A cloud service provider does not allow audits using automated tools as these tools could be considered destructive techniques for the cloud environment. Which of the following aspects of the audit will be constrained?
Answer(s): B
https://www.isaca.org/-/media/files/isacadp/project/isaca/articles/journal/2018/volume- 5/journalvolume-5-2018
An organization has an ISMS implemented, following ISO 27001 and Annex A controls. The CIO would like to migrate some of the infrastructure to the cloud. Which of the following standards would BEST assist in identifying controls to consider for this migration?
Answer(s): D
ISO/IEC 27017 standard defines the requirements for an information security management system (ISMS). Note that the entire organization is not necessarily affected by the standard, because it all depends on the scope of the ISMS. The scope could be limited by the provider to one group within an organization, and there is no guarantee that any group outside of the scope has appropriate ISMSs in place. It is up to the auditor to verify that the scope of the engagement is ?fit for purpose.? As the customer, you are responsible for determining whether the scope of the certification is relevant for your purposes.
An organization is in the initial phases of cloud adoption. It is not very knowledgeable about cloud security and cloud shared responsibility models. Which of the following approaches is BEST suited for such an organization to evaluate its cloud security?
Answer(s): A
Which of the following controls framework should the cloud customer use to assess the overall security risk of a cloud provider?
Answer(s): C
https://www.isaca.org/resources/news-and-trends/newsletters/atisaca/2021/volume-22/preventingthe-next-cybersecurity-attack-with-effective-cloud-security-audits
Which of the following aspects of risk management involves identifying the potential reputational harm and/or financial harm when an incident occurs?
https://compliancecosmos.org/chapter-5-step-three-determining-impact-occurrence
Share your comments for ISACA CCAK exam with other users:
anyone who wrote this exam recently
ok they re good
relevant questions
please post
q:42 there has to be a image in the question to choose what does it mean from the options
looking for cphq dumps, where can i find these for free? please and thank you.
@aarun , thanks for the information. it would be great help if you share your email
1z0-1078-23 need this dumps
i gave the microsoft azure az-500 tests and prepared from this site as it has latest mock tests available which helped me evaluate my performance and score 919/1000
i cannot see the button to go to the questions
good questions
q-6 ans-b correct. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-cli-quick-start/use-the-cli/commit-configuration-changes
very nice very nice
please help us with 1z0-1107-2 dumps
please upload the practice questions
need this dumps
preparing for this exam is overwhelming. you cannot pass without the help of these exam dumps.
new to this site but i feel it is good
the correct answer to q8 is b. explanation since the mule app has a dependency, it is necessary to include project modules and dependencies to make sure the app will run successfully on the runtime on any other machine. source code of the component that the mule app is dependent of does not need to be included in the exported jar file, because the source code is not being used while executing an app. compiled code is being used instead.
Delayed the exam until December 29th.
A and D are True
good one with explanation
This is one of the most useful study guides I have ever used.