CCAK Exam Details

  • Exam Code
    :CCAK
  • Exam Name
    :Certificate of Cloud Auditing Knowledge
  • Certification
    :Isaca Certifications
  • Vendor
    :Isaca
  • Total Questions
    :232 Q&As
  • Last Updated
    :Jul 12, 2026

Isaca CCAK Online Questions & Answers

  • Question 121:

    Which of the following is a cloud-native solution designed to counter threats that do not exist within the enterprise?

    A. Policy based access control
    B. Attribute based access control
    C. Rule based access control
    D. Role based access control

  • Question 122:

    Which of the following should be the FIRST step to establish a cloud assurance program during a cloud migration?

    A. Design
    B. Stakeholder identification
    C. Development
    D. Risk assessment

  • Question 123:

    What data center and physical security measures should a cloud customer consider when assessing a cloud service provider?

    A. Assess use of monitoring systems to control ingress and egress points of entry to the data center.
    B. Implement physical security perimeters to safeguard personnel, data and information systems.
    C. Conduct a due diligence to verify the cloud provider applies adequate physical security measures.
    D. Review internal policies and procedures for relocation of hardware and software to an offsite location.

  • Question 124:

    A Dot Release of Cloud Control Matrix (CCM) indicates what?

    A. The introduction of new control frameworks mapped to previously-published CCM controls.
    B. A revision of the CCM domain structure.
    C. A technical change (revision or addition or deletion) of a number of controls is smaller than 10% compared to the previous "Full" release.
    D. A technical change (revision or addition or deletion) of a number of controls is greater than 10% compared to the previous "Full" release.

  • Question 125:

    As a developer building codes into a container in a DevSecOps environment, which of the following is the appropriate place(s) to perform security tests?

    A. Within developer's laptop
    B. Within the CI/CD server
    C. Within version repositories
    D. Within the CI/CD pipeline

  • Question 126:

    Which of the following is MOST important to consider when an organization is building a compliance program for the cloud?

    A. The rapidly changing service portfolio and architecture of the cloud.
    B. Cloud providers should not be part of the compliance program.
    C. The fairly static nature of the service portfolio and architecture of the cloud.
    D. The cloud is similar to the on-premise environment in terms of compliance.

  • Question 127:

    What areas should be reviewed when auditing a public cloud?

    A. Identity and access management (IAM) and data protection
    B. Source code reviews and hypervisor
    C. Patching and configuration
    D. Vulnerability management and cyber security reviews

  • Question 128:

    Which of the following CSP activities requires a client's approval?

    A. Delete the guest account or test accounts
    B. Delete the master account or subscription owner accounts
    C. Delete the guest account or destroy test data
    D. Delete the test accounts or destroy test data

  • Question 129:

    Which of the following is the FIRST step of the Cloud Risk Evaluation Framework?

    A. Analyzing potential impact and likelihood
    B. Establishing cloud risk profile
    C. Evaluating and documenting the risks
    D. Identifying key risk categories

  • Question 130:

    A cloud service provider utilizes services of other service providers for its cloud service. Which of the following is the BEST approach for the auditor while performing the audit for the cloud service?

    A. The auditor should review the service providers' security controls even more strictly, as they are further separated from the cloud customer.
    B. The auditor should review the relationship between the cloud service provider and its service provider to help direct and estimate the level of effort and analysis the auditor should apply.
    C. As the contract for the cloud service is between the cloud customer and the cloud service provider, there is no need for the auditor to review the services provided by the service providers.
    D. As the relationship between the cloud service provider and its service providers is governed by separate contracts between them, there is no need for the auditor to review the services

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Isaca exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CCAK exam preparations and Isaca certification application, do not hesitate to visit our Vcedump.com to find your solutions here.