ISACA Certificate of Cloud Auditing Knowledge CCAK Dumps in PDF

Free ISACA CCAK Real Questions (page: 10)

Which of the following is the risk associated with storing data in a cloud that crosses jurisdictions?

  1. Compliance risk
  2. Provider administration risk
  3. Audit risk
  4. Virtualization risk

Answer(s): A


Reference:

http://webcache.googleusercontent.com/search?q=cache:9OK2cQSAR3oJ:www.aph.gov.au/DocumentStore.ashx%3Fid%3D88403640-14b5-4c3e-8dd7-315bb5067ba4+&cd=1&hl=en&ct=clnk&gl=pk



Since CCM allows cloud customers to build a detailed list of requirements and controls to be implemented by the CSP as part of their overall third-party risk management and procurement program, will CCM alone be enough to define all the items to be considered when operating/using cloud services?

  1. No. CCM must be completed with definitions established by the CSP because of its relevance to service continuity.
  2. Yes. CCM suffices since it maps a huge library of widely accepted frameworks.
  3. Yes. When implemented in the right manner, CCM alone can help to measure, assess and monitor the risk associated with a CSP or a particular service.
  4. No. CCM can serve as a foundation for a cloud assessment program, but it needs to be completed with requirements applicable to each company.

Answer(s): C



During an audit it was identified that a critical application hosted in an off-premises cloud is not part of the organization’s DRP (Disaster Recovery Plan). Management stated that it is responsible for ensuring that the cloud service provider (CSP) has a plan that is tested annually. What should be the auditor’s NEXT course of action?

  1. Review the CSP audit reports.
  2. Review the security white paper of the CSP.
  3. Review the contract and DR capability.
  4. Plan an audit of the CSP.

Answer(s): B



Which of the following is the BEST recommendation to offer an organization’s HR department planning to adopt a new public SaaS application to ease the recruiting process?

  1. Ensure HIPAA compliance
  2. Implement a cloud access security broker
  3. Consult the legal department
  4. Do not allow data to be in cleratext

Answer(s): B


Reference:

https://www.mcafee.com/enterprise/en-us/security-awareness/cloud/what-is-a-casb.html



In which control should a cloud service provider, upon request, inform customers of compliance impact and risk, especially if customer data is used as part of the services?

  1. Service Provider control
  2. Impact and Risk control
  3. Data Inventory control
  4. Compliance control

Answer(s): A


Reference:

https://rmas.fad.harvard.edu/cloud-service-providers



Share your comments for ISACA CCAK exam with other users:

T
Tanvi Rajput
10/6/2023 6:50:00 AM

question 11: d i personally feel some answers are wrong.

A
Anil
7/18/2023 9:38:00 AM

nice questions

C
Chris
8/26/2023 1:10:00 AM

looking for c1000-158: ibm cloud technical advocate v4 questions

S
sachin
6/27/2023 1:22:00 PM

can you share the pdf

B
Blessious Phiri
8/13/2023 10:26:00 AM

admin ii is real technical stuff

L
Luis Manuel
7/13/2023 9:30:00 PM

could you post the link

V
vijendra
8/18/2023 7:54:00 AM

hello send me dumps

S
Simeneh
7/9/2023 8:46:00 AM

it is very nice

J
john
11/16/2023 5:13:00 PM

i gave the amazon dva-c02 tests today and passed. very helpful.

T
Tao
11/20/2023 8:53:00 AM

there is an incorrect word in the problem statement. for example, in question 1, there is the word "speci c". this is "specific. in the other question, there is the word "noti cation". this is "notification. these mistakes make this site difficult for me to use.

P
patricks
10/24/2023 6:02:00 AM

passed my az-120 certification exam today with 90% marks. studied using the dumps highly recommended to all.

A
Ananya
9/14/2023 5:17:00 AM

i need it, plz make it available

J
JM
12/19/2023 2:41:00 PM

q47: intrusion prevention system is the correct answer, not patch management. by definition, there are no patches available for a zero-day vulnerability. the way to prevent an attacker from exploiting a zero-day vulnerability is to use an ips.

R
Ronke
8/18/2023 10:39:00 AM

this is simple but tiugh as well

C
CesarPA
7/12/2023 10:36:00 PM

questão 4, segundo meu compilador local e o site https://www.jdoodle.com/online-java-compiler/, a resposta correta é "c" !

J
Jeya
9/13/2023 7:50:00 AM

its very useful

T
Tracy
10/24/2023 6:28:00 AM

i mastered my skills and aced the comptia 220-1102 exam with a score of 920/1000. i give the credit to for my success.

J
James
8/17/2023 4:33:00 PM

real questions

A
Aderonke
10/23/2023 1:07:00 PM

very helpful assessments

S
Simmi
8/24/2023 7:25:00 AM

hi there, i would like to get dumps for this exam

J
johnson
10/24/2023 5:47:00 AM

i studied for the microsoft azure az-204 exam through it has 100% real questions available for practice along with various mock tests. i scored 900/1000.

M
Manas
9/9/2023 1:48:00 AM

please upload 1z0-1072-23 exam dups

S
SB
9/12/2023 5:15:00 AM

i was hoping if you could please share the pdf as i’m currently preparing to give the exam.

J
Jagjit
8/26/2023 5:01:00 PM

i am looking for oracle 1z0-116 exam

S
S Mallik
11/27/2023 12:32:00 AM

where we can get the answer to the questions

P
PiPi Li
12/12/2023 8:32:00 PM

nice questions

D
Dan
8/10/2023 4:19:00 PM

question 129 is completely wrong.

G
gayathiri
7/6/2023 12:10:00 AM

i need dump

D
Deb
8/15/2023 8:28:00 PM

love the site.

M
Michelle
6/23/2023 4:08:00 AM

can you please upload it back?

A
Ajay
10/3/2023 12:17:00 PM

could you please re-upload this exam? thanks a lot!

H
him
9/30/2023 2:38:00 AM

great about shared quiz

S
San
11/14/2023 12:46:00 AM

goood helping

W
Wang
6/9/2022 10:05:00 PM

pay attention to questions. they are very tricky. i waould say about 80 to 85% of the questions are in this exam dump.

AI Tutor 👋 I’m here to help!