A cloud service provider does not allow audits using automated tools as these tools could be considered destructive techniques for the cloud environment. Which of the following aspects of the audit will be constrained?
Answer(s): B
https://www.isaca.org/-/media/files/isacadp/project/isaca/articles/journal/2018/volume- 5/journalvolume-5-2018
An organization has an ISMS implemented, following ISO 27001 and Annex A controls. The CIO would like to migrate some of the infrastructure to the cloud. Which of the following standards would BEST assist in identifying controls to consider for this migration?
Answer(s): D
ISO/IEC 27017 standard defines the requirements for an information security management system (ISMS). Note that the entire organization is not necessarily affected by the standard, because it all depends on the scope of the ISMS. The scope could be limited by the provider to one group within an organization, and there is no guarantee that any group outside of the scope has appropriate ISMSs in place. It is up to the auditor to verify that the scope of the engagement is ?fit for purpose.? As the customer, you are responsible for determining whether the scope of the certification is relevant for your purposes.
An organization is in the initial phases of cloud adoption. It is not very knowledgeable about cloud security and cloud shared responsibility models. Which of the following approaches is BEST suited for such an organization to evaluate its cloud security?
Answer(s): A
Which of the following controls framework should the cloud customer use to assess the overall security risk of a cloud provider?
Answer(s): C
https://www.isaca.org/resources/news-and-trends/newsletters/atisaca/2021/volume-22/preventingthe-next-cybersecurity-attack-with-effective-cloud-security-audits
Which of the following aspects of risk management involves identifying the potential reputational harm and/or financial harm when an incident occurs?
https://compliancecosmos.org/chapter-5-step-three-determining-impact-occurrence
Share your comments for ISACA CCAK exam with other users:
i need it, plz make it available
q47: intrusion prevention system is the correct answer, not patch management. by definition, there are no patches available for a zero-day vulnerability. the way to prevent an attacker from exploiting a zero-day vulnerability is to use an ips.
this is simple but tiugh as well
questão 4, segundo meu compilador local e o site https://www.jdoodle.com/online-java-compiler/, a resposta correta é "c" !
its very useful
i mastered my skills and aced the comptia 220-1102 exam with a score of 920/1000. i give the credit to for my success.
real questions
very helpful assessments
hi there, i would like to get dumps for this exam
i studied for the microsoft azure az-204 exam through it has 100% real questions available for practice along with various mock tests. i scored 900/1000.
please upload 1z0-1072-23 exam dups
i was hoping if you could please share the pdf as i’m currently preparing to give the exam.
i am looking for oracle 1z0-116 exam
where we can get the answer to the questions
nice questions
question 129 is completely wrong.
i need dump
love the site.
can you please upload it back?
could you please re-upload this exam? thanks a lot!
great about shared quiz
goood helping
pay attention to questions. they are very tricky. i waould say about 80 to 85% of the questions are in this exam dump.
wish you would allow more free questions
great simulation
very g inood
q35 should be a
sap c_ts450_2021
ecellent materil for unserstanding
good so far
this is way too informative
very helpfull
q.189 - answers are incorrect.