New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CCAK Exam - Topic 1 Question 56 Discussion

Actual exam question for Isaca's CCAK exam
Question #: 56
Topic #: 1
[All CCAK Questions]

A certification target helps in the formation of a continuous certification framework by incorporating:

Show Suggested Answer Hide Answer
Suggested Answer: B

According to the blog article ''Continuous Auditing and Continuous Certification'' by the Cloud Security Alliance, a certification target helps in the formation of a continuous certification framework by incorporating the scope description and security attributes to be tested1A certification target is a set of security objectives that a cloud service provider (CSP) defines and commits to fulfill as part of the continuous certification process1Each security objective is associated with a policy that specifies the assessment frequency, such as every four hours, every day, or every week1A certification target also includes a set of tools that are capable of verifying that the security objectives are met, such as automated scripts, APIs, or third-party services1

The other options are not correct because:

Option A is not correct because the service level objective (SLO) and service qualitative objective (SQO) are not part of the certification target, but rather part of the service level agreement (SLA) between the CSP and the cloud customer. An SLO is a measurable characteristic of the cloud service, such as availability, performance, or reliability.An SQO is a qualitative characteristic of the cloud service, such as security, privacy, or compliance2The SLA defines the expected level of service and the consequences of not meeting it. The SLA may be used as an input for defining the certification target, but it is not equivalent or synonymous with it.

Option C is not correct because the frequency of evaluating security attributes is not the only component of the certification target, but rather one aspect of it. The frequency of evaluating security attributes is determined by the policy that is associated with each security objective in the certification target.The policy defines how often the security objective should be verified by the tools, such as every four hours, every day, or every week1However, the frequency alone does not define the certification target, as it also depends on the scope description and the security attributes to be tested.

Option D is not correct because CSA STAR level 2 attestation is not a component of the certification target, but rather a prerequisite for it.CSA STAR level 2 attestation is a third-party independent assessment of the CSP's security posture based on ISO/IEC 27001 and CSA Cloud Controls Matrix (CCM)3CSA STAR level 2 attestation provides a baseline assurance level for the CSP before they can define and implement their certification target for continuous certification.CSA STAR level 2 attestation is also required for CSA STAR level 3 certification, which is based on continuous auditing and continuous certification3


by Rickie at Sep 19, 2024, 06:41 AM

Limited Time Offer

25%

Off

Get Premium CCAK Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Tracie
3 months ago
I’m surprised this is even a question, thought it was common knowledge!
upvoted 0 times
...
Socorro
3 months ago
Scope description and security attributes are super important too!
upvoted 0 times
...
Skye
3 months ago
Wait, isn't CSA STAR level 2 just a certification?
upvoted 0 times
...
Penney
4 months ago
Totally agree, those are key components!
upvoted 0 times
...
Frank
4 months ago
I think it's definitely about SLO and SQO.
upvoted 0 times
...
Simona
4 months ago
I vaguely remember something about CSA STAR level 2 attestation, but I don't think it fits the definition of a certification target in this context.
upvoted 0 times
...
Rosita
4 months ago
I feel like the frequency of evaluating security attributes is important, but I can't recall if that's what a certification target specifically incorporates.
upvoted 0 times
...
Avery
4 months ago
I remember practicing a question about security attributes, so maybe option B is the correct answer? It seems relevant to what we discussed.
upvoted 0 times
...
Refugia
5 months ago
I think the certification target is related to SLO and SQO, but I'm not entirely sure if that's the right focus for a continuous framework.
upvoted 0 times
...
Destiny
5 months ago
This is a tricky one. I'm not entirely sure what a "certification target" is in this context. I'll need to review my notes on certification frameworks to try to narrow down the best answer choice.
upvoted 0 times
...
Ruthann
5 months ago
Okay, I think I've got this. A certification target helps establish the criteria for a continuous certification framework, so the answer is likely related to defining the scope and requirements for that ongoing evaluation process.
upvoted 0 times
...
Jesusita
5 months ago
Hmm, I'm a bit unsure about this one. The options mention things like "service level objective" and "security attributes" that I'm not super familiar with. I'll need to think through the question carefully.
upvoted 0 times
...
Daren
5 months ago
This question seems straightforward. I'll focus on understanding the key terms like "certification target" and "continuous certification framework" to determine which answer choice best incorporates those concepts.
upvoted 0 times
...
Ellsworth
5 months ago
Okay, this looks like a standard cost accounting question. I'll need to calculate the material price planning variance for Ingredient A based on the given information.
upvoted 0 times
...
Layla
1 year ago
This question is a real head-scratcher! I'd better brush up on my continuous certification framework knowledge before the exam. Maybe I should ask the test proctor for a snack break to help me think it through.
upvoted 0 times
Ligia
1 year ago
D) CSA STAR level 2 attestation.
upvoted 0 times
...
Vesta
1 year ago
C) the frequency of evaluating security attributes.
upvoted 0 times
...
Osvaldo
1 year ago
B) the scope description and security attributes to be tested.
upvoted 0 times
...
Ciara
1 year ago
A) the service level objective (SLO) and service qualitative objective (SQO).
upvoted 0 times
...
...
Jonell
1 year ago
C is a good option, but I think it's just one part of the continuous certification framework. The question is asking for a more comprehensive answer.
upvoted 0 times
...
Almeta
1 year ago
I'm still trying to wrap my head around this continuous certification thing. Sounds like a lot of work, but I guess it's important to keep up with the latest security standards. At least it's not as complicated as getting my driver's license renewed!
upvoted 0 times
Clay
1 year ago
C: Definitely, staying up to date with security standards is crucial in today's digital world.
upvoted 0 times
...
Herschel
1 year ago
B: Yeah, it's all about setting the right goals and objectives for security.
upvoted 0 times
...
Lynelle
1 year ago
A: A certification target helps in the formation of a continuous certification framework by incorporating the service level objective (SLO) and service qualitative objective (SQO).
upvoted 0 times
...
...
Christene
1 year ago
I think the correct answer is B. The certification target should include the scope description and security attributes to be tested as part of the continuous certification framework.
upvoted 0 times
Josue
1 year ago
CSA STAR level 2 attestation is also important for certification, but not part of the certification target.
upvoted 0 times
...
Marjory
1 year ago
User 3: Yes, that's right. It helps in forming a comprehensive certification framework.
upvoted 0 times
...
Nieves
1 year ago
I agree, the scope description and security attributes are important to include.
upvoted 0 times
...
Cordell
1 year ago
Including the scope description and security attributes ensures a comprehensive evaluation.
upvoted 0 times
...
Leatha
1 year ago
It's important to have a clear understanding of what needs to be tested for certification.
upvoted 0 times
...
Dominga
1 year ago
I think the correct answer is B.
upvoted 0 times
...
Lonny
1 year ago
I agree, the scope description and security attributes are crucial for the certification target.
upvoted 0 times
...
...
Anissa
1 year ago
I believe the scope description and security attributes should also be part of the certification target to ensure comprehensive testing.
upvoted 0 times
...
Maybelle
1 year ago
I agree with you, Catrice. Including SLO and SQO helps in setting clear goals for certification.
upvoted 0 times
...
Catrice
1 year ago
I think a certification target should include the service level objective and service qualitative objective.
upvoted 0 times
...

Save Cancel