Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CCAK

ISACA CCAK Exam Questions
Certificate of Cloud Auditing Knowledge (Page 2 )

Updated On: 2-Mar-2026
Page 2 of 63
PDF with 334 Questions

Changes to which of the following will MOST likely influence the expansion or reduction of controls required to remediate the risk arising from changes to an organization’s SaaS vendor?

  1. Risk exceptions policy
  2. Contractual requirements
  3. Risk appetite
  4. Board oversight

Answer(s): C

Explanation:


Reference:

https://assets.kpmg/content/dam/kpmg/ch/pdf/key-risks-internal-audit-2018.pdf



A CSP contracts for a penetration test to be conducted on its infrastructures. The auditor engages the target with no prior knowledge of its defenses, assets, or channels. The CSP?s security operation center is not notified in advance of the scope of the audit and the test vectors. Which mode is selected by the CSP?

  1. Double gray box
  2. Tandem
  3. Reversal
  4. Double blind

Answer(s): D


Reference:

https://business-iq.net/articles/4327-EN-these-are-the-different-types-of-penetration-testing



Due to cloud audit team resource constraints, an audit plan as initially approved cannot be completed. Assuming that the situation is communicated in the cloud audit report, which course of action is MOST relevant?

  1. Focusing on auditing high-risk areas
  2. Testing the adequacy of cloud controls design
  3. Relying on management testing of cloud controls
  4. Testing the operational effectiveness of cloud controls

Answer(s): A

Explanation:


Reference:

https://www.ucop.edu/ethics-compliance-audit-services/_files/webinars/10-14-16-cloud-computing/cloudcomputing.pdf (31)
Explanation:



In an organization, how are policy violations MOST likely to occur?

  1. By accident
  2. Deliberately by the ISP
  3. Deliberately
  4. Deliberately by the cloud provider

Answer(s): A



Which of the following is the BEST tool to perform cloud security control audits?

  1. General Data Protection Regulation (GDPR)
  2. ISO 27001
  3. Federal Information Processing Standard (FIPS) 140-2
  4. CSA Cloud Control Matrix (CCM)

Answer(s): D


Reference:

https://www.isaca.org/resources/news-and-trends/newsletters/atisaca/2021/volume- 22/preventingthe-next-cybersecurity-attack-with-effective-cloud-security-audits



Viewing page 2 of 63
Viewing questions 6 - 10 out of 334 questions



Post your Comments and Discuss ISACA CCAK exam dumps with other Community members:

CCAK Exam Discussions & Posts

AI Tutor