Tag - CCAK exam

To ensure that cloud audit resources deliver the best value to the organization, the PRIMARY step would be to:A . develop a cloud audit plan on the basis of a detailed risk assessment.B . schedule the audits and monitor the time spent on each audit.C . train the cloud audit...

Cloud Control Matrix (CCM) controls can be used by cloud customers to:A . develop new security baselines for the industry.B . define different control frameworks for different cloud service providers.C . facilitate communication with their legal department.D . build an operational cloud risk management program.View AnswerAnswer: B Explanation: Reference: https://cloudsecurityalliance.org/blog/2020/10/16/what-is-the-cloud-controls-matrix-ccm/

How should controls be designed by an organization?A . By the internal audit teamB . Using the ISO27001 frameworkC . By the cloud providerD . Using the organization’s risk management frameworkView AnswerAnswer: A Explanation: Reference: https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2016/internal-control-key-to-delivering-stakeholder-value

When a client’s business process ch be updated. B. not be reviewed, but the cloud contract should be cancelled immediately. C. not be reviewed as the SLA cannot be updated. D. be reviewed and updated if required.View AnswerAnswer: D Explanation: Reference: http://www.diva-portal.org/smash/get/diva2:1312384/FULLTEXT01.pdf

Which of the following is a fundamental concept of FedRAMP that intends to save costs, time, and staff conducting superfluous agency security assessments? A. Use often, provide many times B. Be economical, act deliberately C. Use existing, provide many times D. Do once, use many timesView AnswerAnswer: D Explanation: Reference:...