CCAK Exam Details

  • Exam Code
    :CCAK
  • Exam Name
    :Certificate of Cloud Auditing Knowledge
  • Certification
    :Isaca Certifications
  • Vendor
    :Isaca
  • Total Questions
    :232 Q&As
  • Last Updated
    :Jul 12, 2026

Isaca CCAK Online Questions & Answers

  • Question 81:

    Which of the following is an example of a corrective control?

    A. A central anti-virus system installing the latest signature files before allowing a connection to the network
    B. Unsuccessful access attempts being automatically logged for investigation
    C. Privileged access to critical information systems requiring a second factor of authentication using soft token
    D. All new employees having standard access rights until their manager approves privileged rights

  • Question 82:

    When migrating to a cloud environment, which of the following should be the PRIMARY driver for the use of encryption?

    A. Cloud Service Provider encryption capabilities
    B. The presence of PII
    C. Organizational security policies
    D. Cost-benefit analysis

  • Question 83:

    The PRIMARY objective for an auditor to understand the organization's context for a cloud audit is to:

    A. determine whether the organization has carried out control self-assessment and validated audit reports of the cloud service providers (CSP).
    B. validate an understanding of the organization's current state and how the cloud audit plan fits into the existing audit approach.
    C. validate whether an organization has a cloud audit plan in place.
    D. validate the organization's performance effectiveness utilizing cloud service providers (CSP) solutions.

  • Question 84:

    Which of the following is an example of integrity technical impact?

    A. The cloud provider reports a breach of customer personal data from an unsecured server.
    B. A hacker using a stolen administrator identity alerts the discount percentage in the product database.
    C. A DDoS attack renders the customer's cloud inaccessible for 24 hours.
    D. An administrator inadvertently click on Phish bait exposing his company to a ransomware attack.

  • Question 85:

    What should be the auditor's PRIMARY objective while examining a cloud service provider's (CSP's) SLA?

    A. Verifying whether commensurate compensation in the form of service credits is factored in if the CSC is unable to match its SLA obligations
    B. Verifying whether the SLA includes all the operational matters which are material to the operation of the service
    C. Verifying whether the SLA caters to the availability requirements of the cloud service customer (CSC)
    D. Verifying whether the SLAs are well-defined and measurable

  • Question 86:

    Policies and procedures shall be established, and supporting business processes and technical measures implemented, for maintenance of several items ensuring continuity and availability of operations and support personnel. Which of the following controls BEST matches this control description?

    A. Operations Maintenance
    B. System Development Maintenance
    C. Equipment Maintenance
    D. System Maintenance

  • Question 87:

    Who should define what constitutes a policy violation?

    A. The external auditor
    B. The organization
    C. The Internet service provider (ISP)
    D. The cloud provider

  • Question 88:

    In a situation where duties related to cloud risk management and control are split between an organization and its cloud service providers, which of the following would BEST help to ensure a coordinated approach to risk and control processes?

    A. Establishing a joint security operations center
    B. Automating reporting of risk and control compliance
    C. Co-locating compliance management specialists
    D. Maintaining a centralized risk and controls dashboard

  • Question 89:

    Which of the following is the MOST significant difference between a cloud risk management program and a traditional risk management program?

    A. Virtualization of the IT landscape
    B. Shared responsibility model
    C. Risk management practices adopted by the cloud service provider
    D. Hosting sensitive information in the cloud environment

  • Question 90:

    The PRIMARY purpose of Open Certification Framework (OCF) for the CSA STAR program is to:

    A. facilitate an effective relationship between the cloud service provider and cloud client.
    B. ensure understanding of true risk and perceived risk by the cloud service users.
    C. provide global, accredited, and trusted certification of the cloud service provider.
    D. enable the cloud service provider to prioritize resources to meet its own requirements.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Isaca exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CCAK exam preparations and Isaca certification application, do not hesitate to visit our Vcedump.com to find your solutions here.