customer
- D. Organization chart of the CSP
Answer: A
NEW QUESTION 55
Which of the following would be the GREATEST governance challenge to an organization where production is hosted in a public cloud and backups are held on the premises?
- A. Aligning the cloud provider's SLA with the organization's policy
- B. Aligning shared responsibilities between provider and customer
- C. Aligning the cloud service delivery with the organization's objective
- D. Aligning the organization's activity with the cloud provider's policy
Answer: C
NEW QUESTION 56
A third-party service provider is hosting a private cloud for an organization. Which of the following findings during an audit of the provider poses the GREATEST risk to the organization?
- A. 5% of detected incidents exceeded the defined service level agreement (SLA) for escalation.
- B. Two different hypervisor versions are used due to the compatibility restrictions of some virtual machines.
- C. 2% of backups had to be rescheduled due to backup media failures.
- D. The organization's virtual machines share the same hypervisor with virtual machines of other clients.
Answer: D
NEW QUESTION 57
An IS department is evaluated monthly on its cost-revenue ratio user satisfaction rate, and computer downtime This is BEST zed as an application of.
- A. value chain analysis
- B. balanced scorecard
- C. control self-assessment (CSA)
- D. risk framework
Answer: B
NEW QUESTION 58
Which governance domain deals with evaluating how cloudcomputing affects compliance with internal security policies and various legal requirements, such as regulatory and legislative?
- A. Information Governance
- B. Compliance and Audit Management
- C. Legal Issues: Contracts and Electronic Discovery
- D. Infrastructure Security
- E. Governance and Enterprise Risk Management
Answer: B
NEW QUESTION 59
CCM: A hypothetical company called: "Health4Sure" is located in the United States and provides cloud based services fortracking patient health. The company is compliant with HIPAA/HITECH Act among other industry standards. Health4Sure decides to assess the overall security of their cloud service against the CCM toolkit so that they will be able to present this document topotential clients.
Which of the following approach would be most suitable to assess the overall security posture of Health4Sure's cloud service?
- A. The CCM domain controls are mapped to HIPAA/HITECH Act and therefore Health4Sure could verify the CCM controls already covered as a result of their compliance with HIPPA/HITECH Act. They could then assess the remaining controls thoroughly. This approach saves time while being able to assess the company's overall security posture in an efficient manner.
- B. The CCM domains are not mapped to HIPAA/HITECH Act. Therefore Health4Sure should assess the security posture of their cloud service against each and every control in the CCM. This approach will allow a thorough assessment of the security posture.
- C. The CCM columns are mapped to HIPAA/HITECH Act and therefore Health4Sure could verify the CCM controls already covered ad a result of their compliance with HIPPA/HITECH Act. They could then assess the remaining controls. This approach will save time.
Answer: B
NEW QUESTION 60
......
Free CCAK braindumps download: https://www.testpassking.com/CCAK-exam-testking-pass.html
CCAK Dumps for Pass Guaranteed - Pass CCAK Exam: https://drive.google.com/open?id=1DadNCm06HRCbjDWVzamCHp4kvONGl-uL