Which statement about compliance responsibilities and ownership of accountability is correct?
A. Organizations may be able to transfer their accountability for compliance with various regulatory requirements to their CSPs, but they retain the ownership of responsibility.
B. Organizations may be able to transfer their responsibility for compliance with various regulatory requirements to their CSPs, but they retain the ownership of accountability.
C. Organizations may transfer their responsibility and accountability for compliance with various regulatory requirements to their CSPs.
D. Organizations are not able to transfer their responsibility nor accountability for compliance with various regulatory requirements to their CSPs.
The MOST critical concept of managing the build and test of code in DevOps is:
A. continuous build.
B. continuous delivery.
C. continuous deployment.
D. continuous integration.
The Cloud Computing Compliance Controls Catalogue (C5) framework is maintained by which of the following agencies?
A. Agence nationale de la sécurité des systèmes d’information (ANSSI)
B. National Institute of Standards and Technology (NIST)
C. National Security Agency (NSA)
D. Bundesamt für Sicherheit in der Informationstechnik (BSI)
What type of termination occurs at the initiative of one party, and without the fault of the other party?
A. Termination for cause
B. Termination for convenience
C. Termination at the end of the term
D. Termination without the fault
A. output from threat modeling exercises.
B. results from automated testing.
C. source code within build scripts.
D. service level agreements.
An auditor is performing an audit on behalf of a cloud customer. For assessing security awareness, the auditor should:
A. assess the existence and adequacy of a security awareness training program at the cloud service provider's organization as the cloud customer hired the auditor to review and cloud service.
B. assess the existence and adequacy of a security awareness training program at both the cloud customer's organization and the cloud service provider's organization.
C. assess the existence and adequacy of a security awareness training program at the cloud customer's organization as they hired the auditor.
D. not assess the security awareness training program as it is each organization's responsibility
Which of the following cloud models prohibits penetration testing?
A. Hybrid Cloud
B. Private Cloud
C. Public Cloud
D. Community Cloud
Under GDPR, an organization should report a data breach within what time frame?
A. 72 hours
B. 2 weeks
C. 1 week
D. 48 hours
Which of the following data destruction methods is the MOST effective and efficient?
A. Crypto-shredding
B. Degaussing
C. Multi-pass wipes
D. Physical destruction
An organization that is utilizing a community cloud is contracting an auditor to conduct a review on behalf of the group of organizations within the cloud community. From the following, to whom should the auditor report the findings?
A. Public
B. Management of organization being audited
C. Shareholders/interested parties
D. Cloud service provider
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Isaca exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CCAK exam preparations and Isaca certification application, do not hesitate to visit our Vcedump.com to find your solutions here.