Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CCAK

ISACA CCAK Exam Questions
Certificate of Cloud Auditing Knowledge (Page 11 )

Updated On: 12-Apr-2026
Page 11 of 63
PDF with 334 Questions

Which of the following is the risk associated with storing data in a cloud that crosses jurisdictions?

  1. Compliance risk
  2. Provider administration risk
  3. Audit risk
  4. Virtualization risk

Answer(s): A


Reference:

http://webcache.googleusercontent.com/search?q=cache:9OK2cQSAR3oJ:www.aph.gov.au/DocumentStore.ashx%3Fid%3D88403640-14b5-4c3e-8dd7-315bb5067ba4+&cd=1&hl=en&ct=clnk&gl=pk



Since CCM allows cloud customers to build a detailed list of requirements and controls to be implemented by the CSP as part of their overall third-party risk management and procurement program, will CCM alone be enough to define all the items to be considered when operating/using cloud services?

  1. No. CCM must be completed with definitions established by the CSP because of its relevance to service continuity.
  2. Yes. CCM suffices since it maps a huge library of widely accepted frameworks.
  3. Yes. When implemented in the right manner, CCM alone can help to measure, assess and monitor the risk associated with a CSP or a particular service.
  4. No. CCM can serve as a foundation for a cloud assessment program, but it needs to be completed with requirements applicable to each company.

Answer(s): C



During an audit it was identified that a critical application hosted in an off-premises cloud is not part of the organization’s DRP (Disaster Recovery Plan). Management stated that it is responsible for ensuring that the cloud service provider (CSP) has a plan that is tested annually. What should be the auditor’s NEXT course of action?

  1. Review the CSP audit reports.
  2. Review the security white paper of the CSP.
  3. Review the contract and DR capability.
  4. Plan an audit of the CSP.

Answer(s): B



Which of the following is the BEST recommendation to offer an organization’s HR department planning to adopt a new public SaaS application to ease the recruiting process?

  1. Ensure HIPAA compliance
  2. Implement a cloud access security broker
  3. Consult the legal department
  4. Do not allow data to be in cleratext

Answer(s): B


Reference:

https://www.mcafee.com/enterprise/en-us/security-awareness/cloud/what-is-a-casb.html



In which control should a cloud service provider, upon request, inform customers of compliance impact and risk, especially if customer data is used as part of the services?

  1. Service Provider control
  2. Impact and Risk control
  3. Data Inventory control
  4. Compliance control

Answer(s): A


Reference:

https://rmas.fad.harvard.edu/cloud-service-providers



Viewing page 11 of 63
Viewing questions 51 - 55 out of 334 questions



Post your Comments and Discuss ISACA CCAK exam dumps with other Community members:

CCAK Exam Discussions & Posts

AI Tutor AI Tutor 👋 I’m here to help!