New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CCAK Exam - Topic 4 Question 40 Discussion

Actual exam question for Isaca's CCAK exam
Question #: 40
Topic #: 4
[All CCAK Questions]

Which of the following is a detective control that may be identified in a Software as a Service (SaaS) service provider?

Show Suggested Answer Hide Answer
Suggested Answer: D

A detective control is a type of internal control that seeks to uncover problems in a company's processes once they have occurred1.Examples of detective controls include physical inventory checks, reviews of account reports and reconciliations, as well as assessments of current controls1.Detective controls use platform telemetry to detect misconfigurations, vulnerabilities, and potentially malicious activity in the cloud environment2.

In a Software as a Service (SaaS) service provider, privileged access monitoring is a detective control that can help identify unauthorized or suspicious activities by users who have elevated permissions to access or modify cloud resources, data, or configurations.Privileged access monitoring can involve logging, auditing, alerting, and reporting on the actions performed by privileged users3. This can help detect security incidents, compliance violations, or operational errors in a timely manner and enable appropriate responses.

Data encryption, incident management, and network segmentation are examples of preventive controls, which are designed to prevent problems from occurring in the first place.Data encryption protects the confidentiality and integrity of data by transforming it into an unreadable format that can only be decrypted with a valid key1.Incident management is a process that aims to restore normal service operations as quickly as possible after a disruption or an adverse event4.Network segmentation divides a network into smaller subnetworks that have different access levels and security policies, reducing the attack surface and limiting the impact of a breach1.


Detective controls - SaaS Lens - docs.aws.amazon.com3, section on Privileged access monitoring

Detective controls | Cloud Architecture Center | Google Cloud2, section on Detective controls

Internal control: how do preventive and detective controls work?4, section on SaaS Solutions to Support Internal Control

Detective Control: Definition, Examples, Vs.Preventive Control1, section on What Is a Detective Control?

by Bulah at Mar 10, 2024, 05:49 AM

Limited Time Offer

25%

Off

Get Premium CCAK Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Ahmed
3 months ago
Yup, incident management helps track issues after they happen!
upvoted 0 times
...
Lilli
3 months ago
Wait, can network segmentation really be a detective control?
upvoted 0 times
...
Caitlin
3 months ago
Totally agree, privileged access monitoring is crucial!
upvoted 0 times
...
Leonor
4 months ago
I thought data encryption was more of a preventive measure?
upvoted 0 times
...
Brandee
4 months ago
Incident management is definitely a detective control.
upvoted 0 times
...
Beatriz
4 months ago
Network segmentation seems like it would help with security, but I don’t recall it being classified as a detective control.
upvoted 0 times
...
Kerry
4 months ago
I feel like data encryption is more of a preventive control, but I could be mixing it up with something else we practiced.
upvoted 0 times
...
Percy
4 months ago
I remember studying that detective controls are meant to identify and respond to incidents, so I’m leaning towards privileged access monitoring.
upvoted 0 times
...
Jannette
5 months ago
I think incident management might be the right answer since it's about detecting issues after they happen, but I'm not entirely sure.
upvoted 0 times
...
Selma
5 months ago
Okay, let me think this through. Detective controls are designed to identify and alert on potential security incidents, so I'm guessing privileged access monitoring or incident management would be the best options here.
upvoted 0 times
...
Talia
5 months ago
Hmm, I'm not sure about this one. I know SaaS providers need to have strong security controls, but I'm not sure which one of these would be considered a "detective" control specifically.
upvoted 0 times
...
Michael
5 months ago
This one seems pretty straightforward. I'm pretty confident data encryption is a key detective control for SaaS providers.
upvoted 0 times
...
Elmira
5 months ago
I feel like network segmentation could also be considered a detective control, since it helps identify and isolate potential threats. But I'm not 100% sure on that.
upvoted 0 times
...
Tijuana
5 months ago
Okay, I've got a strategy for this. I'll focus on the key things a selective export policy is used for, like limiting the VRF table size and controlling connectivity to certain customer networks.
upvoted 0 times
...
Dawne
5 months ago
I'm pretty confident that the answer is A. Managed services is a common example of outsourcing administration in the cloud context.
upvoted 0 times
...
Elden
5 months ago
I think "A" might be more about corporate ownership rather than tenancy in common. But I'm not entirely sure.
upvoted 0 times
...
Verda
2 years ago
I agree, having a combination of detective controls enhances security in a SaaS environment.
upvoted 0 times
...
Daniel
2 years ago
That's a good point, it's important to have multiple detective controls in place.
upvoted 0 times
...
Stacey
2 years ago
True, network segmentation can also help with detecting unauthorized access.
upvoted 0 times
...
Verda
2 years ago
I think privileged access monitoring is also an important detective control.
upvoted 0 times
...
Daniel
2 years ago
I disagree, I believe incident management could be a detective control.
upvoted 0 times
...
Stacey
2 years ago
I think the detective control in a SaaS service provider could be data encryption.
upvoted 0 times
...

Save Cancel