[May-2022] Valid Way To Pass ISACA Exam Dumps with CCAK Exam Study Guide [Q38-Q61]

[May-2022] Valid Way To Pass ISACA Exam Dumps with CCAK Exam Study Guide

All CCAK Dumps and Certificate of Cloud Auditing Knowledge Training Courses Help candidates to study and pass the Exams hassle-free!

ISACA CCAK Exam Syllabus Topics:

Topic	Details
Topic 1	Continuous Assurance and Compliance Cloud Compliance Program
Topic 2	Evaluating a Cloud Compliance Program Cloud Auditing
Topic 3	A Threat Analysis Methodology for Cloud Using CCM Cloud Governance
Topic 4	CCM and CAIQ: Goals, Objectives, and Structure CCM: Auditing Controls

 

NEW QUESTION 38
Dynamic Application Security Testing (DAST) might be limited or require pre-testing permission from the provider.

• A. False
• B. True

Answer: B

 

NEW QUESTION 39
Which of the following is MOST important to consider when developing an effective threat model during the introduction of a new SaaS service into a customer organization's architecture? The threat model:

• A. considers the loss of visibility and control from transitioning to the cloud.
• B. leverages SaaS threat models developed by peer organizations.
• C. is developed by an independent third-party with expertise in the organization's industry sector.
• D. recognizes the shared responsibility for risk management between the customer and the CSP.

Answer: D

 

NEW QUESTION 40
What factors should you understand about the data specifically due to legal, regulatory, and jurisdictional factors?

• A. The actualsize of the data and the storage format
• B. Thephysical location of the data and how it is accessed
• C. The fragmentation and encryption algorithms employed
• D. The language of the data and how it affects the user
• E. The implications of storing complex information on simple storage systems

Answer: E

 

NEW QUESTION 41
With regard to the Cloud Control Matrix (CCM), the 'Architectural Relevance' is a feature that enables the filtering of security controls by:

• A. relevant architecture frameworks such as the NIST Enterprise Architecture Model, the Federal Enterprise Architecture Framework (FEAF), The Open Group Architecture Framework (TOGAF), and the Zachman Framework for Enterprise Architecture.
• B. relevant architectural paradigms such as Client-Server, Mainframe, Peer-to-Peer, and SmartClient-Backend.
• C. relevant delivery models such as Software as a Service, Platform as a Service, Infrastructure as a Service.
• D. relevant architectural components such as Physical, Network, Compute, Storage, Application, and Data.

Answer: D

 

NEW QUESTION 42
In all three cloud deployment models, (IaaS, PaaS, and SaaS), who is responsible for the patching of the hypervisor layer?

• A. Cloud service customer
• B. Patching on hypervisor layer is not required
• C. Cloud service provider
• D. Shared responsibility

Answer: A

 

NEW QUESTION 43
Sending data to a provider's storage over an API is likely as much morereliable and secure than setting up your own SFTP server on a VM in the same provider

• A. False
• B. True

Answer: B

 

NEW QUESTION 44
Which of the following is the BEST tool to perform cloud security control audits?

• A. Federal Information Processing Standard (FIPS) 140-2
• B. ISO 27001
• C. CSA Cloud Control Matrix (CCM)
• D. General Data Protection Regulation (GDPR)

Answer: C

 

NEW QUESTION 45
To assist an organization with planning a cloud migration strategy to execution, an auditor should recommend the use of:

• A. software architecture.
• B. service-oriented architecture.
• C. object-oriented architecture.
• D. enterprise architecture.

Answer: B

 

NEW QUESTION 46
What is resource pooling?

• A. Placing Internet ("cloud") data centers near multiple sources of energy, such as hydroelectric dams.
• B. None of the above.
• C. The dedicated computing resources of each client are pooled together in a colocation facility.
• D. Internet-based CPUs are pooled to enable multi-threading.
• E. The provider's computing resources are pooled to serve multiple consumers.

Answer: E

 

NEW QUESTION 47
To qualify for CSA STAR attestation for a particular cloud system, the SOC 2 report must cover:

• A. ISO/IEC 27001: 2013 controls.
• B. all Cloud Control Matrix (CCM) controls and TSPC security principles.
• C. maturity model criteria.
• D. Cloud Control Matrix (CCM) and ISO/IEC 27001:2013 controls.

Answer: B

 

NEW QUESTION 48
Which plan will guide an organization on how to react to a security incident that might occur on the organization's systems, or that might be affecting one of their service providers?

