CCAK exam

An auditor identifies that a cloud service provider received multiple customer inquiries and requests for proposal (RFPs) during the last month. Which of the following What should be the BEST recommendation to reduce the provider’s burden?A . The provider can answer each customer individually.B . The provider can direct all...

When developing a cloud compliance program, what is the PRIMARY reason for a cloud customerA . To determine the total cost of the cloud services to be deployedB . To confirm whether the compensating controls implemented are sufficient for the cloud servicesC . To determine how those services will fit...

The MOST critical concept for managing the building and testing of code in DevOps is:A . continuous build.B . continuous delivery.C . continuous integration.D . continuous deployment.View AnswerAnswer: C Explanation: Continuous integration (CI) is the most critical concept for managing the building and testing of code in DevOps. CI is...

Which of the following is the BEST tool to perform cloud security control audits?A . Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM)B . General Data Protection Regulation (GDPR)C . Federal Information Processing Standard (FIPS) 140-2D . ISO 27001View AnswerAnswer: A Explanation: The CSA Cloud Controls Matrix (CCM) is the...

In a multi-level supply chain structure where cloud service provider A relies on other sub cloud services, the provider should ensure that any compliance requirements relevant to the provider are:A . treated as confidential information and withheld from all sub cloud service providers.B . treated as sensitive information and withheld...

Which of the following cloud service provider activities MUST obtain a client's approval?A . Destroying test dataB . Deleting subscription owner accountsC . Deleting test accountsD . Deleting guest accountsView AnswerAnswer: B Explanation: Deleting subscription owner accounts is an activity that MUST obtain a client’s approval in the context of...

Which of the following standards is designed to be used by organizations for cloud services that intend to select controls within the process of implementing an information security management system based on ISO/IEC 27001?A . ISO/IEC 27017:2015B . ISO/IEC 27002C . NIST SP 800-146D . Cloud Security Alliance (CSA) Cloud...

In the context of Infrastructure as a Service (laaS), a vulnerability assessment will scan virtual machines to identify vulnerabilities in:A . both operating system and application infrastructure contained within the cloud service provider’s instances.B . both operating system and application infrastructure contained within the customer’s instances.C . only application infrastructure...

What do cloud service providers offer to encourage clients to extend the cloud platform?A . Cloud consoleB . Reward programsC . Access to the cloud infrastructureD . Application programming interfaces (APIs)View AnswerAnswer: D Explanation: Cloud service providers offer application programming interfaces (APIs) to encourage clients to extend the cloud platform....

The BEST method to report continuous assessment of a cloud provider’s services to the Cloud Security Alliance (CSA) is through: A. Cloud Controls Matrix (CCM) assessment by a third-party auditor on a periodic basis. B. tools selected by the third-party auditor. C. SOC 2 Type 2 attestation. D. a set...