CCAK exam

Which of the following is an example of integrity technical impact?A . The cloud provider reports a breach of customer personal data from an unsecured server.B . A hacker using a stolen administrator identity alerts the discount percentage in the product database.C . A DDoS attack renders the customer’s cloud...

Which of the following would be a logical starting point for an auditor who has been engaged to assess the security of an organization’s DevOps pipeline?A . Verify the inclusion of security gates in the pipeline.B . Conduct an architectural assessment.C . Review the CI/CD pipeline audit logs.D . Verify...

Which plan will guide an organization on how to react to a security incident that might occur on the organization’s systems, or that might be affecting one of their service providers?A . Incident Response PlansB . Security Incident PlansC . Unexpected Event PlansD . Emergency Incident PlansView AnswerAnswer: A

An organization that is utilizing a community cloud is contracting an auditor to conduct a review on behalf of the group of organizations within the cloud community. From the following, to whom should the auditor report the findings?A . PublicB . Management of organization being auditedC . Shareholders/interested partiesD ....

In the context of Infrastructure as a Service (IaaS), a vulnerability assessment will scan virtual machines to identify vulnerabilities in:A . both operating system and application infrastructure contained within the CSP’s instances.B . both operating system and application infrastructure contained within the customer’s instancesC . only application infrastructure contained within...

Which of the following contract terms is necessary to meet a company’s requirement that needs to move data from one CSP to another?A . Drag and DropB . Lift and shiftC . Flexibility to moveD . Transition and data portabilityView AnswerAnswer: D Explanation: Reference: https://www.isaca.org/resources/isaca-journal/past-issues/2014/data-owners-responsibilities-when-migrating-to-the-cloud

Which of the following data destruction methods is the MOST effective and efficient?A . Crypto-shreddingB . DegaussingC . Multi-pass wipesD . Physical destructionView AnswerAnswer: B

The Cloud Octagon Model was developed to support organizations:A . risk assessment methodology.B . risk treatment methodology.C . incident response methodology.D . incident detection methodology.View AnswerAnswer: A

A large organization with subsidiaries in multiple locations has a business requirement to organize IT systems to have identified resources reside in particular locations with organizational personnel . Which access control method will allow IT personnel to be segregated across the various locations?A . Role Based Access ControlB . Attribute...

Which of the following configuration change controls is acceptable to a cloud auditor?A . Development, test and production are hosted in the same network environment.B . Programmers have permanent access to production software.C . The Head of Development approves changes requested to production.D . Programmers cannot make uncontrolled changes to...