Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. ISACA
  3. CCAK

ISACA Certificate of Cloud Auditing Knowledge CCAK Exam Questions in PDF

Free ISACA CCAK Dumps Questions (page: 5)

CCAK PDF — 334 Questions

Which of the following is MOST important to consider when developing an effective threat model during the introduction of a new SaaS service into a customer organization’s architecture? The threat model:

  1. recognizes the shared responsibility for risk management between the customer and the CSP.
  2. leverages SaaS threat models developed by peer organizations.
  3. is developed by an independent third-party with expertise in the organization’s industry sector.
  4. considers the loss of visibility and control from transitioning to the cloud.

Answer(s): A



While performing the audit, the auditor found that an object storage bucket containing PII could be accessed by anyone on the Internet. Given this discovery, what should be the most appropriate action for the auditor to perform?

  1. Highlighting the gap to the audit sponsor at the sponsor’s earliest possible availability
  2. Asking the organization’s cloud administrator to immediately close the gap by updating the configuration settings and making the object storage bucket private and hence inaccessible from the Internet
  3. Documenting the finding in the audit report and sharing the gap with the relevant stakeholders
  4. Informing the organization’s internal audit manager immediately about the gap

Answer(s): C


Reference:

https://www.isaca.org/resources/isaca-journal/issues/2020/volume-1/is-audit-basics-thecomponents-of-the-it-audit-report



To qualify for CSA STAR attestation for a particular cloud system, the SOC 2 report must cover:

  1. ISO/I?? 27001: 2013 controls.
  2. maturity model criteria.
  3. all Cloud Control Matrix (CCM) controls and TSPC security principles.
  4. Cloud Control Matrix (CCM) and ISO/IEC 27001:2013 controls.

Answer(s): C


Reference:

https://downloads.cloudsecurityalliance.org/star/attestation/GuidelinesforCPAsv2.pdf (8)



Which of the following is MOST important to consider when an organization is building a compliance program for the cloud?

  1. The rapidly changing service portfolio and architecture of the cloud.
  2. Cloud providers should not be part of the compliance program.
  3. The fairly static nature of the service portfolio and architecture of the cloud.
  4. The cloud is similar to the on-premise environment in terms of compliance.

Answer(s): A



When developing a cloud compliance program, what is the PRIMARY reason for a cloud customer to review which cloud services will be deployed?

  1. To determine how those services will fit within its policies and procedures
  2. To determine the total cost of the cloud services to be deployed
  3. To confirm which vendor will be selected based on the compliance with security requirements
  4. To confirm if the compensating controls implemented are sufficient for the cloud

Answer(s): A


Reference:

https://www.isaca.org/credentialing/certificate-of-cloud-auditing-knowledge



Viewing page 5 of 63

Share your comments for ISACA CCAK exam with other users:

P
priti kagwade
7/22/2023 5:17:00 AM

please upload the braindump for .net

UNITED STATES
R
Robe
9/27/2023 8:15:00 PM

i need this exam 1z0-1107-2. please.

Anonymous
C
Chiranthaka
9/20/2023 11:22:00 AM

very useful!

Anonymous
N
Not Miguel
11/26/2023 9:43:00 PM

for this question - "which three type of basic patient or member information is displayed on the patient info component? (choose three.)", list of conditions is not displayed (it is displayed in patient card, not patient info). so should be thumbnail of chatter photo

Anonymous
A
Andrus
12/17/2023 12:09:00 PM

q52 should be d. vm storage controller bandwidth represents the amount of data (in terms of bandwidth) that a vms storage controller is using to read and write data to the storage fabric.

Anonymous
R
Raj
5/25/2023 8:43:00 AM

nice questions

UNITED STATES
M
max
12/22/2023 3:45:00 PM

very useful

Anonymous
M
Muhammad Rawish Siddiqui
12/8/2023 6:12:00 PM

question # 208: failure logs is not an example of operational metadata.

SAUDI ARABIA
S
Sachin Bedi
1/5/2024 4:47:00 AM

good questions

Anonymous
K
Kenneth
12/8/2023 7:34:00 AM

thank you for the test materials!

KOREA REPUBLIC OF
H
Harjinder Singh
8/9/2023 4:16:00 AM

its very helpful

HONG KONG
S
SD
7/13/2023 12:56:00 AM

good questions

UNITED STATES
K
kanjoe
7/2/2023 11:40:00 AM

good questons

UNITED STATES
M
Mahmoud
7/6/2023 4:24:00 AM

i need the dumb of the hcip security v4.0 exam

EGYPT
W
Wei
8/3/2023 4:18:00 AM

upload the dump please

HONG KONG
S
Stephen
10/3/2023 6:24:00 PM

yes, iam looking this

AUSTRALIA
S
Stephen
8/4/2023 9:08:00 PM

please upload cima e2 managing performance dumps

Anonymous
H
hp
6/16/2023 12:44:00 AM

wonderful questions

Anonymous
P
Priyo
11/14/2023 2:23:00 AM

i used this site since 2000, still great to support my career

INDONESIA
J
Jude
8/29/2023 1:56:00 PM

why is the answer to "which of the following is required by scrum?" all of the following stated below since most of them are not mandatory? sprint retrospective. members must be stand up at the daily scrum. sprint burndown chart. release planning.

UNITED STATES
M
Marc blue
9/15/2023 4:11:00 AM

great job. hope this helps out.

UNITED STATES
A
Anne
9/13/2023 2:33:00 AM

upload please. many thanks!

Anonymous
P
pepe el toro
9/12/2023 7:55:00 PM

this is so interesting

Anonymous
A
Antony
11/28/2023 12:13:00 AM

great material thanks

AUSTRALIA
T
Thembelani
5/30/2023 2:22:00 AM

anyone who wrote this exam recently

Anonymous
P
P
9/16/2023 1:27:00 AM

ok they re good

Anonymous
J
Jorn
7/13/2023 5:05:00 AM

relevant questions

UNITED KINGDOM
A
AM
6/20/2023 7:54:00 PM

please post

UNITED STATES
N
Nagendra Pedipina
7/13/2023 2:22:00 AM

q:42 there has to be a image in the question to choose what does it mean from the options

INDIA
B
BrainDumpee
11/18/2023 1:36:00 PM

looking for cphq dumps, where can i find these for free? please and thank you.

UNITED STATES
S
sheik
10/14/2023 11:37:00 AM

@aarun , thanks for the information. it would be great help if you share your email

Anonymous
R
Random user
12/11/2023 1:34:00 AM

1z0-1078-23 need this dumps

Anonymous
L
labuschanka
11/16/2023 6:06:00 PM

i gave the microsoft azure az-500 tests and prepared from this site as it has latest mock tests available which helped me evaluate my performance and score 919/1000

Anonymous
M
Marianne
10/22/2023 11:57:00 PM

i cannot see the button to go to the questions

Anonymous
AI Tutor 👋 I’m here to help!