CCAK Exam Details

  • Exam Code
    :CCAK
  • Exam Name
    :Certificate of Cloud Auditing Knowledge
  • Certification
    :Isaca Certifications
  • Vendor
    :Isaca
  • Total Questions
    :232 Q&As
  • Last Updated
    :Jul 12, 2026

Isaca CCAK Online Questions & Answers

  • Question 171:

    Organizations maintain mappings between the different control frameworks they adopt to:

    A. help identify controls with common assessment status.
    B. avoid duplication of work when assessing compliance.
    C. help identify controls with different assessment status.
    D. start a compliance assessment using latest assessment.

  • Question 172:

    Which of the following is MOST important to manage risk from cloud vendors who might accidentally introduce unnecessary risk to an organization by adding new features to their solutions?

    A. Deploying new features using cloud orchestration tools
    B. Performing prior due diligence of the vendor
    C. Establishing responsibility in the vendor contract
    D. Implementing service level agreements (SLAs) around changes to baseline configurations

  • Question 173:

    Which of the following are the three MAIN phases of the cloud controls matrix (CCM) mapping methodology?

    A. Plan --> Develop --> Release
    B. Deploy --> Monitor --> Audit
    C. Initiation --> Execution --> Monitoring and Controlling
    D. Preparation --> Execution --> Peer Review and Publication

  • Question 174:

    To qualify for CSA STAR attestation for a particular cloud system, the SOC 2 report must cover:

    A. ISO/I 27001: 2013 controls.
    B. maturity model criteria.
    C. all Cloud Control Matrix (CCM) controls and TSPC security principles.
    D. Cloud Control Matrix (CCM) and ISO/IEC 27001:2013 controls.

  • Question 175:

    Which of the following activities are part of the implementation phase of a cloud assurance program during a cloud migration?

    A. Development of the monitoring goals and requirements
    B. Identification of processes, functions, and systems
    C. Identification of the relevant laws, regulations, and standards
    D. Identification of roles and responsibilities

  • Question 176:

    Which of the following is the most important strategy and governance document to provide to the auditor prior to a cloud service provider review?

    A. Enterprise cloud strategy and policy, as well as inventory of third-party attestation reports.
    B. Policies and procedures established around third-party risk assessments, including questionnaires that are required to be completed to assess risk associated with the use of third-party services.
    C. Enterprise cloud strategy and policy, as well as the enterprise cloud security strategy.
    D. Inventory of third-party attestation reports and enterprise cloud security strategy.

  • Question 177:

    Which objective is MOST appropriate to measure the effectiveness of password policy?

    A. The number of related incidents increases.
    B. Attempts to log with weak credentials increases.
    C. Newly created account credentials satisfy requirements.
    D. The number of related incidents decreases.

  • Question 178:

    Which of the following is an example of availability technical impact?

    A. A distributed denial of service (DDoS) attack renders the customer's cloud inaccessible for 24 hours.
    B. The cloud provider reports a breach of customer personal data from an unsecured server.
    C. An administrator inadvertently clicked on phish bait, exposing the company to a ransomware attack.
    D. A hacker using a stolen administrator identity alters the discount percentage in the product database

  • Question 179:

    Which of the following should a cloud auditor recommend regarding controls for application interfaces and databases to prevent manual or systematic processing errors, corruption of data, or misuse?

    A. Assessment of contractual and regulatory requirements for customer access.
    B. Establishment of policies and procedures across multiple system interfaces, jurisdictions, and business functions to prevent improper disclosure, alteration, or destruction.
    C. Data input and output integrity routines.
    D. Testing in accordance with leading industry standards such as OWASP.

  • Question 180:

    Which of the following would give an auditor the BEST view of design and implementation decisions when an organization uses programmatic automation for Infrastructure as a Service (IaaS) deployments? The visibility of:

    A. output from threat modeling exercises.
    B. results from automated testing.
    C. source code within build scripts.
    D. service level agreements.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Isaca exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CCAK exam preparations and Isaca certification application, do not hesitate to visit our Vcedump.com to find your solutions here.