During an audit it was identified that a critical application hosted in an off-premises cloud is not part of the organization's DRP (Disaster Recovery Plan). Management stated that it is responsible for ensuring that the cloud service provider (CSP) has a plan that is tested annually. What should be the auditor's NEXT course of action?
A. Review the CSP audit reports.Which of the following defines the criteria designed by the American Institute of Certified Public Accountants (AICPA) to specify trusted services?
A. Security, confidentiality, availability, privacy and processing integrityIf the degree of verification for information shared with the auditor during an audit is low, the auditor should:
A. reject the information as audit evidence.The MOST critical concept of managing the build and test of code in DevOps is:
A. continuous build.An organization deploying the Cloud Control Matrix (CCM) to perform a compliance assessment will encompass the use of the "Corporate Governance Relevance" feature to filter out those controls:
A. relating to policies, processes, laws, regulations, and institutions conditioning the way an organization is managed, directed, or controlled.Management planes deployed in cloud environments may pose a risk of potentially allowing access to the entire environment. Which of the following controls is MOST appropriate for mitigating this risk?
A. Change managementWhich of the following is a PRIMARY benefit of using a standardized control framework?
A. It enables senior management to receive regular and detailed executive reports easily.You have been assigned the implementation of an ISMS, whose scope must cover both on premise and cloud infrastructure. Which of the following is your BEST option?
A. Implement ISO/IEC 27002 and complement it with additional controls from the CCM.In a multi-level supply chain structure where cloud service provider A relies on other sub cloud services, the provider should ensure that any compliance requirements relevant to the provider are:
A. treated as confidential information and withheld from all sub cloud service providers.A large healthcare provider within the United States is seeking a cloud service provider offering Software as a Service (SaaS) for core business systems. The selected provider MUST comply with which of the following regulations?
A. GDPRNowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Isaca exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CCAK exam preparations and Isaca certification application, do not hesitate to visit our Vcedump.com to find your solutions here.