CCAK exam

An organization is in the initial phases of cloud adoption. It is not very knowledgeable about cloud security and cloud shared responsibility models. Which of the following approaches is BEST suited for such an organization to evaluate its cloud security?A . Use of an established standard/regulation to map controls and...

What areas should be reviewed when auditing a public cloud?A . Patching, source code reviews, hypervisor, access controlsB . Identity and access management, data protectionC . Patching, configuration, hypervisor, backupsD . Vulnerability management, cyber security reviews, patchingView AnswerAnswer: B

Which of the following would be the MOST critical finding of an application security and DevOps audit?A . The organization is not using a unified framework to integrate cloud compliance with regulatory requirements.B . Application architecture and configurations did not consider security measures.C . Outsourced cloud service interruption, breach or...

From the perspective of a senior cloud security audit practitioner in an organization of a mature security program with cloud adoption, which of the following statements BEST describes the DevSecOps concept?A . Process of security integration using automation in software developmentB . Development standards for addressing integration, testing, and deployment...

Policies and procedures shall be established, and supporting business processes and technical measures implemented, for maintenance of several items ensuring continuity and availability of operations and support personnel. Which of the following controls BEST matches this control description?A . Operations MaintenanceB . System Development MaintenanceC . Equipment MaintenanceD . System...

A CSP providing cloud services currently being used by the United States federal government should obtain which of the following to assure compliance to stringent government standards?A . Multi-Tier Cloud Security (MTCS) AttestationB . FedRAMP AuthorizationC . ISO/IEC 27001:2013 CertificationD . CSA STAR Level CertificateView AnswerAnswer: B Explanation: Reference: https://www.ftptoday.com/blog/benefits-using-fedramp-authorized-cloud-service-provider

Which of the following CSP activities requires a client’s approval?A . Delete the guest account or test accountsB . Delete the master account or subscription owner accountsC . Delete the guest account or destroy test dataD . Delete the test accounts or destroy test dataView AnswerAnswer: D

Customer management interface, if compromised over public internet, can lead to:A . customer’s computing and data compromise.B . access to the RAM of neighboring cloud computer.C . ease of acquisition of cloud services.D . incomplete wiping of the data.View AnswerAnswer: A

A cloud customer configured and developed a solution on top of the certified cloud services. Building on top of a compliant CSP:A . means that the cloud customer is also compliant.B . means that the cloud customer and client are both compliant.C . means that the cloud customer is compliant...

Which of the following quantitative measures is KEY for an auditor to review when assessing the implementation of continuous auditing of performance on a cloud system?A . Service Level Objective (SLO)B . Recovery Point Objectives (RPO)C . Service Level Agreement (SLA)D . Recovery Time Objectives (RTO)View AnswerAnswer: C