When performing audits in relation to Business Continuity Management and Operational Resilience strategy, what would be the MOST critical aspect to audit in relation to the strategy of the cloud customer that should be formulated jointly with the cloud service provider?
A. Validate if the strategy covers unavailability of all components required to operate the business-asusual or in disrupted mode, in parts or total- when impacted by a disruption.
B. Validate if the strategy covers all aspects of Business Continuity and Resilience planning, taking inputs from the assessed impact and risks, to consider activities for before, during, and after a disruption.
C. Validate if the strategy covers all activities required to continue and recover prioritized activities within identified time frames and agreed capacity, aligned to the risk appetite of the organization including the invocation of continuity plans and crisis management capabilities.
D. Validate if the strategy is developed by both cloud service providers and cloud service consumers within the acceptable limits of their risk appetite.
When applying the Top Threats Analysis methodology following an incident, what is the scope of the technical impact identification step?
A. Determine the impact on the controls that were selected by the organization to respond to identified risks.
B. Determine the impact on confidentiality, integrity and availability of the information system.
C. Determine the impact on the financial, operational, compliance and reputation of the organization.
D. Determine the impact on the physical and environmental security of the organization, excluding informational assets.
Which of the following approaches encompasses social engineering of staff, bypassing of physical access controls and penetration testing?
A. Blue team
B. White box
C. Gray box
D. Red team
An auditor identifies that a CSP received multiple customer inquiries and RFPs during the last month. Which of the following should be the BEST recommendation to reduce the CSP burden?
A. CSP can share all security reports with customers to streamline the process.
B. CSP can schedule a call with each customer.
C. CSP can answer each customer individually.
D. CSP can direct all customers' inquiries to the information in the CSA STAR registry.
Policies and procedures shall be established, and supporting business processes and technical measures implemented, for maintenance of several items ensuring continuity and availability of operations and support personnel. Which of the following controls BEST matches this control description?
A. Operations Maintenance
B. System Development Maintenance
C. Equipment Maintenance
D. System Maintenance
When a client's business process changes, the CSP SLA should:
A. be reviewed, but the SLA cannot be updated.
B. not be reviewed, but the cloud contract should be cancelled immediately.
C. not be reviewed as the SLA cannot be updated.
D. be reviewed and updated if required.
The PRIMARY objective of an audit initiation meeting with a cloud audit client is to:
A. select the methodology of an audit.
B. review requested evidence provided by the audit client.
C. discuss the scope of the cloud audit.
D. identify resource requirements of the cloud audit.
Organizations maintain mappings between the different control frameworks they adopt to:
A. help identify controls with common assessment status.
B. avoid duplication of work when assessing compliance.
C. help identify controls with different assessment status.
D. start a compliance assessment using latest assessment.
SAST testing is performed by:
A. scanning the application source code.
B. scanning the application interface.
C. scanning all infrastructure components.
D. performing manual actions to gain control of the application.
After finding a vulnerability in an internet-facing server of an organization, a cybersecurity criminal is able to access an encrypted file system and successfully manages to overwrite part of some files with random data. In reference to the Top Threats Analysis methodology, how would you categorize the technical impact of this incident?
A. As an integrity breach
B. As control breach
C. As an availability breach
D. As a confidentiality breach
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Isaca exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CCAK exam preparations and Isaca certification application, do not hesitate to visit our Vcedump.com to find your solutions here.