Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CCAK

ISACA CCAK Exam
Certificate of Cloud Auditing Knowledge (Page 5 )

Updated On: 1-Feb-2026
Page 5 of 63
PDF with 334 Questions

When using a SaaS solution, who is responsible for application security?

  1. The cloud service provider only
  2. The cloud service consumer only
  3. Both cloud consumer and the enterprise
  4. Both cloud provider and the consumer

Answer(s): A

Explanation:


Reference:

https://www.paloaltonetworks.com/cyberpedia/cloud-security-is-a-sharedresponsibility#:~: text=SaaS%3A%20SaaS%20vendors%20are%20primarily,how%20customers%20use%20the%20applications



To assist an organization with planning a cloud migration strategy to execution, an auditor should recommend the use of:

  1. object-oriented architecture.
  2. software architecture.
  3. service-oriented architecture.
  4. enterprise architecture.

Answer(s): C



Which of the following aspects of risk management involves identifying the potential reputational harm and/or financial harm when an incident occurs?

  1. Mitigations
  2. Residual risk
  3. Likelihood
  4. Impact Analysis

Answer(s): D


Reference:

https://compliancecosmos.org/chapter-5-step-three-determining-impact-occurrence



How should controls be designed by an organization?

  1. By the internal audit team
  2. Using the ISO27001 framework
  3. By the cloud provider
  4. Using the organization’s risk management framework

Answer(s): A


Reference:

https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2016/internal-control-key-todelivering-stakeholder-value



Your company is purchasing an application from a vendor. They do not allow you to perform an on-site audit on their information system. However, they say, they will provide the third-party audit attestation on the adequate control design within their environment. Which report is the vendor providing you?

  1. SOC 3
  2. SOC 2, TYPE 2
  3. SOC 1
  4. SOC 2, TYPE 1

Answer(s): B


Reference:

https://www.isaca.org/resources/isaca-journal/issues/2019/volume-6/soc-reports-for-cloud-securityand-privacy



Viewing page 5 of 63
Viewing questions 21 - 25 out of 334 questions



Post your Comments and Discuss ISACA CCAK exam prep with other Community members:

Join the CCAK Discussion