Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CCAK

ISACA CCAK Exam Questions
Certificate of Cloud Auditing Knowledge (Page 7 )

Updated On: 12-Apr-2026
Page 7 of 63
PDF with 334 Questions

Which of the following attestation allows for immediate adoption of the Cloud Control Matrix (CCM) as additional criteria to AICPA Trust Service Criteria and provides the flexibility to update the criteria as technology and market requirements change?

  1. PC-IDSS
  2. CSA STAR Attestation
  3. MTCS
  4. BSI Criteria Catalogue C5

Answer(s): B

Explanation:


Reference:

https://www.sciencedirect.com/topics/computer-science/cloud-controls-matrix



To ensure that cloud audit resources deliver the best value to the organization, the PRIMARY step would be to:

  1. develop a cloud audit plan on the basis of a detailed risk assessment.
  2. schedule the audits and monitor the time spent on each audit.
  3. train the cloud audit staff on current technology used in the organization.
  4. monitor progress of audits and initiate cost control measures.

Answer(s): A

Explanation:

It delivers value to the organization are the resources and efforts being dedicated to, and focused on, the higher-risk areas.



Which of the following is an example of integrity technical impact?

  1. The cloud provider reports a breach of customer personal data from an unsecured server.
  2. A hacker using a stolen administrator identity alerts the discount percentage in the product database.
  3. A DDoS attack renders the customer’s cloud inaccessible for 24 hours.
  4. An administrator inadvertently clicked on Phish bait exposing his company to a ransomware attack.

Answer(s): D

Explanation:


Reference:

https://www.kroll.com/en/insights/publications/technology-impact-on-integrity-and-businesspractices



What is a sign of an organization that has adopted a shift-left concept of code release cycles?

  1. A waterfall model to move resources through the development to release phases
  2. Incorporation of automation to identify and address software code problems early
  3. Maturity of start-up entities with high-iteration to low-volume code commits
  4. Large entities with slower release cadences and geographical dispersed systems

Answer(s): B


Reference:

https://www.ibm.com/cloud/learn/devsecops



Cloud Control Matrix (CCM) controls can be used by cloud customers to:

  1. develop new security baselines for the industry.
  2. define different control frameworks for different cloud service providers.
  3. facilitate communication with their legal department.
  4. build an operational cloud risk management program.

Answer(s): B

Explanation:


Reference:

https://cloudsecurityalliance.org/blog/2020/10/16/what-is-the-cloud-controls-matrix-ccm/



Viewing page 7 of 63
Viewing questions 31 - 35 out of 334 questions



Post your Comments and Discuss ISACA CCAK exam dumps with other Community members:

CCAK Exam Discussions & Posts

AI Tutor AI Tutor 👋 I’m here to help!