ISACA Certificate of Cloud Auditing Knowledge - CCAK FREE EXAM DUMPS QUESTIONS & ANSWERS
Which of the following is the MOST important audit scope document when conducting a review of a cloud service provider?
Correct Answer: C
Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
The MAIN difference between the Cloud Controls Matrix (CCM) and the Consensus Assessment Initiative Questionnaire (CAIQ) is that:
Correct Answer: C
Vote an answer
The FINAL decision to include a material finding in a cloud audit report should be made by the:
Correct Answer: C
Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
What do cloud service providers offer to encourage clients to extend the cloud platform?
Correct Answer: D
Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
Which of the following is an example of integrity technical impact?
Correct Answer: C
Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
Which of the following enables auditors to conduct gap analyses of what a cloud service provider offers versus what the customer requires?
Correct Answer: C
Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
When an organization is moving to the cloud, responsibilities are shared based upon the cloud service provider's model and accountability is:
Correct Answer: D
Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
Which of the following BEST describes the difference between a Type 1 and a Type 2 SOC report?
Correct Answer: D
Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
What is a sign that an organization has adopted a shift-left concept of code release cycles?
Correct Answer: C
Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
Which of the following is a KEY benefit of using the Cloud Controls Matrix (CCM)?
Correct Answer: A
Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
During an audit, it was identified that a critical application hosted in an off-premises cloud is not part of the organization's disaster recovery plan (DRP). Management stated that it is responsible for ensuring the cloud service provider has a plan that is tested annually. What should be the auditor's NEXT course of action?
Correct Answer: A
Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
What aspect of Software as a Service (SaaS) functionality and operations would the cloud customer be responsible for and should be audited?
Correct Answer: C
Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
Which of the following is MOST important for an auditor to understand regarding cloud security controls?
Correct Answer: B
Vote an answer