CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CCAK

Free CCAK Exam Braindumps (page: 33)

Page 7 of 78
PDF with 308 Questions

Which of the following is MOST important to consider when developing an effective threat model during the introduction of a new SaaS service into a customer organization’s architecture? The threat model:

  1. recognizes the shared responsibility for risk management between the customer and the CSP.
  2. leverages SaaS threat models developed by peer organizations.
  3. is developed by an independent third-party with expertise in the organization’s industry sector.
  4. considers the loss of visibility and control from transitioning to the cloud.

Answer(s): A



While performing the audit, the auditor found that an object storage bucket containing PII could be accessed by anyone on the Internet. Given this discovery, what should be the most appropriate action for the auditor to perform?

  1. Highlighting the gap to the audit sponsor at the sponsor’s earliest possible availability
  2. Asking the organization’s cloud administrator to immediately close the gap by updating the configuration settings and making the object storage bucket private and hence inaccessible from the Internet
  3. Documenting the finding in the audit report and sharing the gap with the relevant stakeholders
  4. Informing the organization’s internal audit manager immediately about the gap

Answer(s): C


Reference:

https://www.isaca.org/resources/isaca-journal/issues/2020/volume-1/is-audit-basics-thecomponents-of-the-it-audit-report



To qualify for CSA STAR attestation for a particular cloud system, the SOC 2 report must cover:

  1. ISO/I?? 27001: 2013 controls.
  2. maturity model criteria.
  3. all Cloud Control Matrix (CCM) controls and TSPC security principles.
  4. Cloud Control Matrix (CCM) and ISO/IEC 27001:2013 controls.

Answer(s): C


Reference:

https://downloads.cloudsecurityalliance.org/star/attestation/GuidelinesforCPAsv2.pdf (8)



Which of the following is MOST important to consider when an organization is building a compliance program for the cloud?

  1. The rapidly changing service portfolio and architecture of the cloud.
  2. Cloud providers should not be part of the compliance program.
  3. The fairly static nature of the service portfolio and architecture of the cloud.
  4. The cloud is similar to the on-premise environment in terms of compliance.

Answer(s): A






Post your Comments and Discuss ISACA CCAK exam with other Community members:

CCAK Exam Discussions & Posts