ISACA Certificate of Cloud Auditing Knowledge CCAK Dumps in PDF

Free ISACA CCAK Real Questions (page: 3)

The PRIMARY objective of an audit initiation meeting with a cloud audit client is to:

  1. select the methodology of the audit.
  2. review requested evidence provided by the audit client.
  3. discuss the scope of the cloud audit.
  4. identify resource requirements of the cloud audit.

Answer(s): C



Policies and procedures shall be established, and supporting business processes and technical measures implemented, for maintenance of several items ensuring continuity and availability of operations and support personnel. Which of the following controls BEST matches this control description?

  1. Operations Maintenance
  2. System Development Maintenance
  3. Equipment Maintenance
  4. System Maintenance

Answer(s): A


Reference:

https://www.sapidata.sm/img/cms/CAIQ_v3-1_2020-01-13.pdf (2)



An auditor identifies that a CSP received multiple customer inquiries and RFPs during the last month. Which of the following should be the BEST recommendation to reduce the CSP burden?

  1. CSP can share all security reports with customers to streamline the process.
  2. CSP can schedule a call with each customer.
  3. CSP can answer each customer individually.
  4. CSP can direct all customers’ inquiries to the information in the CSA STAR registry.

Answer(s): D

Explanation:


Reference:

https://cloudsecurityalliance.org/star/registry/



Which of the following approaches encompasses social engineering of staff, bypassing of physical access controls and penetration testing?

  1. Blue team
  2. White box
  3. Gray box
  4. Red team

Answer(s): B


Reference:

https://www.isaca.org/resources/isaca-journal/issues/2016/volume-5/planning-for-informationsecurity-testinga-practical-approach



When applying the Top Threats Analysis methodology following an incident, what is the scope of the technical impact identification step?

  1. Determine the impact on the controls that were selected by the organization to respond to identified risks.
  2. Determine the impact on confidentiality, integrity and availability of the information system.
  3. Determine the impact on the financial, operational, compliance and reputation of the organization.
  4. Determine the impact on the physical and environmental security of the organization, excluding informational assets.

Answer(s): D



Share your comments for ISACA CCAK exam with other users:

P
Puneeth
10/5/2023 2:06:00 AM

new to this site but i feel it is good

A
Ashok Kumar
1/2/2024 6:53:00 AM

the correct answer to q8 is b. explanation since the mule app has a dependency, it is necessary to include project modules and dependencies to make sure the app will run successfully on the runtime on any other machine. source code of the component that the mule app is dependent of does not need to be included in the exported jar file, because the source code is not being used while executing an app. compiled code is being used instead.

M
Merry
7/30/2023 6:57:00 AM

good questions

V
VoiceofMidnight
12/17/2023 4:07:00 PM

Delayed the exam until December 29th.

U
Umar Ali
8/29/2023 2:59:00 PM

A and D are True

V
vel
8/28/2023 9:17:09 AM

good one with explanation

G
Gurdeep
1/18/2024 4:00:15 PM

This is one of the most useful study guides I have ever used.

AI Tutor 👋 I’m here to help!