New Year Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CCAK Exam Dumps - Certificate of Cloud Auditing Knowledge

Go to page:
Question # 17

Which of the following processes should be performed FIRST to properly implement the NIST SP 800-53 r4 control framework in an organization?

A.

A selection of the security objectives the organization wants to improve

B.

A security categorization of the information systems

C.

A comprehensive business impact analysis (BIA)

D.

A comprehensive tailoring of the controls of the framework

Full Access
Question # 18

Which of the following is the PRIMARY component to determine the success or failure of an organization’s cloud compliance program?

A.

Defining the metrics and indicators to monitor the implementation of the compliance program

B.

Determining the risk treatment options to be used in the compliance program

C.

Mapping who possesses the information and data that should drive the compliance goals

D.

Selecting the external frameworks that will be used as reference

Full Access
Question # 19

What areas should be reviewed when auditing a public cloud?

A.

Patching and configuration

B.

Vulnerability management and cyber security reviews

C.

Identity and access management (IAM) and data protection

D.

Source code reviews and hypervisor

Full Access
Question # 20

Organizations maintain mappings between the different control frameworks they adopt to:

A.

help identify controls with common assessment status.

B.

avoid duplication of work when assessing compliance,

C.

help identify controls with different assessment status.

D.

start a compliance assessment using the latest assessment.

Full Access
Question # 21

Which of the following is the PRIMARY area for an auditor to examine in order to understand the criticality of the cloud services in an organization, along with their dependencies and risks?

A.

Contractual documents of the cloud service provider

B.

Heat maps

C.

Data security process flow

D.

Turtle diagram

Full Access
Question # 22

What is a sign that an organization has adopted a shift-left concept of code release cycles?

A.

Large entities with slower release cadences and geographically dispersed systems

B.

Incorporation of automation to identify and address software code problems early

C.

A waterfall model remove resources through the development to release phases

D.

Maturity of start-up entities with high-iteration to low-volume code commits

Full Access
Question # 23

Which of the following is the BEST tool to perform cloud security control audits?

A.

Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM)

B.

General Data Protection Regulation (GDPR)

C.

Federal Information Processing Standard (FIPS) 140-2

D.

ISO 27001

Full Access
Question # 24

The MAIN limitation of relying on traditional cloud compliance assurance approaches such as SOC2 attestations is that:

A.

they can only be performed by skilled cloud audit service providers.

B.

they are subject to change when the regulatory climate changes.

C.

they provide a point-in-time snapshot of an organization's compliance posture.

D.

they place responsibility for demonstrating compliance on the vendor organization.

Full Access
Go to page: