ISACA Certificate of Cloud Auditing Knowledge CCAK Dumps in PDF

Free ISACA CCAK Real Questions (page: 8)

A cloud service provider does not allow audits using automated tools as these tools could be considered destructive techniques for the cloud environment. Which of the following aspects of the audit will be constrained?

  1. Purpose
  2. Objectives
  3. Nature of relationship
  4. Scope

Answer(s): B


Reference:

https://www.isaca.org/-/media/files/isacadp/project/isaca/articles/journal/2018/volume- 5/journalvolume-5-2018



An organization has an ISMS implemented, following ISO 27001 and Annex A controls. The CIO would like to migrate some of the infrastructure to the cloud. Which of the following standards would BEST assist in identifying controls to consider for this migration?

  1. ISO/IEC 27701
  2. ISO/IEC 22301
  3. ISO/IEC 27002
  4. ISO/IEC 27017

Answer(s): D

Explanation:

ISO/IEC 27017 standard defines the requirements for an information security management system (ISMS). Note that the entire organization is not necessarily affected by the standard, because it all depends on the scope of the ISMS. The scope could be limited by the provider to one group within an organization, and there is no guarantee that any group outside of the scope has appropriate ISMSs in place. It is up to the auditor to verify that the scope of the engagement is ?fit for purpose.? As the customer, you are responsible for determining whether the scope of the certification is relevant for your purposes.



An organization is in the initial phases of cloud adoption. It is not very knowledgeable about cloud security and cloud shared responsibility models. Which of the following approaches is BEST suited for such an organization to evaluate its cloud security?

  1. Use of an established standard/regulation to map controls and use as the audit criteria
  2. For efficiency reasons, use of its on-premises systems’ audit criteria to audit the cloud environment
  3. As this is the initial stage, the ISO/IEC 27001 certificate shared by the cloud service provider is sufficient for audit and compliance purposes.
  4. Development of the cloud security audit criteria based on its own internal audit test plans to ensure appropriate coverage

Answer(s): A



Which of the following controls framework should the cloud customer use to assess the overall security risk of a cloud provider?

  1. SOC3 - Type2
  2. Cloud Control Matrix (CCM)
  3. SOC2 - Type1
  4. SOC1 - Type1

Answer(s): C

Explanation:


Reference:

https://www.isaca.org/resources/news-and-trends/newsletters/atisaca/2021/volume-
22/preventingthe-next-cybersecurity-attack-with-effective-cloud-security-audits



Which of the following aspects of risk management involves identifying the potential reputational harm and/or financial harm when an incident occurs?

  1. Mitigations
  2. Residual risk
  3. Likelihood
  4. Impact Analysis

Answer(s): D


Reference:

https://compliancecosmos.org/chapter-5-step-three-determining-impact-occurrence



Share your comments for ISACA CCAK exam with other users:

A
Ananya
9/14/2023 5:17:00 AM

i need it, plz make it available

J
JM
12/19/2023 2:41:00 PM

q47: intrusion prevention system is the correct answer, not patch management. by definition, there are no patches available for a zero-day vulnerability. the way to prevent an attacker from exploiting a zero-day vulnerability is to use an ips.

R
Ronke
8/18/2023 10:39:00 AM

this is simple but tiugh as well

C
CesarPA
7/12/2023 10:36:00 PM

questão 4, segundo meu compilador local e o site https://www.jdoodle.com/online-java-compiler/, a resposta correta é "c" !

J
Jeya
9/13/2023 7:50:00 AM

its very useful

T
Tracy
10/24/2023 6:28:00 AM

i mastered my skills and aced the comptia 220-1102 exam with a score of 920/1000. i give the credit to for my success.

J
James
8/17/2023 4:33:00 PM

real questions

A
Aderonke
10/23/2023 1:07:00 PM

very helpful assessments

S
Simmi
8/24/2023 7:25:00 AM

hi there, i would like to get dumps for this exam

J
johnson
10/24/2023 5:47:00 AM

i studied for the microsoft azure az-204 exam through it has 100% real questions available for practice along with various mock tests. i scored 900/1000.

M
Manas
9/9/2023 1:48:00 AM

please upload 1z0-1072-23 exam dups

S
SB
9/12/2023 5:15:00 AM

i was hoping if you could please share the pdf as i’m currently preparing to give the exam.

J
Jagjit
8/26/2023 5:01:00 PM

i am looking for oracle 1z0-116 exam

S
S Mallik
11/27/2023 12:32:00 AM

where we can get the answer to the questions

P
PiPi Li
12/12/2023 8:32:00 PM

nice questions

D
Dan
8/10/2023 4:19:00 PM

question 129 is completely wrong.

G
gayathiri
7/6/2023 12:10:00 AM

i need dump

D
Deb
8/15/2023 8:28:00 PM

love the site.

M
Michelle
6/23/2023 4:08:00 AM

can you please upload it back?

A
Ajay
10/3/2023 12:17:00 PM

could you please re-upload this exam? thanks a lot!

H
him
9/30/2023 2:38:00 AM

great about shared quiz

S
San
11/14/2023 12:46:00 AM

goood helping

W
Wang
6/9/2022 10:05:00 PM

pay attention to questions. they are very tricky. i waould say about 80 to 85% of the questions are in this exam dump.

M
Mary
5/16/2023 4:50:00 AM

wish you would allow more free questions

T
thomas
9/12/2023 4:28:00 AM

great simulation

S
Sandhya
12/9/2023 12:57:00 AM

very g inood

A
Agathenta
12/16/2023 1:36:00 PM

q35 should be a

M
MD. SAIFUL ISLAM
6/22/2023 5:21:00 AM

sap c_ts450_2021

S
Satya
7/24/2023 3:18:00 AM

nice questions

S
sk
5/13/2023 2:10:00 AM

ecellent materil for unserstanding

G
Gerard
6/29/2023 11:14:00 AM

good so far

L
Limbo
10/9/2023 3:08:00 AM

this is way too informative

T
Tejasree
8/26/2023 1:46:00 AM

very helpfull

Y
Yolostar Again
10/12/2023 3:02:00 PM

q.189 - answers are incorrect.

AI Tutor 👋 I’m here to help!