Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CCAK

ISACA CCAK Exam Questions
Certificate of Cloud Auditing Knowledge (Page 5 )

Updated On: 2-Mar-2026
Page 5 of 63
PDF with 334 Questions

When performing audits in relation to Business Continuity Management and Operational Resilience strategy, what would be the MOST critical aspect to audit in relation to the strategy of the cloud customer that should be formulated jointly with the cloud service provider?

  1. Validate if the strategy covers unavailability of all components required to operate the business-as-usual or in disrupted mode, in parts or total- when impacted by a disruption.
  2. Validate if the strategy covers all aspects of Business Continuity and Resilience planning, taking inputs from the assessed impact and risks, to consider activities for before, during, and after a disruption.
  3. Validate if the strategy covers all activities required to continue and recover prioritized activities within identified time frames and agreed capacity, aligned to the risk appetite of the organization including the invocation of continuity plans and crisis management capabilities.
  4. Validate if the strategy is developed by both cloud service providers and cloud service consumers within the acceptable limits of their risk appetite.

Answer(s): B



Which of the following metrics are frequently immature?

  1. Metrics around Infrastructure as a Service (IaaS) storage and network environments
  2. Metrics around Platform as a Service (PaaS) development environments
  3. Metrics around Infrastructure as a Service (IaaS) computing environments
  4. Metrics around specific Software as a Service (SaaS) application services

Answer(s): A



The MAIN difference between Cloud Control Matrix (CCM) and Consensus Assessment Initiative Questionnaire (CAIQ) is that:

  1. CCM assesses the presence of controls, whereas CAIQ assesses overall security of a service.
  2. CCM has a set of security questions, whereas CAIQ has a set of security controls.
  3. CCM has 14 domains and CAIQ has 16 domains.
  4. CCM provides a controls framework, whereas CAIQ provides industry-accepted ways to document which security controls exist in IaaS, PaaS, and SaaS offerings.

Answer(s): D

Explanation:


Reference:

https://sdtimes.com/cloud-security-alliance-unveils-governance-risk-management-and-compliancegrc-stack/



Which of the following is an example of financial business impact?

  1. A hacker using a stolen administrator identity brings down the SaaS sales and marketing systems, resulting in the inability to process customer orders or manage customer relationships.
  2. While the breach was reported in a timely manner to the CEO, the CFO and CISO blamed each other in public, resulting in a loss of public confidence that led the board to replace all three.
  3. A DDoS attack renders the customer's cloud inaccessible for 24 hours resulting in millions in lost sales.
  4. The cloud provider fails to report a breach of customer personal data from an unsecured server, resulting in GDPR fines of 10 million euro.

Answer(s): C



From the perspective of a senior cloud security audit practitioner in an organization of a mature security program with cloud adoption, which of the following statements BEST describes the DevSecOps concept?

  1. Process of security integration using automation in software development
  2. Development standards for addressing integration, testing, and deployment issues
  3. Operational framework that promotes software consistency through automation
  4. Making software development simpler, faster, and easier using automation

Answer(s): B


Reference:

https://www.synopsys.com/blogs/software-security/devsecops-challenges-benefits/



Viewing page 5 of 63
Viewing questions 21 - 25 out of 334 questions



Post your Comments and Discuss ISACA CCAK exam dumps with other Community members:

CCAK Exam Discussions & Posts

AI Tutor