What should be the control audit frequency for Business Continuity Management?
A. Quarterly
B. Annually
C. Monthly
D. Semi-annually
A. NIST SP 800-53
B. CSA's GDPR CoC
C. PCI-DSS
D. EU GDPR
Account design in the cloud should be driven by:
A. security requirements.
B. organizational structure.
C. business continuity policies.
D. management structure.
Which of the following defines the criteria designed by the American Institute of Certified Public Accountants (AICPA) to specify trusted services?
A. Security, confidentiality, availability, privacy and processing integrity
B. Security, applicability, availability, privacy and processing integrity
C. Security, confidentiality, availability, privacy and trustworthiness
D. Security, data integrity, availability, privacy and processing integrity
The PRIMARY objective for an auditor to understand the organization's context for a cloud audit is to:
A. determine whether the organization has carried out control self-assessment and validated audit reports of the cloud service providers (CSP).
B. validate an understanding of the organization's current state and how the cloud audit plan fits into the existing audit approach.
C. validate whether an organization has a cloud audit plan in place.
D. validate the organization's performance effectiveness utilizing cloud service providers (CSP) solutions.
Which of the following is a cloud-specific security standard?
A. ISO27017
B. ISO27701
C. ISO22301
D. ISO14001
Which of the following is an example of a corrective control?
A. A central anti-virus system installing the latest signature files before allowing a connection to the network
B. Unsuccessful access attempts being automatically logged for investigation
C. Privileged access to critical information systems requiring a second factor of authentication using soft token
D. All new employees having standard access rights until their manager approves privileged rights
What should be the auditor's PRIMARY objective while examining a cloud service provider's (CSP's) SLA?
A. Verifying whether commensurate compensation in the form of service credits is factored in if the CSC is unable to match its SLA obligations
B. Verifying whether the SLA includes all the operational matters which are material to the operation of the service
C. Verifying whether the SLA caters to the availability requirements of the cloud service customer (CSC)
D. Verifying whether the SLAs are well-defined and measurable
Which objective is MOST appropriate to measure the effectiveness of password policy?
A. The number of related incidents increases.
B. Attempts to log with weak credentials increases.
C. Newly created account credentials satisfy requirements.
D. The number of related incidents decreases.
A Dot Release of Cloud Control Matrix (CCM) indicates what?
A. The introduction of new control frameworks mapped to previously-published CCM controls.
B. A revision of the CCM domain structure.
C. A technical change (revision or addition or deletion) of a number of controls is smaller than 10% compared to the previous “Full” release.
D. A technical change (revision or addition or deletion) of a number of controls is greater than 10% compared to the previous “Full” release.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Isaca exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CCAK exam preparations and Isaca certification application, do not hesitate to visit our Vcedump.com to find your solutions here.