Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CCAK

ISACA CCAK Exam
Certificate of Cloud Auditing Knowledge (Page 6 )

Updated On: 1-Feb-2026
Page 6 of 63
PDF with 334 Questions

Which of the following would be the MOST critical finding of an application security and DevOps audit?

  1. The organization is not using a unified framework to integrate cloud compliance with regulatory requirements.
  2. Application architecture and configurations did not consider security measures.
  3. Outsourced cloud service interruption, breach or loss of data stored at the cloud service provider.
  4. Certifications with global security standards specific to cloud are not reviewed and the impact of noted findings are not assessed.

Answer(s): B



Which plan will guide an organization on how to react to a security incident that might occur on the organization’s systems, or that might be affecting one of their service providers?

  1. Incident Response Plans
  2. Security Incident Plans
  3. Unexpected Event Plans
  4. Emergency Incident Plans

Answer(s): A



A CSP providing cloud services currently being used by the United States federal government should obtain which of the following to assure compliance to stringent government standards?

  1. Multi-Tier Cloud Security (MTCS) Attestation
  2. FedRAMP Authorization
  3. ISO/IEC 27001:2013 Certification
  4. CSA STAR Level Certificate

Answer(s): B

Explanation:


Reference:

https://www.ftptoday.com/blog/benefits-using-fedramp-authorized-cloud-service-provider



The rapid and dynamic rate of changes found in a cloud environment affects the organization’s:

  1. risk profile.
  2. risk appetite.
  3. risk scoring.
  4. risk communication.

Answer(s): B



A cloud customer configured and developed a solution on top of the certified cloud services. Building on top of a compliant CSP:

  1. means that the cloud customer is also compliant.
  2. means that the cloud customer and client are both compliant.
  3. means that the cloud customer is compliant but their client is not compliant.
  4. does not necessarily mean that the cloud customer is also compliant.

Answer(s): D



Viewing page 6 of 63
Viewing questions 26 - 30 out of 334 questions



Post your Comments and Discuss ISACA CCAK exam prep with other Community members:

Join the CCAK Discussion