Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CCAK

ISACA CCAK Exam
Certificate of Cloud Auditing Knowledge (Page 4 )

Updated On: 1-Feb-2026
Page 4 of 63
PDF with 334 Questions

Which of the following is the risk associated with storing data in a cloud that crosses jurisdictions?

  1. Compliance risk
  2. Provider administration risk
  3. Audit risk
  4. Virtualization risk

Answer(s): A


Reference:

http://webcache.googleusercontent.com/search?q=cache:9OK2cQSAR3oJ:www.aph.gov.au/DocumentStore.ashx%3Fid%3D88403640-14b5-4c3e-8dd7-315bb5067ba4+&cd=1&hl=en&ct=clnk&gl=pk



Which of the following is a fundamental concept of FedRAMP that intends to save costs, time, and staff conducting superfluous agency security assessments?

  1. Use often, provide many times
  2. Be economical, act deliberately
  3. Use existing, provide many times
  4. Do once, use many times

Answer(s): D

Explanation:


Reference:

https://www.fedramp.gov/assets/resources/documents/FedRAMP_Security_Assessment_Framework.pdf (2)



The Open Certification Framework is structured on three levels of trust. Those three levels of trust are:

  1. CSA STAR Self-Assessment, STAR Certification & Attestation (Third-party Assessment), STAR Compliance
  2. CSA STAR Audit, STAR Certification & Attestation (Third-party Assessment), STAR Continuous
  3. CSA STAR Self-Assessment, STAR Certification & Attestation (Third-party Assessment), STAR Monitoring and Control
  4. CSA STAR Self-Assessment, STAR Certification & Attestation (Third-party Assessment), STAR Continuous

Answer(s): D


Reference:

https://www.cloudwatchhub.eu/cloud-security-alliance-open-certification-framework



What aspect of SaaS functionality and operations would the cloud customer be responsible for and should be audited?

  1. Access controls
  2. Vulnerability management
  3. Source code reviews
  4. Patching

Answer(s): A


Reference:

https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=919233



Which of the following would be the GREATEST governance challenge to an organization where production is hosted in a public cloud and backups are held on the premises?

  1. Aligning the cloud service delivery with the organization’s objective
  2. Aligning the cloud provider’s SLA with the organization’s policy
  3. Aligning shared responsibilities between provider and customer
  4. Aligning the organization’s activity with the cloud provider’s policy

Answer(s): A


Reference:

https://arxiv.org/ftp/arxiv/papers/1303/1303.4814.pdf



Viewing page 4 of 63
Viewing questions 16 - 20 out of 334 questions



Post your Comments and Discuss ISACA CCAK exam prep with other Community members:

Join the CCAK Discussion