CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CCAK

Free CCAK Exam Braindumps (page: 7)

Page 7 of 78
PDF with 308 Questions

When developing a cloud compliance program, what is the PRIMARY reason for a cloud customer to review which cloud services will be deployed?

  1. To determine how those services will fit within its policies and procedures
  2. To determine the total cost of the cloud services to be deployed
  3. To confirm which vendor will be selected based on the compliance with security requirements
  4. To confirm if the compensating controls implemented are sufficient for the cloud

Answer(s): A


Reference:

https://www.isaca.org/credentialing/certificate-of-cloud-auditing-knowledge



Which of the following attestation allows for immediate adoption of the Cloud Control Matrix (CCM) as additional criteria to AICPA Trust Service Criteria and provides the flexibility to update the criteria as technology and market requirements change?

  1. PC-IDSS
  2. CSA STAR Attestation
  3. MTCS
  4. BSI Criteria Catalogue C5

Answer(s): B

Explanation:


Reference:

https://www.sciencedirect.com/topics/computer-science/cloud-controls-matrix



To ensure that cloud audit resources deliver the best value to the organization, the PRIMARY step would be to:

  1. develop a cloud audit plan on the basis of a detailed risk assessment.
  2. schedule the audits and monitor the time spent on each audit.
  3. train the cloud audit staff on current technology used in the organization.
  4. monitor progress of audits and initiate cost control measures.

Answer(s): A

Explanation:

It delivers value to the organization are the resources and efforts being dedicated to, and focused on, the higher-risk areas.



Which of the following is an example of integrity technical impact?

  1. The cloud provider reports a breach of customer personal data from an unsecured server.
  2. A hacker using a stolen administrator identity alerts the discount percentage in the product database.
  3. A DDoS attack renders the customer’s cloud inaccessible for 24 hours.
  4. An administrator inadvertently clicked on Phish bait exposing his company to a ransomware attack.

Answer(s): D

Explanation:


Reference:

https://www.kroll.com/en/insights/publications/technology-impact-on-integrity-and-businesspractices



Page 7 of 78



Post your Comments and Discuss ISACA CCAK exam with other Community members:

ccak commented on June 08, 2023
ccak is hard
Anonymous
upvote