CCAK exam

Which of the following metrics are frequently immature?A . Metrics around Infrastructure as a Service (IaaS) storage and network environmentsB . Metrics around Platform as a Service (PaaS) development environmentsC . Metrics around Infrastructure as a Service (IaaS) computing environmentsD . Metrics around specific Software as a Service (SaaS) application...

Which of the following attestation allows for immediate adoption of the Cloud Control Matrix (CCM) as additional criteria to AICPA Trust Service Criteria and provides the flexibility to update the criteria as technology and market requirements change?A . PC-IDSSB . CSA STAR AttestationC . MTCSD . BSI Criteria Catalogue C5View...

Which of the following BEST ensures adequate restriction on the number of people who can access the pipeline production environment?A . Ensuring segregation of duties in the production and development pipelines.B . Role-based access controls in the production and development pipelines.C . Separation of production and development pipelines.D . Periodic...

Which of the following would be considered as a factor to trust in a cloud service provider?A . The level of exposure for public informationB . The level of proved technical skillsC . The level of willingness to cooperateD . The level of open source evidence availableView AnswerAnswer: C

Which of the following is the risk associated with storing data in a cloud that crosses jurisdictions?A . Compliance riskB . Provider administration riskC . Audit riskD . Virtualization riskView AnswerAnswer: A Explanation: Reference: http://webcache.googleusercontent.com/search?q=cache:9OK2cQSAR3oJ:www.aph.gov.au/DocumentStore.ashx%3Fid%3D88403640-14b5-4c3e-8dd7-315bb5067ba4+&cd=1&hl=en&ct=clnk&gl=pk

Which of the following is an example of integrity technical impact?A . The cloud provider reports a breach of customer personal data from an unsecured server.B . A hacker using a stolen administrator identity alerts the discount percentage in the product database.C . A DDoS attack renders the customer’s cloud...

Which of the following is an example of financial business impact?A . A hacker using a stolen administrator identity brings down the SaaS sales and marketing systems, resulting in the inability to process customer orders or manage customer relationships.B . While the breach was reported in a timely manner to...

To ensure that cloud audit resources deliver the best value to the organization, the PRIMARY step would be to:A . develop a cloud audit plan on the basis of a detailed risk assessment.B . schedule the audits and monitor the time spent on each audit.C . train the cloud audit...

Cloud Control Matrix (CCM) controls can be used by cloud customers to:A . develop new security baselines for the industry.B . define different control frameworks for different cloud service providers.C . facilitate communication with their legal department.D . build an operational cloud risk management program.View AnswerAnswer: B Explanation: Reference: https://cloudsecurityalliance.org/blog/2020/10/16/what-is-the-cloud-controls-matrix-ccm/

How should controls be designed by an organization?A . By the internal audit teamB . Using the ISO27001 frameworkC . By the cloud providerD . Using the organization’s risk management frameworkView AnswerAnswer: A Explanation: Reference: https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2016/internal-control-key-to-delivering-stakeholder-value