CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CCAK

Free CCAK Exam Braindumps (page: 10)

Page 10 of 78
PDF with 308 Questions

An organization has an ISMS implemented, following ISO 27001 and Annex A controls. The CIO would like to migrate some of the infrastructure to the cloud. Which of the following standards would BEST assist in identifying controls to consider for this migration?

  1. ISO/IEC 27701
  2. ISO/IEC 22301
  3. ISO/IEC 27002
  4. ISO/IEC 27017

Answer(s): D

Explanation:

ISO/IEC 27017 standard defines the requirements for an information security management system (ISMS). Note that the entire organization is not necessarily affected by the standard, because it all depends on the scope of the ISMS. The scope could be limited by the provider to one group within an organization, and there is no guarantee that any group outside of the scope has appropriate ISMSs in place. It is up to the auditor to verify that the scope of the engagement is ?fit for purpose.? As the customer, you are responsible for determining whether the scope of the certification is relevant for your purposes.



An organization is in the initial phases of cloud adoption. It is not very knowledgeable about cloud security and cloud shared responsibility models. Which of the following approaches is BEST suited for such an organization to evaluate its cloud security?

  1. Use of an established standard/regulation to map controls and use as the audit criteria
  2. For efficiency reasons, use of its on-premises systems’ audit criteria to audit the cloud environment
  3. As this is the initial stage, the ISO/IEC 27001 certificate shared by the cloud service provider is sufficient for audit and compliance purposes.
  4. Development of the cloud security audit criteria based on its own internal audit test plans to ensure appropriate coverage

Answer(s): A



Which of the following controls framework should the cloud customer use to assess the overall security risk of a cloud provider?

  1. SOC3 - Type2
  2. Cloud Control Matrix (CCM)
  3. SOC2 - Type1
  4. SOC1 - Type1

Answer(s): C

Explanation:


Reference:

https://www.isaca.org/resources/news-and-trends/newsletters/atisaca/2021/volume-
22/preventingthe-next-cybersecurity-attack-with-effective-cloud-security-audits



Which of the following aspects of risk management involves identifying the potential reputational harm and/or financial harm when an incident occurs?

  1. Mitigations
  2. Residual risk
  3. Likelihood
  4. Impact Analysis

Answer(s): D


Reference:

https://compliancecosmos.org/chapter-5-step-three-determining-impact-occurrence



Page 10 of 78



Post your Comments and Discuss ISACA CCAK exam with other Community members:

ccak commented on June 08, 2023
ccak is hard
Anonymous
upvote