Free Isaca CCAK Exam Dumps and CCAK Exam Questions

Question No: 11

MultipleChoice

An auditor identifies that a CSP received multiple customer inquiries and RFPs during the last month. Which of the following should be the BEST recommendation to reduce the CSP burden?

Options

ACSP can share all security reports with customers to streamline the process.

BCSP can schedule a call with each customer.

CCSP can answer each customer individually.

DCSP can direct all customers' inquiries to the information in the CSA STAR registry.

Question No: 12

MultipleChoice

The PRIMARY objective of an audit initiation meeting with a cloud audit client is to:

Options

Aselect the methodology of an audit.

Breview requested evidence provided by the audit client.

Cdiscuss the scope of the cloud audit.

Didentify resource requirements of the cloud audit.

Question No: 13

MultipleChoice

When a client's business process changes, the CSP SLA should:

Options

Abe reviewed, but the SLA cannot be updated.

Bnot be reviewed, but the cloud contract should be cancelled immediately.

Cnot be reviewed as the SLA cannot be updated.

Dbe reviewed and updated if required.

Question No: 14

MultipleChoice

SAST testing is performed by:

Options

Ascanning the application source code.

Bscanning the application interface.

Cscanning all infrastructure components.

Dperforming manual actions to gain control of the application.

Question No: 15

MultipleChoice

After finding a vulnerability in an internet-facing server of an organization, a cybersecurity criminal is able to access an encrypted file system and successfully manages to overwrite part of some files with random dat

a. In reference to the Top Threats Analysis methodology, how would you categorize the technical impact of this incident?

Options

AAs an integrity breach

BAs control breach

CAs an availability breach

DAs a confidentiality breach

Question No: 16

MultipleChoice

Network environments and virtual instances shall be designed and configured to restrict and monitor traffic between trusted and untrusted connections. These configurations shall be reviewed at least annually, and supported by a documented justification for use for all allowed services, protocols, ports, and by compensating controls. Which of the following controls BEST matches this control description?

Options

ANetwork Security

BChange Detection

CVirtual Instance and OS Hardening

DNetwork Vulnerability Management

Question No: 17

MultipleChoice

In an organization, how are policy violations MOST likely to occur?

Options

ABy accident

BDeliberately by the ISP

CDeliberately

DDeliberately by the cloud provider

Question No: 18

MultipleChoice

Due to cloud audit team resource constraints, an audit plan as initially approved cannot be completed. Assuming that the situation is communicated in the cloud audit report which course of action is MOST relevant?

Options

AFocusing on auditing high-risk areas

BTesting the adequacy of cloud controls design

CRelying on management testing of cloud controls

DTesting the operational effectiveness of cloud controls

Question No: 19

MultipleChoice

Changes to which of the following will MOST likely influence the expansion or reduction of controls required to remediate the risk arising from changes to an organization's SaaS vendor?

Options

ARisk exceptions policy

BContractual requirements

CRisk appetite

DBoard oversight

Question No: 20

MultipleChoice

A CSP contracts for a penetration test to be conducted on its infrastructures. The auditor engages the target with no prior knowledge of its defenses, assets, or channels. The CSP's security operation center is not notified in advance of the scope of the audit and the test vectors. Which mode is selected by the CSP?

Options

ADouble gray box

BTandem

CReversal

DDouble blind

Free Isaca CCAK Exam Dumps - Page 2