Certificate of Cloud Auditing Knowledge
Last Update Apr 25, 2024
Total Questions : 175
We are offering FREE CCAK Isaca exam questions. All you do is to just go and sign up. Give your details, prepare CCAK free exam questions and then go for complete pool of Certificate of Cloud Auditing Knowledge test questions that will help you more.
From an auditor perspective, which of the following BEST describes shadow IT?
Visibility to which of the following would give an auditor the BEST view of design and implementation decisions when an organization uses programmatic automation for Infrastructure as a Service (laaS) deployments?
The effect of which of the following should have priority in planning the scope and objectives of a cloud audit?
During an audit, it was identified that a critical application hosted in an off-premises cloud is not part of the organization's disaster recovery plan (DRP). Management stated that it is responsible for ensuring the cloud service provider has a plan that is tested annually. What should be the auditor's NEXT course of action?
To ensure integration of security testing is implemented on large code sets in environments where time to completion is critical, what form of validation should an auditor expect?
What legal documents should be provided to the auditors in relation to risk management?
Which of the following activities is performed outside information security monitoring?
Which of the following activities are part of the implementation phase of a cloud assurance program during a cloud migration?
Which of the following has been provided by the Federal Office for Information Security in Germany to support customers in selecting, controlling, and monitoring their cloud service providers?
After finding a vulnerability in an Internet-facing server of an organization, a cybersecurity criminal is able to access an encrypted file system and successfully manages to overwrite parts of some files with random data. In reference to the Top Threats Analysis methodology, how would the technical impact of this incident be categorized?
Which of the following is a KEY benefit of using the Cloud Controls Matrix (CCM)?
With regard to the Cloud Controls Matrix (CCM), the Architectural Relevance is a feature that enables the filtering of security controls by:
When reviewing a third-party agreement with a cloud service provider, which of the following should be the GREATEST concern regarding customer data privacy?
A cloud service provider contracts for a penetration test to be conducted on its infrastructures. The auditor engages the target with no prior knowledge of its defenses, assets, or channels. The provider's security operation center is not notified in advance of the scope of the audit and the test vectors. Which mode has been selected by the provider?
An auditor is reviewing an organization’s virtual machines (VMs) hosted in the cloud. The organization utilizes a configuration management (CM) tool to enforce password policies on its VMs. Which of the following is the BEST approach for the auditor to use to review the operating effectiveness of the password requirement?
Which of the following is a direct benefit of mapping the Cloud Controls Matrix (CCM) to other international standards and regulations?
An organization currently following the ISO/IEC 27002 control framework has been charged by a new CIO to switch to the NIST 800-53 control framework. Which of the following is the FIRST step to this change?
The PRIMARY purpose of Open Certification Framework (OCF) for the CSA STAR program is to:
A certification target helps in the formation of a continuous certification framework by incorporating:
Controls mapping found in the Scope Applicability column of the Cloud Controls Matrix (CCM) may help organizations to realize cost savings:
Which of the following would be the GREATEST governance challenge to an organization where production is hosted in a public cloud and backups are held on the premises?
Application programming interfaces (APIs) are likely to be attacked continuously by bad actors because they:
An auditor identifies that a cloud service provider received multiple customer inquiries and requests for proposal (RFPs) during the last month. Which of the following
What should be the BEST recommendation to reduce the provider’s burden?
What should be the control audit frequency for an organization's business continuity management and operational resilience strategy?
An auditor is assessing a European organization's compliance. Which regulation is suitable if health information needs to be protected?
The MOST critical concept for managing the building and testing of code in DevOps is:
Which of the following MOST enhances the internal stakeholder decision-making process for the remediation of risks identified from an organization's cloud compliance program?
The MOST important factor to consider when implementing cloud-related controls is the:
The PRIMARY purpose of Open Certification Framework (OCF) for the CSA STAR program is to:
From a compliance perspective, which of the following artifacts should an assessor review when evaluating the effectiveness of Infrastructure as Code deployments?
Which of the following types of SOC reports BEST helps to ensure operating effectiveness of controls in a cloud service provider offering?
From the perspective of a senior cloud security audit practitioner in an organization with a mature security program and cloud adoption, which of the following statements BEST describes the DevSecOps concept?
Which of the following aspects of risk management involves identifying the potential reputational and financial harm when an incident occurs?
An organization is using the Cloud Controls Matrix (CCM) to extend its IT governance in the cloud. Which of the following is the BEST way for the organization to take advantage of the supplier relationship feature?
In a multi-level supply chain structure where cloud service provider A relies on other sub cloud services, the provider should ensure that any compliance requirements relevant to the provider are:
The BEST way to deliver continuous compliance in a cloud environment is to:
Which of the following is the PRIMARY component to determine the success or failure of an organization’s cloud compliance program?
What type of termination occurs at the initiative of one party and without the fault of the other party?
In relation to testing business continuity management and operational resilience, an auditor should review which of the following database documentation?
Which of the following is MOST useful for an auditor to review when seeking visibility into the cloud supply chain for a newly acquired Software as a Service (SaaS) solution?
Which of the following is MOST important to ensure effective cloud application controls are maintained in an organization?
Which of the following attestations allows for immediate adoption of the Cloud Controls Matrix (CCM) as additional criteria to AICPA Trust Service Criteria and provides the flexibility to update the criteria as technology and market requirements change?
Which of the following helps an organization to identify control gaps and shortcomings in the context of cloud computing?
What is a sign that an organization has adopted a shift-left concept of code release cycles?
Which of the following standards is designed to be used by organizations for cloud services that intend to select controls within the process of implementing an information security management system based on ISO/IEC 27001?
Which of the following is the MOST important strategy and governance documents to provide to the auditor prior to a cloud service provider review?