CCAK exam

Application programming interfaces (APIs) are likely to be attacked continuously by bad actors because they:A . are the asset with private IP addresses.B . are generally the most exposed part.C . could be poorly designed.D . act as a very effective backdoor.View AnswerAnswer: B Explanation: APIs are likely to be...

Which of the following should be an assurance requirement when an organization is migrating to a Software as a Service (SaaS) provider?A . Location of dataB . Amount of server storageC . Access controlsD . Type of network technologyView AnswerAnswer: C Explanation: Access controls are an assurance requirement when an...

An organization employing the Cloud Controls Matrix (CCM) to perform a compliance assessment leverages the Scope Applicability direct mapping to:A . obtain the ISO/IEC 27001 certification from an accredited certification body (CB) following the ISO/IEC 17021-1 standard.B . determine whether the organization can be considered fully compliant with the mapped...

Regarding suppliers of a cloud service provider, it is MOST important for the auditor to be aware that the:A . client organization has a clear understanding of the provider s suppliers.B . suppliers are accountable for the provider's service that they are providing.C . client organization does not need to...

Which of the following methods can be used by a cloud service provider with a cloud customer that does not want to share security and control information?A . Nondisclosure agreements (NDAs)B . Independent auditor reportC . First-party auditD . Industry certificationsView AnswerAnswer: B Explanation: An independent auditor report is a...

What is a sign that an organization has adopted a shift-left concept of code release cycles?A . Large entities with slower release cadences and geographically dispersed systemsB . A waterfall model to move resources through the development to release phasesC . Maturity of start-up entities with high-iteration to low-volume code...

After finding a vulnerability in an Internet-facing server of an organization, a cybersecurity criminal is able to access an encrypted file system and successfully manages to overwrite parts of some files with random data. In reference to the Top Threats Analysis methodology, how would the technical impact of this incident...

When establishing cloud governance, an organization should FIRST test by migrating:A . legacy applications to the cloud.B . a few applications to the cloud.C . all applications at once to the cloud.D . complex applications to the cloudView AnswerAnswer: B Explanation: When establishing cloud governance, an organization should first test...

Visibility to which of the following would give an auditor the BEST view of design and implementation decisions when an organization uses programmatic automation for Infrastructure as a Service (laaS) deployments?A . Source code within build scriptsB . Output from threat modeling exercisesC . Service level agreements (SLAs)D . Results...

Which of the following aspects of risk management involves identifying the potential reputational and financial harm when an incident occurs?A . Impact analysisB . LikelihoodC . MitigationD . Residual riskView AnswerAnswer: A Explanation: According to the web search results, impact analysis is the aspect of risk management that involves identifying...