1. Home
  2. Isaca
  3. CCAK

Certificate of Cloud Auditing Knowledge

Exam Details

  • Exam Code
    :CCAK
  • Exam Name
    :Certificate of Cloud Auditing Knowledge
  • Certification
    :Cloud Security Alliance
  • Vendor
    :Isaca
  • Total Questions
    :126 Q&As
  • Last Updated
    :May 09, 2024

Isaca Cloud Security Alliance CCAK Questions & Answers

  • Question 21:

    Which of the following parties should have accountability for cloud compliance requirements?

    A. Customer

    B. Equally shared between customer and provider

    C. Provider

    D. Either customer or provider, depending on requirements

  • Question 22:

    As a developer building codes into a container in a DevSecOps environment, which of the following is the appropriate place(s) to perform security tests?

    A. Within developer's laptop

    B. Within the CI/CD server

    C. Within version repositories

    D. Within the CI/CD pipeline

  • Question 23:

    You have been assigned the implementation of an ISMS, whose scope must cover both on premise and cloud infrastructure. Which of the following is your BEST option?

    A. Implement ISO/IEC 27002 and complement it with additional controls from the CCM.

    B. Implement ISO/IEC 27001 and complement it with additional controls from ISO/IEC 27017.

    C. Implement ISO/IEC 27001 and complement it with additional controls from ISO/IEC 27002.

    D. Implement ISO/IEC 27001 and complement it with additional controls from the NIST SP 800-145.

  • Question 24:

    Which best describes the difference between a type 1 and a type 2 SOC report?

    A. A type 2 SOC report validates the operating effectiveness of controls whereas a type 1 SOC report validates the suitability of the design of the controls.

    B. A type 2 SOC report validates the suitability of the design of the controls whereas a type 1 SOC report validates the operating effectiveness of controls.

    C. A type 1 SOC report provides an attestation whereas a type 2 SOC report offers a certification.

    D. There is no difference between a type 2 and type 1 SOC report.

  • Question 25:

    If the degree of verification for information shared with the auditor during an audit is low, the auditor should:

    A. reject the information as audit evidence.

    B. stop evaluating the requirement altogether and review other audit areas.

    C. delve deeper to obtain the required information to decide conclusively.

    D. use professional judgment to determine the degree of reliance that can be placed on the information as evidence.

  • Question 26:

    When building a cloud governance model, which of the following requirements will focus more on the cloud service provider's evaluation and control checklist?

    A. Security requirements

    B. Legal requirements

    C. Compliance requirements

    D. Operational requirements

  • Question 27:

    A. schedule frequent reviews with high-risk cloud service providers.

    B. develop plans using a standardized risk-based approach.

    C. maintain a comprehensive cloud service inventory.

    D. collate views from various business functions using cloud services.

  • Question 28:

    In the context of Infrastructure as a Service (IaaS), a vulnerability assessment will scan virtual machines to identify vulnerabilities in:

    A. both operating system and application infrastructure contained within the CSP's instances.

    B. both operating system and application infrastructure contained within the customer's instances

    C. only application infrastructure contained within the CSP's instances.

    D. only application infrastructure contained within the customer's instances.

  • Question 29:

    One of the Cloud Control Matrix's (CCM's) control specifications states that “Independent reviews and assessments shall be performed at least annually to ensure that the organization addresses nonconformities of established policies, standards, procedures, and compliance obligations.” Which of the following controls under the Audit Assurance and Compliance domain does this match to?

    A. Audit planning

    B. Information system and regulatory mapping

    C. GDPR auditing

    D. Independent audits

  • Question 30:

    To ensure that integration of security testing is implemented on large code sets in environments where time to completion is critical, what form of validation should an auditor expect?

    A. Parallel testing

    B. Full application stack unit testing

    C. Regression testing

    D. Functional verification

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Isaca exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CCAK exam preparations and Isaca certification application, do not hesitate to visit our Vcedump.com to find your solutions here.