Tag - CCAK exam

One of the Cloud Control Matrix’s (CCM’s) control specifications states that “Independent reviews and assessments shall be performed at least annually to ensure that the organization addresses nonconformities of established policies, standards, procedures, and compliance obligations.” Which of the following controls under the Audit Assurance and Compliance domain does this...

Under GDPR, an organization should report a data breach within what time frame?A . 72 hoursB . 2 weeksC . 1 weekD . 48 hoursView AnswerAnswer: A Explanation: Reference: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/personal-data-breaches/

After finding a vulnerability in an internet-facing server of an organization, a cybersecurity criminal is able to access an encrypted file system and successfully manages to overwrite part of some files with random data. In reference to the Top Threats Analysis methodology, how would you categorize the technical impact of...

To ensure that cloud audit resources deliver the best value to the organization, the PRIMARY step would be to:A . develop a cloud audit plan on the basis of a detailed risk assessment.B . schedule the audits and monitor the time spent on each audit.C . train the cloud audit...

Which of the following is the risk associated with storing data in a cloud that crosses jurisdictions?A . Compliance riskB . Provider administration riskC . Audit riskD . Virtualization riskView AnswerAnswer: A Explanation: Reference: http://webcache.googleusercontent.com/search?q=cache:9OK2cQSAR3oJ:www.aph.gov.au/DocumentStore.ashx%3Fid%3D88403640-14b5-4c3e-8dd7-315bb5067ba4+&cd=1&hl=en&ct=clnk&gl=pk

An auditor is performing an audit on behalf of a cloud customer. For assessing security awareness, the auditor should:A . assess the existence and adequacy of a security awareness training program at the cloud service provider’s organization as the cloud customer hired the auditor to review and cloud service.B ....

An independent contractor is assessing security maturity of a SaaS company against industry standards. The SaaS company has developed and hosted all their products using the cloud services provided by a third-party cloud service provider (CSP) . What is the optimal and most efficient mechanism to assess the controls CSP...

What type of termination occurs at the initiative of one party, and without the fault of the other party?A . Termination for causeB . Termination for convenienceC . Termination at the end of the termD . Termination without the faultView AnswerAnswer: C

Which of the following are the three MAIN phases of the cloud controls matrix (CCM) mapping methodology?A . Plan --> Develop --> ReleaseB . Deploy --> Monitor --> AuditC . Initiation --> Execution --> Monitoring and ControllingD . Preparation --> Execution --> Peer Review and PublicationView AnswerAnswer: D Explanation: Reference:...

When performing audits in relation to Business Continuity Management and Operational Resilience strategy, what would be the MOST critical aspect to audit in relation to the strategy of the cloud customer that should be formulated jointly with the cloud service provider?A . Validate if the strategy covers unavailability of all...