CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CCAK

Free CCAK Exam Braindumps (page: 26)

Page 26 of 78
PDF with 308 Questions

Prioritizing assurance activities for an organization’s cloud services portfolio depends PRIMARILY on an organization’s ability to:

  1. schedule frequent reviews with high-risk cloud service providers.
  2. develop plans using a standardized risk-based approach.
  3. maintain a comprehensive cloud service inventory.
  4. collate views from various business functions using cloud services.

Answer(s): A



If the degree of verification for information shared with the auditor during an audit is low, the auditor should:

  1. reject the information as audit evidence.
  2. stop evaluating the requirement altogether and review other audit areas.
  3. delve deeper to obtain the required information to decide conclusively.
  4. use professional judgment to determine the degree of reliance that can be placed on the information as evidence.

Answer(s): D



Which best describes the difference between a type 1 and a type 2 SOC report?

  1. A type 2 SOC report validates the operating effectiveness of controls whereas a type 1 SOC report validates the suitability of the design of the controls.
  2. A type 2 SOC report validates the suitability of the design of the controls whereas a type 1 SOC report validates the operating effectiveness of controls.
  3. A type 1 SOC report provides an attestation whereas a type 2 SOC report offers a certification.
  4. There is no difference between a type 2 and type 1 SOC report.

Answer(s): C


Reference:

https://www.accountingtools.com/articles/2019/8/30/the-difference-between-soc-type-1-and-type-2-reports



You have been assigned the implementation of an ISMS, whose scope must cover both on premise and cloud infrastructure. Which of the following is your BEST option?

  1. Implement ISO/IEC 27002 and complement it with additional controls from the CCM.
  2. Implement ISO/IEC 27001 and complement it with additional controls from ISO/IEC 27017.
  3. Implement ISO/IEC 27001 and complement it with additional controls from ISO/IEC 27002.
  4. Implement ISO/IEC 27001 and complement it with additional controls from the NIST SP 800-145.

Answer(s): B



Page 26 of 78



Post your Comments and Discuss ISACA CCAK exam with other Community members:

ccak commented on June 08, 2023
ccak is hard
Anonymous
upvote