ISACA CCAK Certificate of Cloud Auditing Knowledge Online Training
ISACA CCAK Online Training
The questions for CCAK were last updated at Jul 19,2025.
- Exam Code: CCAK
- Exam Name: Certificate of Cloud Auditing Knowledge
- Certification Provider: ISACA
- Latest update: Jul 19,2025
A cloud service provider contracts for a penetration test to be conducted on its infrastructures. The auditor engages the target with no prior knowledge of its defenses, assets, or channels. The provider’s security operation center is not notified in advance of the scope of the audit and the test vectors.
Which mode has been selected by the provider?
- A . Reversal
- B . Double blind
- C . Double gray box
- D . Tandem
In the context of Infrastructure as a Service (laaS), a vulnerability assessment will scan virtual machines to identify vulnerabilities in:
- A . both operating system and application infrastructure contained within the cloud service provider’s instances.
- B . both operating system and application infrastructure contained within the customer’s instances.
- C . only application infrastructure contained within the cloud service provider’s instances.
- D . only application infrastructure contained within the customer’s instance
The Cloud Octagon Model was developed to support organizations’:
- A . risk treatment methodology.
- B . incident detection methodology.
- C . incident response methodology.
- D . risk assessment methodology.
When an organization is moving to the cloud, responsibilities are shared based upon the cloud service provider’s model and accountability is:
- A . shared.
- B . avoided.
- C . transferred.
- D . maintained.
Which of the following is the MOST relevant question in the cloud compliance program design phase?
- A . Who owns the cloud services strategy?
- B . Who owns the cloud strategy?
- C . Who owns the cloud governance strategy?
- D . Who owns the cloud portfolio strategy?
The MOST important factor to consider when implementing cloud-related controls is the:
- A . shared responsibility model.
- B . effectiveness of the controls.
- C . risk reporting.
- D . risk ownership
Which of the following has the MOST substantial impact on how aggressive or conservative the cloud approach of an organization will be?
- A . Applicable laws and regulations
- B . Internal policies and technical standards
- C . Risk scoring criteria
- D . Risk appetite and budget constraints
When developing a cloud compliance program, what is the PRIMARY reason for a cloud customer
- A . To determine the total cost of the cloud services to be deployed
- B . To confirm whether the compensating controls implemented are sufficient for the cloud services
- C . To determine how those services will fit within its policies and procedures
- D . To confirm which vendor will be selected based on compliance with security requirements
A new company has all its operations in the cloud.
Which of the following would be the BEST information security control framework to implement?
- A . NIST 800-73, because it is a control framework implemented by the main cloud providers
- B . ISO/IEC 27018
- C . ISO/IEC 27002
- D . (S) Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM)
Which of the following processes should be performed FIRST to properly implement the NIST SP 800-53 r4 control framework in an organization?
- A . A selection of the security objectives the organization wants to improve
- B . A security categorization of the information systems
- C . A comprehensive business impact analysis (BIA)
- D . A comprehensive tailoring of the controls of the framework
Latest CCAK Dumps Valid Version with 76 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
