Which of the following is the common cause of misconfiguration in a cloud environment?
A. Absence of effective change control
B. Using multiple cloud service providers
C. New cloud computing techniques
D. Traditional change process mechanisms
Which of the following standards is designed to be used by organizations for cloud services that intend to select controls within the process of implementing an Information Security Management System based on ISO/IEC 27001?
A. ISO/IEC 27017:2015
B. CSA Cloud Control Matrix (CCM)
C. NIST SP 800-146
D. ISO/IEC 27002
A. Cloud service provider, internal and external audit perspectives
B. Business/organizational, governance, cloud and risk perspectives
C. Enterprise risk management, data protection, privacy and legal perspectives
D. Key stakeholders, enterprise risk management, and Internal audit perspectives
The BEST way to deliver continuous compliance in a cloud environment is to:
A. decrease the interval between attestations of compliance.
B. combine point-in-time assurance approaches with continuous monitoring.
C. increase the frequency of external audits from annual to quarterly.
D. combine point-in-time assurance approaches with continuous auditing.
When establishing cloud governance, an organization should FIRST test by migrating:
A. all applications at once to the cloud.
B. complex applications to the cloud.
C. legacy applications to the cloud.
D. a few applications to the cloud.
When reviewing a third-party agreement with a cloud service provider, which of the following should be
the GREATEST concern regarding customer data privacy?
A. Data retention, backup, and recovery
B. Patch management process
C. Return or destruction of information
D. Network intrusion detection
A. Updated audit/work program
B. Documentation criteria for the audit evidence
C. Processes and systems to be audited
D. Testing procedure to be performed
A. Cloud compliance program
B. Legacy IT compliance program
C. Internal audit program
D. Service organization controls report
What data center and physical security measures should a cloud customer consider when assessing a cloud service provider?
A. Assess use of monitoring systems to control ingress and egress points of entry to the data center.
B. Implement physical security perimeters to safeguard personnel, data and information systems.
C. Conduct a due diligence to verify the cloud provider applies adequate physical security measures.
D. Review internal policies and procedures for relocation of hardware and software to an offsite location.
A large organization with subsidiaries in multiple locations has a business requirement to organize IT systems to have identified resources reside in particular locations with organizational personnel. Which access control method will allow IT personnel to be segregated across the various locations?
A. Role Based Access Control
B. Attribute Based Access Control
C. Policy Based Access Control
D. Rule Based Access Control
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Isaca exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CCAK exam preparations and Isaca certification application, do not hesitate to visit our Vcedump.com to find your solutions here.