CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CCAK

Free CCAK Exam Braindumps (page: 6)

Page 6 of 78
PDF with 308 Questions

Which of the following metrics are frequently immature?

  1. Metrics around Infrastructure as a Service (IaaS) storage and network environments
  2. Metrics around Platform as a Service (PaaS) development environments
  3. Metrics around Infrastructure as a Service (IaaS) computing environments
  4. Metrics around specific Software as a Service (SaaS) application services

Answer(s): A



The MAIN difference between Cloud Control Matrix (CCM) and Consensus Assessment Initiative Questionnaire (CAIQ) is that:

  1. CCM assesses the presence of controls, whereas CAIQ assesses overall security of a service.
  2. CCM has a set of security questions, whereas CAIQ has a set of security controls.
  3. CCM has 14 domains and CAIQ has 16 domains.
  4. CCM provides a controls framework, whereas CAIQ provides industry-accepted ways to document which security controls exist in IaaS, PaaS, and SaaS offerings.

Answer(s): D

Explanation:


Reference:

https://sdtimes.com/cloud-security-alliance-unveils-governance-risk-management-and-compliancegrc-stack/



Which of the following is an example of financial business impact?

  1. A hacker using a stolen administrator identity brings down the SaaS sales and marketing systems, resulting in the inability to process customer orders or manage customer relationships.
  2. While the breach was reported in a timely manner to the CEO, the CFO and CISO blamed each other in public, resulting in a loss of public confidence that led the board to replace all three.
  3. A DDoS attack renders the customer's cloud inaccessible for 24 hours resulting in millions in lost sales.
  4. The cloud provider fails to report a breach of customer personal data from an unsecured server, resulting in GDPR fines of 10 million euro.

Answer(s): C



From the perspective of a senior cloud security audit practitioner in an organization of a mature security program with cloud adoption, which of the following statements BEST describes the DevSecOps concept?

  1. Process of security integration using automation in software development
  2. Development standards for addressing integration, testing, and deployment issues
  3. Operational framework that promotes software consistency through automation
  4. Making software development simpler, faster, and easier using automation

Answer(s): B


Reference:

https://www.synopsys.com/blogs/software-security/devsecops-challenges-benefits/






Post your Comments and Discuss ISACA CCAK exam with other Community members:

CCAK Exam Discussions & Posts