Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. ISACA
  3. CCAK

ISACA Certificate of Cloud Auditing Knowledge CCAK Exam Questions in PDF

Free ISACA CCAK Dumps Questions (page: 4)

CCAK PDF — 334 Questions

When performing audits in relation to Business Continuity Management and Operational Resilience strategy, what would be the MOST critical aspect to audit in relation to the strategy of the cloud customer that should be formulated jointly with the cloud service provider?

  1. Validate if the strategy covers unavailability of all components required to operate the business-as-usual or in disrupted mode, in parts or total- when impacted by a disruption.
  2. Validate if the strategy covers all aspects of Business Continuity and Resilience planning, taking inputs from the assessed impact and risks, to consider activities for before, during, and after a disruption.
  3. Validate if the strategy covers all activities required to continue and recover prioritized activities within identified time frames and agreed capacity, aligned to the risk appetite of the organization including the invocation of continuity plans and crisis management capabilities.
  4. Validate if the strategy is developed by both cloud service providers and cloud service consumers within the acceptable limits of their risk appetite.

Answer(s): B



Which of the following metrics are frequently immature?

  1. Metrics around Infrastructure as a Service (IaaS) storage and network environments
  2. Metrics around Platform as a Service (PaaS) development environments
  3. Metrics around Infrastructure as a Service (IaaS) computing environments
  4. Metrics around specific Software as a Service (SaaS) application services

Answer(s): A



The MAIN difference between Cloud Control Matrix (CCM) and Consensus Assessment Initiative Questionnaire (CAIQ) is that:

  1. CCM assesses the presence of controls, whereas CAIQ assesses overall security of a service.
  2. CCM has a set of security questions, whereas CAIQ has a set of security controls.
  3. CCM has 14 domains and CAIQ has 16 domains.
  4. CCM provides a controls framework, whereas CAIQ provides industry-accepted ways to document which security controls exist in IaaS, PaaS, and SaaS offerings.

Answer(s): D

Explanation:


Reference:

https://sdtimes.com/cloud-security-alliance-unveils-governance-risk-management-and-compliancegrc-stack/



Which of the following is an example of financial business impact?

  1. A hacker using a stolen administrator identity brings down the SaaS sales and marketing systems, resulting in the inability to process customer orders or manage customer relationships.
  2. While the breach was reported in a timely manner to the CEO, the CFO and CISO blamed each other in public, resulting in a loss of public confidence that led the board to replace all three.
  3. A DDoS attack renders the customer's cloud inaccessible for 24 hours resulting in millions in lost sales.
  4. The cloud provider fails to report a breach of customer personal data from an unsecured server, resulting in GDPR fines of 10 million euro.

Answer(s): C



From the perspective of a senior cloud security audit practitioner in an organization of a mature security program with cloud adoption, which of the following statements BEST describes the DevSecOps concept?

  1. Process of security integration using automation in software development
  2. Development standards for addressing integration, testing, and deployment issues
  3. Operational framework that promotes software consistency through automation
  4. Making software development simpler, faster, and easier using automation

Answer(s): B


Reference:

https://www.synopsys.com/blogs/software-security/devsecops-challenges-benefits/



Viewing page 4 of 63

Share your comments for ISACA CCAK exam with other users:

A
Ankit S
11/13/2023 3:58:00 AM

q15. answer is b. simple

UNITED STATES
S
S. R
12/8/2023 9:41:00 AM

great practice

FRANCE
M
Mungara
3/14/2023 12:10:00 AM

thanks to this exam dumps, i felt confident and passed my exam with ease.

UNITED STATES
A
Anonymous
7/25/2023 2:55:00 AM

need 1z0-1105-22 exam

Anonymous
N
Nigora
5/31/2022 10:05:00 PM

this is a beautiful tool. passed after a week of studying.

UNITED STATES
A
Av dey
8/16/2023 2:35:00 PM

can you please upload the dumps for 1z0-1096-23 for oracle

INDIA
M
Mayur Shermale
11/23/2023 12:22:00 AM

its intresting, i would like to learn more abouth this

JAPAN
J
JM
12/19/2023 2:23:00 PM

q252: dns poisoning is the correct answer, not locator redirection. beaconing is detected from a host. this indicates that the system has been infected with malware, which could be the source of local dns poisoning. location redirection works by either embedding the redirection in the original websites code or having a user click on a url that has an embedded redirect. since users at a different office are not getting redirected, it isnt an embedded redirection on the original website and since the user is manually typing in the url and not clicking a link, it isnt a modified link.

UNITED STATES
F
Freddie
12/12/2023 12:37:00 PM

helpful dump questions

SOUTH AFRICA
D
Da Costa
8/25/2023 7:30:00 AM

question 423 eigrp uses metric

Anonymous
B
Bsmaind
8/20/2023 9:22:00 AM

hello nice dumps

Anonymous
B
beau
1/12/2024 4:53:00 PM

good resource for learning

UNITED STATES
S
Sandeep
12/29/2023 4:07:00 AM

very useful

Anonymous
K
kevin
9/29/2023 8:04:00 AM

physical tempering techniques

Anonymous
B
Blessious Phiri
8/15/2023 4:08:00 PM

its giving best technical knowledge

Anonymous
T
Testbear
6/13/2023 11:15:00 AM

please upload

ITALY
S
shime
10/24/2023 4:23:00 AM

great question with explanation thanks!!

ETHIOPIA
T
Thembelani
5/30/2023 2:40:00 AM

does this exam have lab sections?

Anonymous
S
Shin
9/8/2023 5:31:00 AM

please upload

PHILIPPINES
P
priti kagwade
7/22/2023 5:17:00 AM

please upload the braindump for .net

UNITED STATES
R
Robe
9/27/2023 8:15:00 PM

i need this exam 1z0-1107-2. please.

Anonymous
C
Chiranthaka
9/20/2023 11:22:00 AM

very useful!

Anonymous
N
Not Miguel
11/26/2023 9:43:00 PM

for this question - "which three type of basic patient or member information is displayed on the patient info component? (choose three.)", list of conditions is not displayed (it is displayed in patient card, not patient info). so should be thumbnail of chatter photo

Anonymous
A
Andrus
12/17/2023 12:09:00 PM

q52 should be d. vm storage controller bandwidth represents the amount of data (in terms of bandwidth) that a vms storage controller is using to read and write data to the storage fabric.

Anonymous
R
Raj
5/25/2023 8:43:00 AM

nice questions

UNITED STATES
M
max
12/22/2023 3:45:00 PM

very useful

Anonymous
M
Muhammad Rawish Siddiqui
12/8/2023 6:12:00 PM

question # 208: failure logs is not an example of operational metadata.

SAUDI ARABIA
S
Sachin Bedi
1/5/2024 4:47:00 AM

good questions

Anonymous
K
Kenneth
12/8/2023 7:34:00 AM

thank you for the test materials!

KOREA REPUBLIC OF
H
Harjinder Singh
8/9/2023 4:16:00 AM

its very helpful

HONG KONG
S
SD
7/13/2023 12:56:00 AM

good questions

UNITED STATES
K
kanjoe
7/2/2023 11:40:00 AM

good questons

UNITED STATES
M
Mahmoud
7/6/2023 4:24:00 AM

i need the dumb of the hcip security v4.0 exam

EGYPT
W
Wei
8/3/2023 4:18:00 AM

upload the dump please

HONG KONG
AI Tutor 👋 I’m here to help!