CCAK Practice Questions
126 real CCAK exam questions with expert-verified answers and explanations. Page 1 of 3.
- Question #1Cloud Security Auditing
Which of the following is an example of integrity technical impact?
IntegrityRansomwareTechnical ImpactData Security - Question #2Cloud Security Auditing
What is a sign of an organization that has adopted a shift-left concept of code release cycles?
Shift-leftAutomationSDLCCode Quality - Question #3Cloud Compliance
Cloud Control Matrix (CCM) controls can be used by cloud customers to:
Cloud Control Matrix (CCM)Cloud ComplianceControl FrameworksCloud Service Providers (CSPs) - Question #4Cloud Governance
Within an organization, which of the following functions should be responsible for defining the cloud adoption approach?
Cloud GovernanceOrganizational RolesStrategic PlanningDecision Making - Question #5Cloud Auditing Basics and Tools
An independent contractor is assessing security maturity of a SaaS company against industry standards. The SaaS company has developed and hosted all their products using the cloud...
CSP assessmentVendor risk managementCloud auditing mechanismsSecurity controls assessment - Question #6Cloud Security Auditing
What areas should be reviewed when auditing a public cloud?
Cloud auditingIdentity and access managementData protectionSecurity controls - Question #7Cloud Compliance
Which of the following key stakeholders should be identified the earliest when an organization is designing a cloud compliance program?
Cloud Compliance Program DesignStakeholder ManagementProgram InitiationProcess Ownership - Question #8Cloud Data Governance
Which of the following CSP activities requires a client's approval?
CSP ResponsibilitiesClient ApprovalData DestructionTest Data Management - Question #9Cloud Auditing Basics and Tools
A cloud service provider does not allow audits using automated tools as these tools could be considered destructive techniques for the cloud environment. Which of the following asp...
Audit objectivesCloud audit constraintsAutomated audit toolsCSP restrictions - Question #10Cloud Compliance
An organization has an ISMS implemented, following ISO 27001 and Annex A controls. The CIO would like to migrate some of the infrastructure to the cloud. Which of the following sta...
ISO 27017Cloud Security ControlsCloud MigrationInformation Security Standards - Question #11Cloud Auditing Basics and Tools
An organization is in the initial phases of cloud adoption. It is not very knowledgeable about cloud security and cloud shared responsibility models. Which of the following approac...
Cloud security evaluationAudit criteriaSecurity standardsCloud adoption strategy - Question #12Cloud Audit Reporting and Assurance
Which of the following controls framework should the cloud customer use to assess the overall security risk of a cloud provider?
SOC reportsCloud provider assessmentSecurity assuranceControls frameworks - Question #13Cloud Risk Management
Which of the following aspects of risk management involves identifying the potential reputational harm and/or financial harm when an incident occurs?
Risk ManagementImpact AnalysisRisk AssessmentHarm Identification - Question #14Cloud Auditing for Infrastructure, Platform, and Software as a Service (IaaS, PaaS, SaaS)
When using a SaaS solution, who is responsible for application security?
SaaS securityShared Responsibility ModelCloud service provider responsibilitiesApplication security - Question #15Cloud Governance
Which of the following would be the GREATEST governance challenge to an organization where production is hosted in a public cloud and backups are held on the premises?
Cloud GovernanceStrategic AlignmentBusiness ObjectivesHybrid Cloud Challenges - Question #16Cloud Auditing for Infrastructure, Platform, and Software as a Service (IaaS, PaaS, SaaS)
What aspect of SaaS functionality and operations would the cloud customer be responsible for and should be audited?
SaaS SecurityShared Responsibility ModelAccess ManagementCloud Auditing - Question #17Cloud Auditing Basics and Tools
The Open Certification Framework is structured on three levels of trust. Those three levels of trust are:
CSA STARCertification FrameworkCloud AssuranceTrust Levels - Question #18Cloud Compliance
Which of the following is a fundamental concept of FedRAMP that intends to save costs, time, and staff conducting superfluous agency security assessments?
FedRAMPCloud ComplianceAssessment ReuseEfficiency - Question #19Cloud Compliance
Which of the following is the risk associated with storing data in a cloud that crosses jurisdictions?
Cross-jurisdictional dataData sovereigntyRegulatory complianceCloud data risk - Question #20Cloud Risk Management
Since CCM allows cloud customers to build a detailed list of requirements and controls to be implemented by the CSP as part of their overall third-party risk management and procure...
CCMCloud ControlsShared Responsibility ModelCloud Risk Management - Question #21Cloud Auditing for Infrastructure, Platform, and Software as a Service (IaaS, PaaS, SaaS)
During an audit it was identified that a critical application hosted in an off-premises cloud is not part of the organization's DRP (Disaster Recovery Plan). Management stated that...
Cloud Disaster RecoveryCloud Audit ProceduresCSP Due DiligenceAudit Evidence Gathering - Question #22Cloud Data Governance
Which of the following is the BEST recommendation to offer an organization's HR department planning to adopt a new public SaaS application to ease the recruiting process?
Cloud Access Security Broker (CASB)SaaS SecurityData Loss Prevention (DLP)Cloud Data Protection - Question #23Cloud Compliance
In which control should a cloud service provider, upon request, inform customers of compliance impact and risk, especially if customer data is used as part of the services?
CSP responsibilitiesCustomer communicationCompliance impactRisk reporting - Question #24Cloud Auditing Basics and Tools
What is the advantage of using dynamic application security testing (DAST) over static application security testing (SAST) methodology?
Application Security TestingDASTSASTSecurity Methodologies - Question #25Cloud Data Governance
Which of the following contract terms is necessary to meet a company's requirement that needs to move data from one CSP to another?
