CCAK Exam Details

  • Exam Code
    :CCAK
  • Exam Name
    :Certificate of Cloud Auditing Knowledge
  • Certification
    :Isaca Certifications
  • Vendor
    :Isaca
  • Total Questions
    :232 Q&As
  • Last Updated
    :Jul 12, 2026

Isaca CCAK Online Questions & Answers

  • Question 101:

    Which of the following is an example of financial business impact?

    A. A hacker using a stolen administrator identity brings down the SaaS sales and marketing systems, resulting in the inability to process customer orders or manage customer relationships.
    B. While the breach was reported in a timely manner to the CEO, the CFO and CISO blamed each other in public, resulting in a loss of public confidence that led the board to replace all three.
    C. A DDoS attack renders the customer's cloud inaccessible for 24 hours resulting in millions in lost sales.
    D. The cloud provider fails to report a breach of customer personal data from an unsecured server, resulting in GDPR fines of 10 million euro.

  • Question 102:

    Transparent data encryption is used for:

    A. data across communication channels.
    B. data currently being processed.
    C. data in random access memory (RAM).
    D. data and log files at rest

  • Question 103:

    An independent contractor is assessing security maturity of a SaaS company against industry standards. The SaaS company has developed and hosted all their products using the cloud services provided by a third-party cloud service provider (CSP). What is the optimal and most efficient mechanism to assess the controls CSP is responsible for?

    A. Review third-party audit reports.
    B. Review CSP's published questionnaires.
    C. Directly audit the CSP.
    D. Send supplier questionnaire to the CSP.

  • Question 104:

    Controls mapping found in the Scope Applicability column of the Cloud Controls Matrix (CCM) may help organizations to realize cost savings:

    A. by avoiding duplication of efforts in the compliance evaluation and for the eventual control design and implementation.
    B. by implementing layered security, thus reducing the likelihood of data breaches and the associated costs.
    C. by avoiding the need to hire a cloud security specialist to perform the periodic risk assessment exercise.
    D. by avoiding fines for breaching those regulations that impose a controls mapping in order to prove compliance

  • Question 105:

    A new company has all its operations in the cloud. Which of the following would be the best information security control framework to implement?

    A. NIST 800-73, because it is a control framework implemented by the major cloud providers.
    B. ISO/IEC 27018.
    C. ISO/IEC 27002.
    D. Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM).

  • Question 106:

    Which of the following approaches encompasses social engineering of staff, bypassing of physical access controls and penetration testing?

    A. Blue team
    B. White box
    C. Gray box
    D. Red team

  • Question 107:

    When building a cloud governance model, which of the following requirements will focus more on the cloud service provider's evaluation and control checklist?

    A. Security requirements
    B. Legal requirements
    C. Compliance requirements
    D. Operational requirements

  • Question 108:

    What areas should be reviewed when auditing a public cloud?

    A. Patching, source code reviews, hypervisor, access controls
    B. Identity and access management, data protection
    C. Patching, configuration, hypervisor, backups
    D. Vulnerability management, cyber security reviews, patching

  • Question 109:

    Which of the following is MOST important to ensure effective operationalization of cloud security controls?

    A. Identifying business requirements
    B. Comparing different control frameworks
    C. Assessing existing risks
    D. Training and awareness

  • Question 110:

    When performing audits in relation to Business Continuity Management and Operational Resilience strategy, what would be the MOST critical aspect to audit in relation to the strategy of the cloud customer that should be formulated jointly with the cloud service provider?

    A. Validate if the strategy covers unavailability of all components required to operate the business-as-usual or in disrupted mode, in parts or total- when impacted by a disruption.
    B. Validate if the strategy covers all aspects of Business Continuity and Resilience planning, taking inputs from the assessed impact and risks, to consider activities for before, during, and after a disruption.
    C. Validate if the strategy covers all activities required to continue and recover prioritized activities within identified time frames and agreed capacity, aligned to the risk appetite of the organization including the invocation of continuity plans and crisis management capabilities.
    D. Validate if the strategy is developed by both cloud service providers and cloud service consumers within the acceptable limits of their risk appetite.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Isaca exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CCAK exam preparations and Isaca certification application, do not hesitate to visit our Vcedump.com to find your solutions here.