CCAK exam

Organizations maintain mappings between the different control frameworks they adopt to:A . help identify controls with common assessment status.B . avoid duplication of work when assessing compliance,C . help identify controls with different assessment status.D . start a compliance assessment using the latest assessment.View AnswerAnswer: B Explanation: Organizations maintain mappings...

Which of the following processes should be performed FIRST to properly implement the NIST SP 800-53 r4 control framework in an organization?A . A selection of the security objectives the organization wants to improveB . A security categorization of the information systemsC . A comprehensive business impact analysis (BIA)D ....

Regarding cloud service provider agreements and contracts, unless otherwise stated, the provider is:A . responsible to the cloud customer and its clients.B . responsible only to the cloud customer.C . not responsible at all to any external parties.D . responsible to the cloud customer and its end usersView AnswerAnswer: B...

In a multi-level supply chain structure where cloud service provider A relies on other sub cloud services, the provider should ensure that any compliance requirements relevant to the provider are:A . passed to the sub cloud service providers based on the sub cloud service providers' geographic location.B . passed to...

To assist an organization with planning a cloud migration strategy to execution, an auditor should recommend the use of:A . enterprise architecture (EA).B . object-oriented architecture.C . service-oriented architecture.D . software architectureView AnswerAnswer: A Explanation: To assist an organization with planning a cloud migration strategy to execution, an auditor should...

An auditor examining a cloud service provider's service level agreement (SLA) should be MOST concerned about whether: A. the agreement includes any operational matters that are material to the service operations. B. the agreement excludes any sourcing and financial matters that are material in meeting the service level agreement (SLA)....

The FINAL decision to include a material finding in a cloud audit report should be made by the:A . auditee's senior management.B . organization's chief executive officer (CEO).C . cloud auditor.D . organization's chief information security officer (CISO)View AnswerAnswer: C Explanation: According to the ISACA Cloud Auditing Knowledge Certificate Study...

Which of the following has the MOST substantial impact on how aggressive or conservative the cloud approach of an organization will be?A . Applicable laws and regulationsB . Internal policies and technical standardsC . Risk scoring criteriaD . Risk appetite and budget constraintsView AnswerAnswer: D Explanation: Risk appetite and budget...

Supply chain agreements between a cloud service provider and cloud customers should, at a minimum, include:A . regulatory guidelines impacting the cloud customer.B . audits, assessments, and independent verification of compliance certifications with agreement terms.C . the organizational chart of the provider.D . policies and procedures of the cloud customerView...

A cloud service provider utilizes services of other service providers for its cloud service. Which of the following is the BEST approach for the auditor while performing the audit for the cloud service?A . The auditor should review the service providers' security controls even more strictly, as they are further...