Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Isaca CCAK - Certificate of Cloud Auditing Knowledge

Page: 4 / 7
Total 207 questions

A cloud service provider providing cloud services currently being used by the United States federal government should obtain which of the following to assure compliance to stringent government standards?

A.

CSA STAR Level Certificate

B.

Multi-Tier Cloud Security (MTCS) Attestation

C.

ISO/IEC 27001:2013 Certification

D.

FedRAMP Authorization

Which of the following is a PRIMARY benefit of using a standardized control framework?

A.

It enables senior management to receive regular and detailed executive reports easily.

B.

It enables the organization to implement an effective process of control measurement.

C.

It enables auditors to assess an information system based on a well-defined set of controls.

D.

It enables consultants to speed up the implementation of management systems, thus reducing costs.

Which of the following cloud service provider activities MUST obtain a client's approval?

A.

Destroying test data

B.

Deleting subscription owner accounts

C.

Deleting test accounts

D.

Deleting guest accounts

Account design in the cloud should be driven by:

A.

business continuity policies.

B.

security requirements.

C.

management structure.

D.

organizational structure.

Which of the following aspects of risk management involves identifying the potential reputational and financial harm when an incident occurs?

A.

Impact analysis

B.

Likelihood

C.

Mitigation

D.

Residual risk

Transparent data encryption is used for:

A.

data across communication channels.

B.

data currently being processed.

C.

data in random access memory (RAM).

D.

data and log files at rest

Why should the results of third-party audits and certification be relied on when analyzing and assessing the cybersecurity risks in the cloud?

A.

To establish an audit mindset within the organization

B.

To contrast the risk generated by the loss of control

C.

To reinforce the role of the internal audit function

D.

To establish an accountability culture within the organization

Which of the following can be used to determine whether access keys are stored in the source code or any other configuration files during development?

A.

Static code review

B.

Dynamic code review

C.

Vulnerability scanning

D.

Credential scanning

To promote the adoption of secure cloud services across the federal government by

A.

To providing a standardized approach to security and risk assessment

B.

To provide agencies of the federal government a dedicated tool to certify Authority to

Operate (ATO)

C.

To enable 3PAOs to perform independent security assessments of cloud service providers

D.

To publish a comprehensive and official framework for the secure implementation of

controls for cloud security

To qualify for CSA STAR attestation for a particular cloud system, the SOC 2 report must cover:

A.

Cloud Controls Matrix (CCM) and ISO/IEC 27001:2013 controls.

B.

ISO/IEC 27001:2013 controls.

C.

all Cloud Controls Matrix (CCM) controls and TSPC security principles.

D.

maturity model criteria.