CCAK Exam Details

  • Exam Code
    :CCAK
  • Exam Name
    :Certificate of Cloud Auditing Knowledge
  • Certification
    :Isaca Certifications
  • Vendor
    :Isaca
  • Total Questions
    :232 Q&As
  • Last Updated
    :Jul 12, 2026

Isaca CCAK Online Questions & Answers

  • Question 151:

    What is the advantage of using dynamic application security testing (DAST) over static application security testing (SAST) methodology?

    A. Unlike SAST, DAST is a blackbox and programming language agnostic.
    B. DAST can dynamically integrate with most CI/CD tools.
    C. DAST delivers more false positives than SAST.
    D. DAST is slower but thorough.

  • Question 152:

    SAST testing is performed by:

    A. scanning the application source code.
    B. scanning the application interface.
    C. scanning all infrastructure components.
    D. performing manual actions to gain control of the application.

  • Question 153:

    A cloud customer configured and developed a solution on top of the certified cloud services. Building on top of a compliant CSP:

    A. means that the cloud customer is also compliant.
    B. means that the cloud customer and client are both compliant.
    C. means that the cloud customer is compliant but their client is not compliant.
    D. does not necessarily mean that the cloud customer is also compliant.

  • Question 154:

    Which of the following is the MOST important audit scope document when conducting a review of a cloud service provider?

    A. Updated audit/work program
    B. Documentation criteria for the audit evidence
    C. Processes and systems to be audited
    D. Testing procedure to be performed

  • Question 155:

    When using a SaaS solution, who is responsible for application security?

    A. The cloud service provider only
    B. The cloud service consumer only
    C. Both cloud consumer and the enterprise
    D. Both cloud provider and the consumer

  • Question 156:

    As Infrastructure as a Service (laaS) cloud service providers often do not allow the cloud service customers to perform on-premise audits, the BEST approach for the auditor should be to:

    A. use other sources of available data for evaluating the customer's controls.
    B. recommend that the customer not use the services provided by the provider.
    C. refrain from auditing the provider's security controls due to lack of cooperation.
    D. escalate the lack of support from the provider to the regulatory authority.

  • Question 157:

    An organization is using the Cloud Controls Matrix (CCM) to extend its IT governance in the cloud. Which of the following is the BEST way for the organization to take advantage of the supplier relationship feature?

    A. Filter out only those controls directly influenced by contractual agreements.
    B. Leverage this feature to enable the adoption of the Shared Responsibility Model.
    C. Filter out only those controls having a direct impact on current terms of service (TOS) and service level agreement (SLA).
    D. Leverage this feature to enable a smarter selection of the next cloud provider.

  • Question 158:

    Application programming interfaces (APIs) are likely to be attacked continuously by bad actors because they:

    A. are the asset with private IP addresses.
    B. are generally the most exposed part.
    C. could be poorly designed.
    D. act as a very effective backdoor.

  • Question 159:

    Prioritizing assurance activities for an organization's cloud services portfolio depends PRIMARILY on an organization's ability to:

    A. schedule frequent reviews with high-risk cloud service providers.
    B. develop plans using a standardized risk-based approach.
    C. maintain a comprehensive cloud service inventory.
    D. collate views from various business functions using cloud services.

  • Question 160:

    The FINAL decision to include a material finding in a cloud audit report should be made by the:

    A. auditee's senior management.
    B. organization's chief executive officer (CEO).
    C. cloud auditor.
    D. organization's chief information security officer (CISO)

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Isaca exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CCAK exam preparations and Isaca certification application, do not hesitate to visit our Vcedump.com to find your solutions here.