• A. Incident Response Plans
• B. Security Incident Plans
• C. Unexpected Event Plans
• D. Emergency Incident Plans

Answer: A

 

NEW QUESTION 49
Which of the following BEST ensures adequate restriction on the number of people who can access the pipeline production environment?

• A. Separation of production and development pipelines.
• B. Ensuring segregation of duties in the production and development pipelines.
• C. Role-based access controls in the production and development pipelines.
• D. Periodic review of the Cl/CD pipeline audit logs to identify any access violations.

Answer: A

 

NEW QUESTION 50
A large organization with subsidiaries in multiple locations has a business requirement to organize IT systems to have identified resources reside in particular locations with organizational personnel. Which access control method will allow IT personnel to be segregated across the various locations?

• A. Policy Based Access Control
• B. Rule Based Access Control
• C. Role Based Access Control
• D. Attribute Based Access Control

Answer: C

 

NEW QUESTION 51
As a developer building codes into a container in a DevSecOps environment, which of the following is the appropriate place(s) to perform security tests?

• A. Within the CI/CD server
• B. Within the CI/CD pipeline
• C. Within developer's laptop
• D. Within version repositories

Answer: B

 

NEW QUESTION 52
To qualify for CSA STAR attestation for a particular cloud system, the SOC 2 report must cover:

• A. ISO/I 27001: 2013 controls.
• B. all Cloud Control Matrix (CCM) controls and TSPC security principles.
• C. maturity model criteria.
• D. Cloud Control Matrix (CCM) and ISO/IEC 27001:2013 controls.

Answer: B

 

NEW QUESTION 53
What is the best way to ensure that all data has been removed from a public cloud environment including all media such as back-up tapes?

• A. Allowing the cloud provider to manage your keys so that they have the ability to access and delete the data from the main and back-up storage.
• B. Keep the keys stored on the client side so that they are secure and so that the users have the ability to delete their own data.
• C. Practice Integration of Duties (IOD) so that everyone is able to delete the encrypted data.
• D. Maintaining customer managed key management and revoking ordeleting keys from the key management system to prevent the data from being accessed again.
• E. Both B and D.

Answer: D

 

NEW QUESTION 54
Which of the following should be an IS auditor's GREATEST concern when reviewing an outsourcing arrangement with a third-party cloud service provider to host personally identifiable data?

• A. The data is not adequately segregated on the host platform.
• B. The outsourcing contract does not contain a right-to-audit clause.
• C. Fees are charged based on the volume of data stored by the host.
• D. The organization's servers are not compatible with the third party's infrastructure

Answer: A

 

NEW QUESTION 55
A defining set of rules composed of claims and attributes of the entities in a transaction, which is used to determine their level of access to cloud-based resources is called what?

• A. A validation process
• B. An entitlement matrix
• C. An entrylog
• D. An access log
• E. A support table

Answer: A

 

NEW QUESTION 56
Which of the following defines the criteria designed by the American Institute of Certified Public Accountants (AICPA) to specify trusted services?

• A. Security, confidentiality, availability, privacy and processing integrity
• B. Security, confidentiality, availability, privacy and trustworthiness
• C. Security, applicability, availability, privacy and processing integrity
• D. Security, data integrity, availability, privacy and processing integrity

Answer: A

 

NEW QUESTION 57
The criteria for limiting services allowing non-critical services or services requiring high availability and resilience to be moved to the cloud is an important consideration to be included PRIMARILY in the:

• A. business continuity plan.
• B. cloud policy.
• C. risk management policy.
• D. information security standard for cloud technologies.

Answer: A

 

NEW QUESTION 58
An organization that is utilizing a community cloud is contracting an auditor to conduct a review on behalf of the group of organizations within the cloud community. From the following, to whom should the auditor report the findings?

• A. Cloud service provider
• B. Public
• C. Management of organization being audited
• D. Shareholders/interested parties

Answer: A

 

NEW QUESTION 59
All cloud services utilize virtualization technologies.

• A. False
• B. True

Answer: B

 

NEW QUESTION 60
Which data security control is the LEAST likely to be assigned to an IaaSprovider?

• A. Application logic
• B. Asset management and tracking
• C. Encryption solutions
• D. Access controls
• E. Physical destruction

Answer: A

 

NEW QUESTION 61
......

Get Latest [May-2022] Conduct effective penetration tests using VCEDumps CCAK: https://testinsides.vcedumps.com/CCAK-examcollection.html