CCAK Exam Dumps - Try Best CCAK Exam Questions from Training Expert ExamsReviews [Q44-Q69]

CCAK Exam Dumps - Try Best CCAK Exam Questions from Training Expert ExamsReviews

Practice Examples and Dumps & Tips for 2022 Latest CCAK Valid Tests Dumps

NEW QUESTION 44
Which cloud storage technology is basically a virtual hard drive for instanced or VMs?

• A. Volume storage
• B. Database
• C. Object storage
• D. Application
• E. Platform

Answer: A

 

NEW QUESTION 45
How is encryption managed on multi-tenant storage?

• A. C for data subject to the EU Data Protection Directive; B for all others
• B. The answer could be A, B, or C depending on the provider
• C. Single key for all data owners
• D. Multiple keys per data owner
• E. One key per data owner

Answer: E

 

NEW QUESTION 46
Which of the following controls framework should the cloud customer use to assess the overall security risk of a cloud provider?

• A. SOC1 - Type1
• B. Cloud Control Matrix (CCM)
• C. SOC2 - Type1
• D. SOC3 - Type2

Answer: C

 

NEW QUESTION 47
Which statement best describes why it is important to know how data is being accessed?

• A. The devices used to access data use a variety of applications or clients and may have different security characteristics.
• B. The devices used to access data have different storage formats.
• C. The devices used to access data use a variety of operating systems and may have different programs installed on them.
• D. The devices used to access data may have differentownership characteristics.
• E. The device may affect data dispersion.

Answer: A

 

NEW QUESTION 48
The Open Certification Framework is structured on three levels of trust. Those three levels of trust are:

• A. CSA STAR Audit, STAR Certification & Attestation (Third-party Assessment), STAR Continuous
• B. CSA STAR Self-Assessment, STAR Certification & Attestation (Third-party Assessment), STAR Monitoring and Control
• C. CSA STAR Self-Assessment, STAR Certification & Attestation (Third-party Assessment), STAR Continuous
• D. CSA STAR Self-Assessment, STAR Certification & Attestation (Third-party Assessment), STAR Compliance

Answer: C

 

NEW QUESTION 49
To ensure that cloud audit resources deliver the best value to the organization, the PRIMARY step would be to:

• A. develop a cloud audit plan on the basis of a detailed risk assessment.
• B. train the cloud audit staff on current technology used in the organization.
• C. schedule the audits and monitor the time spent on each audit.
• D. monitor progress of audits and initiate cost control measures.

Answer: A

Explanation:
Explanation
It delivers value to the organization are the resources and efforts being dedicated to, and focused on, the higher-risk areas.

 

NEW QUESTION 50
Which of the following BEST ensures adequate restriction on the number of people who can access the pipeline production environment?

• A. Periodic review of the Cl/CD pipeline audit logs to identify any access violations.
• B. Role-based access controls in the production and development pipelines.
• C. Separation of production and development pipelines.
• D. Ensuring segregation of duties in the production and development pipelines.

Answer: C

 

NEW QUESTION 51
The PRIMARY objective of an audit initiation meeting with a cloud audit client is to:

• A. identify resource requirements of the cloud audit.
• B. review requested evidence provided by the audit client.
• C. discuss the scope of the cloud audit.
• D. select the methodology of an audit.

Answer: C

 

NEW QUESTION 52
During an audit it was identified that a critical application hosted in an off-premises cloud is not part of the organization's DRP (Disaster Recovery Plan). Management stated that it is responsible for ensuring that the cloud service provider (CSP) has a plan that is tested annually. What should be the auditor's NEXT course of action?

• A. Review the CSP audit reports.
• B. Review the contract and DR capability.
• C. Plan an audit of the CSP.
• D. Review the security white paper of the CSP.

Answer: D

 

NEW QUESTION 53
How does running applications on distinct virtual networks and only connecting networksas needed help?

• A. It locks down access and provides stronger data security
• B. It enables you to configure applications around business groups
• C. It provides dynamic and granular policies with less management overhead
• D. It reduces hardware costs
• E. It reduces the blast radius of a compromised system

Answer: E

 

NEW QUESTION 54
Which of the following should be of GREATEST concern to an IS auditor reviewing actions taken during a forensic investigation?

• A. The investigation report does not indicate a conclusion.
• B. An image copy of the attacked system was not taken.
• C. The handling procedures of the attacked system are not documented.
• D. The proper authorities were not notified.

Answer: D

 

NEW QUESTION 55
To understand their compliance alignments and gaps with a cloud provider, what must cloud customers rely on?

• A. Third-party attestations
• B. Provider run audits and reports
• C. EDiscovery tools
• D. Provider and consumer contracts
• E. Provider documentation

Answer: A

 

NEW QUESTION 56
Use elastic servers when possible and move workloads to new instances.

• A. True
• B. False

Answer: A

 

NEW QUESTION 57
Which of the following attestation allows for immediate adoption of the Cloud Control Matrix (CCM) as additional criteria to AICPA Trust Service Criteria and provides the flexibility to update the criteria as technology and market requirements change?