Cloud ContractsData PortabilityExit StrategyVendor Lock-in - Question #26Cloud Security Auditing
Which of the following is a cloud-native solution designed to counter threats that do not exist within the enterprise?
Cloud SecurityAccess ControlNetwork SecurityThreat Mitigation - Question #27Cloud Risk Management
The Cloud Octagon Model was developed to support organizations:
Cloud Octagon ModelRisk AssessmentMethodology - Question #28Cloud Security Auditing
Which of the following BEST ensures adequate restriction on the number of people who can access the pipeline production environment?
CI/CD SecurityEnvironment SegregationAccess ControlProduction Environment Security - Question #29Cloud Compliance
A cloud customer configured and developed a solution on top of the certified cloud services. Building on top of a compliant CSP:
Shared Responsibility ModelCloud ComplianceCustomer ResponsibilityCompliance Scope - Question #30Cloud Risk Management
The rapid and dynamic rate of changes found in a cloud environment affects the organization's:
Risk AppetiteCloud RiskRisk Management PrinciplesDynamic Cloud Environments - Question #31Cloud Auditing Basics and Tools
With regard to the Cloud Control Matrix (CCM), the `Architectural Relevance' is a feature that enables the filtering of security controls by:
Cloud Control Matrix (CCM)Architectural RelevanceSecurity ControlsCloud Architecture Components - Question #32Cloud Security Auditing
To support customer's verification of the CSP claims regarding their responsibilities according to the shared responsibility model, which of the following tools and techniques is a...
Shared Responsibility ModelCSP Claims VerificationSecurity AssessmentCustomer Due Diligence - Question #33Cloud Compliance
Which of the following has the MOST substantial impact on how aggressive or conservative the cloud approach of an organization will be?
Cloud StrategyRegulatory ComplianceRisk ManagementCloud Governance - Question #34Cloud Security Auditing
Which of the following would be a logical starting point for an auditor who has been engaged to assess the security of an organization's DevOps pipeline?
DevOps security auditingCI/CD pipeline securityAudit evidenceAudit methodology - Question #35Cloud Auditing Basics and Tools
Which of the following are the three MAIN phases of the cloud controls matrix (CCM) mapping methodology?
CCM mapping methodologyCloud Controls MatrixCSAAuditing tools - Question #36Cloud Governance
A large organization with subsidiaries in multiple locations has a business requirement to organize IT systems to have identified resources reside in particular locations with orga...
Access ControlRole Based Access Control (RBAC)Personnel SegregationOrganizational Access Management - Question #37Cloud Auditing Basics and Tools
Which of the following is the MOST feasible way to validate the performance of CSPs for the delivery of technology resources?
CSP performance validationThird-party assuranceSOC reportsCloud auditing tools - Question #38Cloud Security Auditing
What data center and physical security measures should a cloud customer consider when assessing a cloud service provider?
Physical SecurityCloud Provider AssessmentDue DiligenceCustomer Responsibility - Question #39Cloud Auditing Basics and Tools
Which of the following is the MOST important audit scope document when conducting a review of a cloud service provider?
Audit scopeAudit evidenceAudit documentationCloud service provider audit - Question #40Cloud Governance
When establishing cloud governance, an organization should FIRST test by migrating:
Cloud GovernanceCloud Migration StrategyPhased AdoptionPilot Projects - Question #41Cloud Privacy Auditing
When reviewing a third-party agreement with a cloud service provider, which of the following should be the GREATEST concern regarding customer data privacy?
Cloud contract reviewData privacyData retentionData lifecycle management - Question #42Cloud Compliance
The BEST way to deliver continuous compliance in a cloud environment is to:
Continuous ComplianceCloud ComplianceContinuous MonitoringAssurance Approaches - Question #43Cloud Compliance
To identify key actors and requirements, which of the following MUST be considered when designing a cloud compliance program?
Cloud Compliance Program DesignCompliance RequirementsProgram ActorsHolistic Compliance View - Question #44Cloud Compliance
Which of the following standards is designed to be used by organizations for cloud services that intend to select controls within the process of implementing an Information Securit...
ISO 27001ISO 27002Cloud Security StandardsISMS Controls - Question #45Cloud Governance
Which of the following is the common cause of misconfiguration in a cloud environment?
MisconfigurationChange ControlCloud Security ControlsCloud Governance - Question #46Cloud Security Auditing
To ensure that integration of security testing is implemented on large code sets in environments where time to completion is critical, what form of validation should an auditor exp...
Security TestingUnit TestingSDLC SecurityAuditor Expectations - Question #47Cloud Compliance
One of the Cloud Control Matrix's (CCM's) control specifications states that "Independent reviews and assessments shall be performed at least annually to ensure that the organizati...
CSA CCMCompliance ObligationsRegulatory MappingIndependent Reviews - Question #48Cloud Auditing for Infrastructure, Platform, and Software as a Service (IaaS, PaaS, SaaS)
In the context of Infrastructure as a Service (IaaS), a vulnerability assessment will scan virtual machines to identify vulnerabilities in:
IaaS Shared ResponsibilityCSP ResponsibilitiesVulnerability AssessmentApplication Security - Question #49Cloud Governance
When building a cloud governance model, which of the following requirements will focus more on the cloud service provider's evaluation and control checklist?
Cloud Governance ModelCSP EvaluationOperational RequirementsControl Checklist - Question #50Cloud Audit Reporting and Assurance
Prioritizing assurance activities for an organization's cloud services portfolio depends PRIMARILY on an organization's ability to:
Cloud Assurance PrioritizationRisk-Based AuditingCloud Service Provider AuditsAssurance Program Management