CCAK Exam Details

  • Exam Code
    :CCAK
  • Exam Name
    :Certificate of Cloud Auditing Knowledge
  • Certification
    :Isaca Certifications
  • Vendor
    :Isaca
  • Total Questions
    :232 Q&As
  • Last Updated
    :Jul 12, 2026

Isaca CCAK Online Questions & Answers

  • Question 141:

    In all three cloud deployment models, (IaaS, PaaS, and SaaS), who is responsible for the patching of the hypervisor layer?

    A. Cloud service customer
    B. Shared responsibility
    C. Cloud service provider
    D. Patching on hypervisor layer is not required

  • Question 142:

    Your company is purchasing an application from a vendor. They do not allow you to perform an on-site audit on their information system. However, they say, they will provide the third-party audit attestation on the adequate control design within their environment. Which report is the vendor providing you?

    A. SOC 3
    B. SOC 2, TYPE 2
    C. SOC 1
    D. SOC 2, TYPE 1

  • Question 143:

    Why is it important for the individuals in charge of cloud compliance to understand the organization's past?

    A. To determine the current state of the organization's compliance
    B. To determine the risk profile of the organization
    C. To address any open findings from previous external audits
    D. To verify whether the measures implemented from the lessons learned are effective

  • Question 144:

    Which of the following configuration change controls is acceptable to a cloud auditor?

    A. Development, test and production are hosted in the same network environment.
    B. Programmers have permanent access to production software.
    C. The Head of Development approves changes requested to production.
    D. Programmers cannot make uncontrolled changes to the source code production version.

  • Question 145:

    An auditor wants to get information about the operating effectiveness of controls addressing privacy, availability, and confidentiality of a service organization. Which of the following can BEST help to gain the required information?

    A. ISAE 3402 report
    B. ISO/IEC 27001 certification
    C. SOC1 Type 1 report
    D. SOC2 Type 2 report

  • Question 146:

    Which of the following cloud service provider activities MUST obtain a client's approval?

    A. Destroying test data
    B. Deleting subscription owner accounts
    C. Deleting test accounts
    D. Deleting guest accounts

  • Question 147:

    The BEST method to report continuous assessment of a cloud provider's services to the CSA is through:

    A. a set of dedicated application programming interfaces (APIs).
    B. SOC 2 Type 2 attestation.
    C. CCM assessment by a third-party auditor on a periodic basis.
    D. tools selected by the third-party auditor.

  • Question 148:

    Network environments and virtual instances shall be designed and configured to restrict and monitor traffic between trusted and untrusted connections. These configurations shall be reviewed at least annually, and supported by a documented justification for use for all allowed services, protocols, ports, and by compensating controls. Which of the following controls BEST matches this control description?

    A. Network Security
    B. Change Detection
    C. Virtual Instance and OS Hardening
    D. Network Vulnerability Management

  • Question 149:

    For an auditor auditing an organization's cloud resources, which of the following should be of GREATEST concern?

    A. The organization does not have separate policies for governing its cloud environment.
    B. The organization's IT team does not include resources with cloud certifications.
    C. The organization does not perform periodic reviews or control monitoring for its cloud environment, but it has a documented audit plan and performs an audit for its cloud environment every alternate year.
    D. The risk management team reports to the head of audit.

  • Question 150:

    Which of the following processes should be performed FIRST to properly implement the NIST SP 800-53 r4 control framework in an organization?

    A. A selection of the security objectives the organization wants to improve
    B. A security categorization of the information systems
    C. A comprehensive business impact analysis (BIA)
    D. A comprehensive tailoring of the controls of the framework

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Isaca exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CCAK exam preparations and Isaca certification application, do not hesitate to visit our Vcedump.com to find your solutions here.