• A. CSA STAR Attestation
• B. PC-IDSS
• C. BSI Criteria Catalogue C5
• D. MTCS

Answer: A

 

NEW QUESTION 58
Which of the following is the GREATEST security risk associated with data migration from a legacy human resources (HR) system to a cloud-based system''

• A. System performance may be impacted by the migration
• B. Data from the source and target system may be intercepted
• C. Records past their retention period may not be migrated to the new system
• D. Data from the source and target system may have different data formats

Answer: B

 

NEW QUESTION 59
An organization has an ISMS implemented, following ISO 27001 and Annex A controls. The CIO would like to migrate some of the infrastructure to the cloud. Which of the following standards would BEST assist in identifying controls to consider for this migration?

• A. ISO/IEC 22301
• B. ISO/IEC 27017
• C. ISO/IEC 27002
• D. ISO/IEC 27701

Answer: B

Explanation:
Explanation
ISO/IEC 27017 standard defines the requirements for an information security management system (ISMS).
Note that the entire organization is not necessarily affected by the standard, because it all depends on the scope of the ISMS. The scope could be limited by the provider to one group within an organization, and there is no guarantee that any group outside of the scope has appropriate ISMSs in place. It is up to the auditor to verify that the scope of the engagement is "fit for purpose." As the customer, you are responsible for determining whether the scope of the certification is relevant for your purposes.

 

NEW QUESTION 60
What is known as a code execution environment running within an operating system that shares and uses the resources of the operating system?

• A. Platform-basedWorkload
• B. Virtual machine
• C. Container
• D. Abstraction
• E. Pod

Answer: C

 

NEW QUESTION 61
Network logs from cloud providers are typically flow records, not full packet captures.

• A. True
• B. False

Answer: A

 

NEW QUESTION 62
What is a sign of an organization that has adopted a shift-left concept of code release cycles?

• A. Maturity of start-up entities with high-iteration to low-volume code commits
• B. A waterfall model to move resources through the development to release phases
• C. Large entities with slower release cadences and geographical dispersed systems
• D. Incorporation of automation to identify and address software code problems early

Answer: D

 

NEW QUESTION 63
Which of the following quantitative measures is KEY for an auditor to review when assessing the implementation of continuous auditing of performance on a cloud system?

• A. Recovery Time Objectives (RTO)
• B. Service Level Agreement (SLA)
• C. Recovery Point Objectives (RPO)
• D. Service Level Objective (SLO)

Answer: B

 

NEW QUESTION 64
Which governance domain deals with evaluating how cloudcomputing affects compliance with internal security policies and various legal requirements, such as regulatory and legislative?

• A. Infrastructure Security
• B. Compliance and Audit Management
• C. Information Governance
• D. Legal Issues: Contracts and Electronic Discovery
• E. Governance and Enterprise Risk Management

Answer: B

 

NEW QUESTION 65
CCM: A hypothetical company called: "Health4Sure" is located in the United States and provides cloud based services fortracking patient health. The company is compliant with HIPAA/HITECH Act among other industry standards. Health4Sure decides to assess the overall security of their cloud service against the CCM toolkit so that they will be able to present this document topotential clients.
Which of the following approach would be most suitable to assess the overall security posture of Health4Sure's cloud service?

• A. The CCM domain controls are mapped to HIPAA/HITECH Act and therefore Health4Sure could verify the CCM controls already covered as a result of their compliance with HIPPA/HITECH Act. They could then assess the remaining controls thoroughly. This approach saves time while being able to assess the company's overall security posture in an efficient manner.
• B. The CCM columns are mapped to HIPAA/HITECH Act and therefore Health4Sure could verify the CCM controls already covered ad a result of their compliance with HIPPA/HITECH Act. They could then assess the remaining controls. This approach will save time.
• C. The CCM domains are not mapped to HIPAA/HITECH Act. Therefore Health4Sure should assess the security posture of their cloud service against each and every control in the CCM. This approach will allow a thorough assessment of the security posture.

Answer: C

 

NEW QUESTION 66
ENISA: Lock-in is ranked as a high risk in ENISA research, a key underlying vulnerability causing lock in is:

• A. Audit or certification not available to customers
• B. No source escrow agreement
• C. Unclear asset ownership
• D. Lack of completeness and transparency in terms of use
• E. Lack of information onjurisdictions

Answer: D

 

NEW QUESTION 67
How should controls be designed by an organization?

• A. By the cloud provider
• B. By the internal audit team
• C. Using the organization's risk management framework
• D. Using the ISO27001 framework

Answer: B

 

NEW QUESTION 68
Which of the following is a fundamental concept of FedRAMP that intends to save costs, time, and staff conducting superfluous agency security assessments?

• A. Do once, use many times
• B. Use existing, provide many times
• C. Be economical, act deliberately
• D. Use often, provide many times

Answer: A

 

NEW QUESTION 69
......

ISACA CCAK Exam Syllabus Topics:

Topic	Details
Topic 1	Continuous Assurance and Compliance Cloud Compliance Program
Topic 2	CCM and CAIQ: Goals, Objectives, and Structure CCM: Auditing Controls
Topic 3	Evaluating a Cloud Compliance Program Cloud Auditing
Topic 4	A Threat Analysis Methodology for Cloud Using CCM Cloud Governance

 

Latest 100% Passing Guarantee - Brilliant CCAK Exam Questions PDF: https://www.examsreviews.com/CCAK-pass4sure-exam-review.html

CCAK Certification – Valid Exam Dumps Questions Study Guide: https://drive.google.com/open?id=1K1i3XnQRrN-HmRdWMNpo9cnOVZeA74XN