CCAK Exam Details

  • Exam Code
    :CCAK
  • Exam Name
    :Certificate of Cloud Auditing Knowledge
  • Certification
    :Isaca Certifications
  • Vendor
    :Isaca
  • Total Questions
    :232 Q&As
  • Last Updated
    :Jul 12, 2026

Isaca CCAK Online Questions & Answers

  • Question 61:

    In cloud computing, with whom does the responsibility and accountability for compliance lie?

    A. The cloud service provider is responsible and accountable for compliance.
    B. The cloud service provider is responsible for compliance, and the cloud service customer is accountable.
    C. The cloud service customer is responsible and accountable for compliance.
    D. The cloud service customer is responsible for compliance, and the cloud service provider is accountable.

  • Question 62:

    Within an organization, which of the following functions should be responsible for defining the cloud adoption approach?

    A. Audit committee
    B. Compliance manager
    C. IT manager
    D. Senior management

  • Question 63:

    From a compliance perspective, which of the following artifacts should an assessor review when evaluating the effectiveness of Infrastructure as Code deployments?

    A. Evaluation summaries
    B. logs
    C. SOC reports
    D. Interviews

  • Question 64:

    The control domain feature within a Cloud Controls Matrix (CCM) represents:

    A. CCM's ability to scan and check Active Directory, LDAP, and x.500 directories for suspicious and/or privileged user accounts.
    B. a logical grouping of security controls addressing the same category of IT risks or information security concerns.
    C. a set of application programming interfaces (APIs) that allows a cloud consumer to restrict the replication area within a well-defined jurisdictional perimeter.
    D. CCM's ability to scan for anomalies in DNS zones in order to detect DNS spoofing, DNS hijacking, DNS cache poisoning, and similar threats.

  • Question 65:

    The PRIMARY objective of an audit initiation meeting with a cloud audit client is to:

    A. select the methodology of an audit.
    B. review requested evidence provided by the audit client.
    C. discuss the scope of the cloud audit.
    D. identify resource requirements of the cloud audit.

  • Question 66:

    From the perspective of a senior cloud security audit practitioner in an organization of a mature security program with cloud adoption, which of the following statements BEST describes the DevSecOps concept?

    A. Process of security integration using automation in software development
    B. Development standards for addressing integration, testing, and deployment issues
    C. Operational framework that promotes software consistency through automation
    D. Making software development simpler, faster, and easier using automation

  • Question 67:

    The CSA STAR Certification is based on criteria outlined the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) in addition to:

    A. ISO/IEC 27001 implementation.
    B. GB/T 22080-2008.
    C. SOC 2 Type 1 or 2 reports.
    D. GDPR CoC certification.

  • Question 68:

    An organization has an ISMS implemented, following ISO 27001 and Annex A controls. The CIO would like to migrate some of the infrastructure to the cloud. Which of the following standards would BEST assist in identifying controls to consider for this migration?

    A. ISO/IEC 27701
    B. ISO/IEC 22301
    C. ISO/IEC 27002
    D. ISO/IEC 27017

  • Question 69:

    An auditor examining a cloud service provider's service level agreement (SLA) should be MOST concerned about whether:

    A. the agreement includes any operational matters that are material to the service operations.
    B. the agreement excludes any sourcing and financial matters that are material in meeting the service level agreement (SLA).
    C. the agreement includes any service availability matters that are material to the service operations.
    D. the agreement excludes any operational matters that are material to the service operations

  • Question 70:

    After finding a vulnerability in an internet-facing server of an organization, a cybersecurity criminal is able to access an encrypted file system and successfully manages to overwrite part of some files with random data. In reference to the Top Threats Analysis methodology, how would you categorize the technical impact of this incident?

    A. As an integrity breach
    B. As control breach
    C. As an availability breach
    D. As a confidentiality breach

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Isaca exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CCAK exam preparations and Isaca certification application, do not hesitate to visit our Vcedump.com to find your solutions here.