Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Isaca CCAK - Certificate of Cloud Auditing Knowledge

Page: 3 / 7
Total 207 questions

From an auditor perspective, which of the following BEST describes shadow IT?

A.

An opportunity to diversify the cloud control approach

B.

A weakness in the cloud compliance posture

C.

A strength of disaster recovery (DR) planning

D.

A risk that jeopardizes business continuity planning

The Cloud Computing Compliance Controls Catalogue (C5) framework is maintained by which of the following agencies?

A.

National Institute of Standards and Technology (NIST)

B.

National Cybersecurity Agency of France (ANSSI) / Agency national de la securite des systems information (ANSSI)

C.

Federal Office for Information Security in Germany (BSI) / Bundesamt fur Sicherheit in der Informationstechnik (BSI)

D.

National Security Agency (NSA)

Which of the following is MOST important to ensure effective operationalization of cloud security controls?

A.

Identifying business requirements

B.

Comparing different control frameworks

C.

Assessing existing risks

D.

Training and awareness

Which of the following is MOST useful for an auditor to review when seeking visibility into the cloud supply chain for a newly acquired Software as a Service (SaaS) solution?

A.

SaaS provider contract

B.

Payments made by the service owner

C.

SaaS vendor white papers

D.

Cloud compliance obligations register

Which of the following is a category of trust in cloud computing?

A.

Loyalty-based trust

B.

Background-based trust

C.

Reputation-based trust

D.

Transparency-based trust

A certification target helps in the formation of a continuous certification framework by incorporating:

A.

the service level objective (SLO) and service qualitative objective (SQO).

B.

the scope description and security attributes to be tested.

C.

the frequency of evaluating security attributes.

D.

CSA STAR level 2 attestation.

When an organization is moving to the cloud, responsibilities are shared based upon the cloud service provider's model and accountability is:

A.

shared.

B.

avoided.

C.

transferred.

D.

maintained.

What should be the control audit frequency for an organization's business continuity management and operational resilience strategy?

A.

Annually

B.

Biannually

C.

Quarterly

D.

Monthly

Which of the following configuration change controls is acceptable to a cloud auditor?

A.

Programmers have permanent access to production software.

B.

Programmers cannot make uncontrolled changes to the source code production version.

C.

Development, test, and production are hosted in the same network environment.

D.

The head of development approves changes requested to production.

Cloud Controls Matrix (CCM) controls can be used by cloud customers to:

A.

develop new security baselines for the industry.

B.

define different control frameworks for different cloud service providers.

C.

build an operational cloud risk management program.

D.

facilitate communication with their legal department.