Independence Day Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

Your Path to Success: How to Pass the Isaca CCAK Certificate of Cloud Auditing Knowledge Exam

Questions 11

It is MOST important for an auditor to be aware that an inventory of assets within a cloud environment:

Options:

A.

should be mapped only if discovered during the audit.

B.

is not fundamental for the security management program, as this is a cloud service.

C.

can be a misleading source of data.

D.

is fundamental for the security management program

Buy Now
Questions 12

In a multi-level supply chain structure where cloud service provider A relies on other sub cloud services, the provider should ensure that any compliance requirements relevant to the provider are:

Options:

A.

passed to the sub cloud service providers based on the sub cloud service providers' geographic location.

B.

passed to the sub cloud service providers.

C.

treated as confidential information and withheld from all sub cloud service providers.

D.

treated as sensitive information and withheld from certain sub cloud service providers.

Buy Now
Questions 13

Which of the following is the PRIMARY component to determine the success or failure of an organization’s cloud compliance program?

Options:

A.

Defining the metrics and indicators to monitor the implementation of the compliance program

B.

Determining the risk treatment options to be used in the compliance program

C.

Mapping who possesses the information and data that should drive the compliance goals

D.

Selecting the external frameworks that will be used as reference

Buy Now
Questions 14

What is below the waterline in the context of cloud operationalization?

Options:

A.

The controls operated by the customer

B.

The controls operated by both

C.

The controls operated by the cloud access security broker (CASB)

D.

The controls operated by the cloud service provider

Buy Now
Questions 15

Which of the following is the BEST tool to perform cloud security control audits?

Options:

A.

General Data Protection Regulation (GDPR)

B.

Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM)

C.

Federal Information Processing Standard (FIPS) 140-2

D.

ISO 27001

Buy Now
Questions 16

In relation to testing business continuity management and operational resilience, an auditor should review which of the following database documentation?

Options:

A.

Database backup and replication guidelines

B.

System backup documentation

C.

Incident management documentation

D.

Operational manuals

Buy Now
Questions 17

Which of the following standards is designed to be used by organizations for cloud services that intend to select controls within the process of implementing an information security management system based on ISO/IEC 27001?

Options:

A.

ISO/IEC 27017:2015

B.

ISO/IEC 27002

C.

NIST SP 800-146

D.

Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM)

Buy Now
Questions 18

During the cloud service provider evaluation process, which of the following BEST helps identify baseline configuration requirements?

Options:

A.

Vendor requirements

B.

Product benchmarks

C.

Benchmark controls lists

D.

Contract terms and conditions

Buy Now
Questions 19

Which of the following is the MOST relevant question in the cloud compliance program design phase?

Options:

A.

Who owns the cloud services strategy?

B.

Who owns the cloud strategy?

C.

Who owns the cloud governance strategy?

D.

Who owns the cloud portfolio strategy?

Buy Now
Questions 20

Which of the following types of SOC reports BEST helps to ensure operating effectiveness of controls in a cloud service provider offering?

Options:

A.

SOC 3 Type 2

B.

SOC 2 Type 2

C.

SOC 1 Type 1

D.

SOC 2 Type 1

Buy Now