Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CCAK

ISACA CCAK Exam
Certificate of Cloud Auditing Knowledge (Page 10 )

Updated On: 9-Feb-2026
Page 10 of 63
PDF with 334 Questions

When using a SaaS solution, who is responsible for application security?

  1. The cloud service provider only
  2. The cloud service consumer only
  3. Both cloud consumer and the enterprise
  4. Both cloud provider and the consumer

Answer(s): A

Explanation:


Reference:

https://www.paloaltonetworks.com/cyberpedia/cloud-security-is-a-sharedresponsibility#:~: text=SaaS%3A%20SaaS%20vendors%20are%20primarily,how%20customers%20use%20the%20applications



Which of the following would be the GREATEST governance challenge to an organization where production is hosted in a public cloud and backups are held on the premises?

  1. Aligning the cloud service delivery with the organization’s objective
  2. Aligning the cloud provider’s SLA with the organization’s policy
  3. Aligning shared responsibilities between provider and customer
  4. Aligning the organization’s activity with the cloud provider’s policy

Answer(s): A


Reference:

https://arxiv.org/ftp/arxiv/papers/1303/1303.4814.pdf



What aspect of SaaS functionality and operations would the cloud customer be responsible for and should be audited?

  1. Access controls
  2. Vulnerability management
  3. Source code reviews
  4. Patching

Answer(s): A


Reference:

https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=919233



The Open Certification Framework is structured on three levels of trust. Those three levels of trust are:

  1. CSA STAR Self-Assessment, STAR Certification & Attestation (Third-party Assessment), STAR Compliance
  2. CSA STAR Audit, STAR Certification & Attestation (Third-party Assessment), STAR Continuous
  3. CSA STAR Self-Assessment, STAR Certification & Attestation (Third-party Assessment), STAR Monitoring and Control
  4. CSA STAR Self-Assessment, STAR Certification & Attestation (Third-party Assessment), STAR Continuous

Answer(s): D


Reference:

https://www.cloudwatchhub.eu/cloud-security-alliance-open-certification-framework



Which of the following is a fundamental concept of FedRAMP that intends to save costs, time, and staff conducting superfluous agency security assessments?

  1. Use often, provide many times
  2. Be economical, act deliberately
  3. Use existing, provide many times
  4. Do once, use many times

Answer(s): D

Explanation:


Reference:

https://www.fedramp.gov/assets/resources/documents/FedRAMP_Security_Assessment_Framework.pdf (2)






Post your Comments and Discuss ISACA CCAK exam prep with other Community members:

Join the CCAK Discussion