Tag - CCAK exam

Which of the following is a corrective control that may be identified in a SaaS service provider?A . Log monitoringB . Penetration testingC . Incident response plansD . Vulnerability scanView AnswerAnswer: D

When migrating to a cloud environment, which of the following should be the PRIMARY driver for the use of encryption?A . Cloud Service Provider encryption capabilitiesB . The presence of PIIC . Organizational security policiesD . Cost-benefit analysisView AnswerAnswer: A

Which of the following approaches encompasses social engineering of staff, bypassing of physical access controls and penetration testing?A . Blue teamB . White boxC . Gray boxD . Red teamView AnswerAnswer: B Explanation: Reference: https://www.isaca.org/resources/isaca-journal/issues/2016/volume-5/planning-for-information-security-testinga-practical-approach

Which of the following is the MOST feasible way to validate the performance of CSPs for the delivery of technology resources?A . Cloud compliance programB . Legacy IT compliance programC . Internal audit programD . Service organization controls reportView AnswerAnswer: D

If the degree of verification for information shared with the auditor during an audit is low, the auditor should:A . reject the information as audit evidence.B . stop evaluating the requirement altogether and review other audit areas.C . delve deeper to obtain the required information to decide conclusively.D . use...

What aspect of SaaS functionality and operations would the cloud customer be responsible for and should be audited?A . Access controlsB . Vulnerability managementC . Source code reviewsD . PatchingView AnswerAnswer: A Explanation: Reference: https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=919233

Which of the following defines the criteria designed by the American Institute of Certified Public Accountants (AICPA) to specify trusted services?A . Security, confidentiality, availability, privacy and processing integrityB . Security, applicability, availability, privacy and processing integrityC . Security, confidentiality, availability, privacy and trustworthinessD . Security, data integrity, availability, privacy...

Which of the following CSP activities requires a client’s approval?A . Delete the guest account or test accountsB . Delete the master account or subscription owner accountsC . Delete the guest account or destroy test dataD . Delete the test accounts or destroy test dataView AnswerAnswer: D

To ensure that integration of security testing is implemented on large code sets in environments where time to completion is critical, what form of validation should an auditor expect?A . Parallel testingB . Full application stack unit testingC . Regression testingD . Functional verificationView AnswerAnswer: B Explanation: Reference: https://www.sciencedirect.com/topics/computer-science/black-box-testing

Which of the following should be the FIRST step to establish a cloud assurance program during a cloud migration?A . DesignB . Stakeholder identificationC . DevelopmentD . Risk assessmentView AnswerAnswer: C