CCAK Exam Details

  • Exam Code
    :CCAK
  • Exam Name
    :Certificate of Cloud Auditing Knowledge
  • Certification
    :Isaca Certifications
  • Vendor
    :Isaca
  • Total Questions
    :232 Q&As
  • Last Updated
    :Jul 12, 2026

Isaca CCAK Online Questions & Answers

  • Question 191:

    During an audit it was identified that a critical application hosted in an off-premises cloud is not part of the organization's DRP (Disaster Recovery Plan). Management stated that it is responsible for ensuring that the cloud service provider (CSP) has a plan that is tested annually. What should be the auditor's NEXT course of action?

    A. Review the CSP audit reports.
    B. Review the security white paper of the CSP.
    C. Review the contract and DR capability.
    D. Plan an audit of the CSP.

  • Question 192:

    Which of the following defines the criteria designed by the American Institute of Certified Public Accountants (AICPA) to specify trusted services?

    A. Security, confidentiality, availability, privacy and processing integrity
    B. Security, applicability, availability, privacy and processing integrity
    C. Security, confidentiality, availability, privacy and trustworthiness
    D. Security, data integrity, availability, privacy and processing integrity

  • Question 193:

    If the degree of verification for information shared with the auditor during an audit is low, the auditor should:

    A. reject the information as audit evidence.
    B. stop evaluating the requirement altogether and review other audit areas.
    C. delve deeper to obtain the required information to decide conclusively.
    D. use professional judgment to determine the degree of reliance that can be placed on the information as evidence.

  • Question 194:

    The MOST critical concept of managing the build and test of code in DevOps is:

    A. continuous build.
    B. continuous delivery.
    C. continuous deployment.
    D. continuous integration.

  • Question 195:

    An organization deploying the Cloud Control Matrix (CCM) to perform a compliance assessment will encompass the use of the "Corporate Governance Relevance" feature to filter out those controls:

    A. relating to policies, processes, laws, regulations, and institutions conditioning the way an organization is managed, directed, or controlled.
    B. that can be either of a management or of a legal nature, therefore requiring an approval from the Change Advisory Board.
    C. that require the prior approval from the Board of Directors to be funded (for either make or buy), implemented, and reported on.
    D. that can be either of an administrative or of a technical nature, therefore requiring an approval from the Change Advisory Board.

  • Question 196:

    Management planes deployed in cloud environments may pose a risk of potentially allowing access to the entire environment. Which of the following controls is MOST appropriate for mitigating this risk?

    A. Change management
    B. Regular audits
    C. Access restriction
    D. Increased monitoring

  • Question 197:

    Which of the following is a PRIMARY benefit of using a standardized control framework?

    A. It enables senior management to receive regular and detailed executive reports easily.
    B. It enables the organization to implement an effective process of control measurement.
    C. It enables auditors to assess an information system based on a well-defined set of controls.
    D. It enables consultants to speed up the implementation of management systems, thus reducing costs.

  • Question 198:

    You have been assigned the implementation of an ISMS, whose scope must cover both on premise and cloud infrastructure. Which of the following is your BEST option?

    A. Implement ISO/IEC 27002 and complement it with additional controls from the CCM.
    B. Implement ISO/IEC 27001 and complement it with additional controls from ISO/IEC 27017.
    C. Implement ISO/IEC 27001 and complement it with additional controls from ISO/IEC 27002.
    D. Implement ISO/IEC 27001 and complement it with additional controls from the NIST SP 800-145.

  • Question 199:

    In a multi-level supply chain structure where cloud service provider A relies on other sub cloud services, the provider should ensure that any compliance requirements relevant to the provider are:

    A. treated as confidential information and withheld from all sub cloud service providers.
    B. treated as sensitive information and withheld from certain sub cloud service providers.
    C. passed to the sub cloud service providers.
    D. passed to the sub cloud service providers based on the sub cloud service providers' geographic location.

  • Question 200:

    A large healthcare provider within the United States is seeking a cloud service provider offering Software as a Service (SaaS) for core business systems. The selected provider MUST comply with which of the following regulations?

    A. GDPR
    B. HIPAA
    C. GLBA
    D. FISMA

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Isaca exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CCAK exam preparations and Isaca certification application, do not hesitate to visit our Vcedump.com to find your solutions here.