1 / 11

Certificate of Cloud Auditing Knowledge CCAK Practice Test Questions

PassQuestion offers you Certificate of Cloud Auditing Knowledge CCAK Practice Test Questions that are devised on the pattern of the real exam and provide you the possible shortest way to pass exam and get certified.

examquestionsonline
Download Presentation

Certificate of Cloud Auditing Knowledge CCAK Practice Test Questions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CCAK Free Questions CCAK Free Questions Certificate of Cloud Auditing Knowledge Certificate of Cloud Auditing Knowledge https://www.passquestion.com/ https://www.passquestion.com/CCAK CCAK.html .html

  2. Question 1 Question 1 Which of the following is an example of financial business impact? Which of the following is an example of financial business impact? A. A hacker using a stolen administrator identity brings down the SaaS sales and A. A hacker using a stolen administrator identity brings down the SaaS sales and marketing systems, resulting in the inability to process customer orders or manage marketing systems, resulting in the inability to process customer orders or manage customer relationships. customer relationships. B. While the breach was reported in a timely manner to the CEO, the CFO and CISO B. While the breach was reported in a timely manner to the CEO, the CFO and CISO blamed each other in public, resulting in a loss of public confidence that led the board to blamed each other in public, resulting in a loss of public confidence that led the board to replace all three. replace all three. C. A DDoS attack renders the customer's cloud inaccessible for 24 hours resulting in C. A DDoS attack renders the customer's cloud inaccessible for 24 hours resulting in millions in lost sales. millions in lost sales. D. The cloud provider fails to report a breach of customer personal data from an D. The cloud provider fails to report a breach of customer personal data from an unsecured server, resulting in GDPR fines of 10 million euro. unsecured server, resulting in GDPR fines of 10 million euro. Answer: C Answer: C

  3. Question 2 Question 2 In which control should a cloud service provider, upon request, inform customers of compliance In which control should a cloud service provider, upon request, inform customers of compliance impact and risk, especially if customer data is used as part of the services? impact and risk, especially if customer data is used as part of the services? A. Service Provider control A. Service Provider control B. Impact and Risk control B. Impact and Risk control C. Data Inventory control C. Data Inventory control D. Compliance control D. Compliance control Answer: A Answer: A

  4. Question 3 Question 3 Which of the following BEST ensures adequate restriction on the number of people who can access Which of the following BEST ensures adequate restriction on the number of people who can access the pipeline production environment? the pipeline production environment? A. Ensuring segregation of duties in the production and development pipelines. A. Ensuring segregation of duties in the production and development pipelines. B. Role-based access controls in the production and development pipelines. B. Role-based access controls in the production and development pipelines. C. Separation of production and development pipelines. C. Separation of production and development pipelines. D. Periodic review of the Cl/CD pipeline audit logs to identify any access violations. D. Periodic review of the Cl/CD pipeline audit logs to identify any access violations. Answer: C Answer: C

  5. Question 4 Question 4 How should controls be designed by an organization? How should controls be designed by an organization? A. By the internal audit team A. By the internal audit team B. Using the ISO27001 framework B. Using the ISO27001 framework C. By the cloud provider C. By the cloud provider D. Using the organization’s risk management framework D. Using the organization’s risk management framework Answer: A Answer: A

  6. Question 5 Question 5 What areas should be reviewed when auditing a public cloud? What areas should be reviewed when auditing a public cloud? A. Patching, source code reviews, hypervisor, access controls A. Patching, source code reviews, hypervisor, access controls B. Identity and access management, data protection B. Identity and access management, data protection C. Patching, configuration, hypervisor, backups C. Patching, configuration, hypervisor, backups D. Vulnerability management, cyber security reviews, patching D. Vulnerability management, cyber security reviews, patching Answer: B Answer: B

  7. Question 6 Question 6 Policies and procedures shall be established, and supporting business processes and technical Policies and procedures shall be established, and supporting business processes and technical measures implemented, for maintenance of several items ensuring continuity and availability of measures implemented, for maintenance of several items ensuring continuity and availability of operations and support personnel. operations and support personnel. Which of the following controls BEST matches this control description? Which of the following controls BEST matches this control description? A. Operations Maintenance A. Operations Maintenance B. System Development Maintenance B. System Development Maintenance C. Equipment Maintenance C. Equipment Maintenance D. System Maintenance D. System Maintenance Answer: A Answer: A

  8. Question 7 Question 7 Which of the following would be the MOST critical finding of an application Which of the following would be the MOST critical finding of an application security and DevOps audit? security and DevOps audit? A. The organization is not using a unified framework to integrate cloud A. The organization is not using a unified framework to integrate cloud compliance with regulatory requirements. compliance with regulatory requirements. B. Application architecture and configurations did not consider security measures. B. Application architecture and configurations did not consider security measures. C. Outsourced cloud service interruption, breach or loss of data stored at the C. Outsourced cloud service interruption, breach or loss of data stored at the cloud service provider. cloud service provider. D. Certifications with global security standards specific to cloud are not reviewed D. Certifications with global security standards specific to cloud are not reviewed and the impact of noted findings are not assessed. and the impact of noted findings are not assessed. Answer: B Answer: B

  9. Question 8 Question 8 An organization is in the initial phases of cloud adoption. It is not very knowledgeable about cloud An organization is in the initial phases of cloud adoption. It is not very knowledgeable about cloud security and cloud shared responsibility models. security and cloud shared responsibility models. Which of the following approaches is BEST suited for such an organization to evaluate its cloud Which of the following approaches is BEST suited for such an organization to evaluate its cloud security? security? A. Use of an established standard/regulation to map controls and use as the audit criteria A. Use of an established standard/regulation to map controls and use as the audit criteria B. For efficiency reasons, use of its on-premises systems’ audit criteria to audit the cloud B. For efficiency reasons, use of its on-premises systems’ audit criteria to audit the cloud environment environment C. As this is the initial stage, the ISO/IEC 27001 certificate shared by the cloud service provider is C. As this is the initial stage, the ISO/IEC 27001 certificate shared by the cloud service provider is sufficient for audit and compliance purposes. sufficient for audit and compliance purposes. D. Development of the cloud security audit criteria based on its own internal audit test plans to D. Development of the cloud security audit criteria based on its own internal audit test plans to ensure appropriate coverage ensure appropriate coverage Answer: A Answer: A

  10. Question 9 Question 9 Which of the following would be considered as a factor to trust in a cloud service provider? Which of the following would be considered as a factor to trust in a cloud service provider? A. The level of exposure for public information A. The level of exposure for public information B. The level of proved technical skills B. The level of proved technical skills C. The level of willingness to cooperate C. The level of willingness to cooperate D. The level of open source evidence available D. The level of open source evidence available Answer: C Answer: C

  11. Question 10 Question 10 Which of the following quantitative measures is KEY for an auditor to review when assessing the Which of the following quantitative measures is KEY for an auditor to review when assessing the implementation of continuous auditing of performance on a cloud system? implementation of continuous auditing of performance on a cloud system? A. Service Level Objective (SLO) A. Service Level Objective (SLO) B. Recovery Point Objectives (RPO) B. Recovery Point Objectives (RPO) C. Service Level Agreement (SLA) C. Service Level Agreement (SLA) D. Recovery Time Objectives (RTO) D. Recovery Time Objectives (RTO) Answer: C Answer: C

More Related