CCAK Practice Questions
126 real CCAK exam questions with expert-verified answers and explanations. Page 3 of 3.
- Question #101Cloud Auditing Basics and Tools
How should controls be designed by an organization?
Control DesignInternal Audit RoleOrganizational ControlsAudit Functions - Question #102Cloud Auditing Basics and Tools
Which of the following quantitative measures is KEY for an auditor to review when assessing the implementation of continuous auditing of performance on a cloud system?
Cloud AuditingContinuous AuditingService Level Agreement (SLA)Performance Monitoring - Question #103Cloud Audit Reporting and Assurance
Your company is purchasing an application from a vendor. They do not allow you to perform an on-site audit on their information system. However, they say, they will provide the thi...
SOC reportsThird-party attestationVendor risk assessmentControl assurance - Question #104Cloud Audit Reporting and Assurance
Which of the following activities are part of the implementation phase of a cloud assurance program during a cloud migration?
Cloud Assurance ProgramImplementation PhaseCloud Migration LifecycleProgram Activities - Question #105Cloud Risk Management
Which of the following would be considered as a factor to trust in a cloud service provider?
CSP TrustVendor RelationshipCooperationRisk Assessment - Question #106Cloud Data Governance
When migrating to a cloud environment, which of the following should be the PRIMARY driver for the use of encryption?
Cloud encryptionData protectionCloud Service Provider capabilitiesCloud security strategy - Question #107Cloud Compliance
A certification target helps in the formation of a continuous certification framework by incorporating:
Continuous CertificationService Level ObjectivesService Qualitative ObjectivesCloud Compliance Frameworks - Question #108Cloud Auditing for Infrastructure, Platform, and Software as a Service (IaaS, PaaS, SaaS)
In all three cloud deployment models, (IaaS, PaaS, and SaaS), who is responsible for the patching of the hypervisor layer?
Shared Responsibility Model (Edge Cases)Hypervisor ManagementCloud Service Customer ResponsibilitiesIaaS PaaS SaaS Architecture - Question #109Cloud Auditing Basics and Tools
Supply chain agreements between CSP and cloud customers should, at minimum, include:
Cloud agreementsCSP assuranceCompliance verificationAuditing clauses - Question #110Cloud Risk Management
What should be the control audit frequency for Business Continuity Management?
Business Continuity ManagementControl Audit FrequencyRisk ManagementAudit Planning - Question #111Cloud Risk Management
Changes to which of the following will MOST likely influence the expansion or reduction of controls required to remediate the risk arising from changes to an organization's SaaS ve...
Risk appetiteControl remediationSaaS riskRisk management - Question #112Cloud Security Auditing
A CSP contracts for a penetration test to be conducted on its infrastructures. The auditor engages the target with no prior knowledge of its defenses, assets, or channels. The CSP'...
Penetration testingSecurity testing typesAudit methodologiesDouble blind testing - Question #113Cloud Auditing Basics and Tools
Due to cloud audit team resource constraints, an audit plan as initially approved cannot be completed. Assuming that the situation is communicated in the cloud audit report which c...
Cloud audit planningResource constraintsRisk-based auditingAudit prioritization - Question #114Cloud Compliance
In an organization, how are policy violations MOST likely to occur?
Policy violationsHuman errorAccidental non-complianceCompliance failures - Question #115Cloud Security Auditing
Which of the following is the BEST tool to perform cloud security control audits?
Cloud Security AuditingCSA CCMSecurity ControlsAudit Tools - Question #116Cloud Security Auditing
Network environments and virtual instances shall be designed and configured to restrict and monitor traffic between trusted and untrusted connections. These configurations shall be...
Network SecurityTraffic FilteringNetwork SegmentationConfiguration Review - Question #117Cloud Security Auditing
After finding a vulnerability in an internet-facing server of an organization, a cybersecurity criminal is able to access an encrypted file system and successfully manages to overw...
Security Incident ImpactSecurity ControlsThreat AnalysisCloud Auditing - Question #118Cloud Risk Management
Which of the following is an example of financial business impact?
Financial ImpactBusiness ImpactRisk AssessmentDowntime Cost - Question #119Cloud Security Auditing
From the perspective of a senior cloud security audit practitioner in an organization of a mature security program with cloud adoption, which of the following statements BEST descr...
DevSecOpsSDLC SecurityCloud Security AuditAutomation - Question #120Cloud Risk Management
Which of the following is MOST important to consider when developing an effective threat model during the introduction of a new SaaS service into a customer organization's architec...
Threat ModelingSaaS SecurityShared Responsibility ModelCloud Risk Management - Question #121Cloud Audit Reporting and Assurance
While performing the audit, the auditor found that an object storage bucket containing PII could be accessed by anyone on the Internet. Given this discovery, what should be the mos...
Audit findingsReporting proceduresAuditor responsibilitiesStakeholder communication - Question #122Cloud Compliance
To qualify for CSA STAR attestation for a particular cloud system, the SOC 2 report must cover:
CSA STARSOC 2Cloud Control MatrixCloud Compliance - Question #123Cloud Compliance
Which of the following is MOST important to consider when an organization is building a compliance program for the cloud?
Cloud compliance programCloud characteristicsDynamic environmentService portfolio changes - Question #124Cloud Compliance
When developing a cloud compliance program, what is the PRIMARY reason for a cloud customer to review which cloud services will be deployed?
Cloud Compliance ProgramPolicy AlignmentCloud Service ReviewInternal Controls - Question #125Cloud Compliance
Which of the following attestation allows for immediate adoption of the Cloud Control Matrix (CCM) as additional criteria to AICPA Trust Service Criteria and provides the flexibili...
CSA STAR AttestationCloud Control Matrix (CCM)AICPA Trust Service CriteriaCloud Compliance Frameworks - Question #126Cloud Auditing Basics and Tools
To ensure that cloud audit resources deliver the best value to the organization, the PRIMARY step would be to:
Cloud Audit PlanningRisk-Based AuditAudit Resource ManagementValue Optimization