CCAK Exam Training Practice Tests (ISACA Certificate of Cloud Auditing Knowledge)]

Question 1

The three layers of Open Certification Framework (OCF) PRIMARILY help cloud service providers and cloud clients improve the level of:

A. audit structure and formats. B. risk and controls. C. transparency and assurance. D. legal and regulatory compliance.

Correct Answer: C

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 2

Which of the following enables auditors to conduct gap analyses of what a cloud service provider offers versus what the customer requires?

A. Using a standardized control framework B. The as-is and to-be enterprise architecture (EA C. The experience gained over the years D. Understanding the customer risk profile

Correct Answer: A

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 3

"Policies and procedures shall be established, and supporting business processes and technical measures implemented, for maintenance of several items ensuring continuity and availability of operations and support personnel." Which of the following types of controls BEST matches this control description?

A. System development maintenance B. Equipment maintenance C. Operations maintenance D. System maintenance

Correct Answer: C

Question 4

Which of the following is a KEY benefit of using the Cloud Controls Matrix (CCM)?

A. CCM V4 is an improved version from CCM V3.0.1. B. CCM maps to existing security standards, best practices, and regulations. C. CCM utilizes an ITIL framework to define the capabilities needed to manage the IT services and security services. D. CCM uses a specific control for Infrastructure as a Service (IaaS).

Correct Answer: B

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 5

Regarding suppliers of a cloud service provider, it is MOST important for the auditor to be aware that the:

A. suppliers are accountable for the provider's service that they are providing. B. client organization and provider are both responsible for the provider's suppliers. C. client organization does not need to worry about the provider's suppliers, as this is the provider's responsibility. D. client organization has a clear understanding of the provider s suppliers.

Correct Answer: D

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 6

A cloud service provider utilizes services of other service providers for its cloud service. Which of the following is the BEST approach for the auditor while performing the audit for the cloud service?

A. The auditor should review the relationship between the cloud service provider and its service provider to help direct and estimate the level of effort and analysis the auditor should apply. B. As the relationship between the cloud service provider and its service providers is governed by separate contracts between them, there is no need for the auditor to review the services C. As the contract for the cloud service is between the cloud customer and the cloud service provider, there is no need for the auditor to review the services provided by the service providers. D. The auditor should review the service providers' security controls even more strictly, as they are further separated from the cloud customer.

Correct Answer: A

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 7

Which of the following types of SOC reports BEST helps to ensure operating effectiveness of controls in a cloud service provider offering?

A. SOC 1 Type 1 B. SOC 2 Type 2 C. SOC 2 Type 1 D. SOC 3 Type 2

Correct Answer: B

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 8

To BEST prevent a data breach from happening, cryptographic keys should be:

A. embedded in source code. B. distributed in public-facing repositories. C. transmitted in clear text. D. rotated regularly.

Correct Answer: D

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 9

The BEST way to deliver continuous compliance in a cloud environment is to:

A. combine point-in-time assurance approaches with continuous monitoring. B. increase the frequency of external audits from annual to quarterly. C. decrease the interval between attestations of compliance D. combine point-in-time assurance approaches with continuous auditing.

Correct Answer: A

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 10

Which of the following is a KEY benefit of using the Cloud Controls Matrix (CCM)?

A. CCM V4 is an improved version from CCM V3.0.1. B. CCM maps to existing security standards, best practices, and regulations. C. CCM utilizes an ITIL framework to define the capabilities needed to manage the IT services and security services. D. CCM uses a specific control for Infrastructure as a Service (laaS).

Correct Answer: B

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 11

The CSA STAR Certification is based on criteria outlined the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) in addition to:

A. ISO/IEC 27001 implementation. B. GDPR CoC certification. C. GB/T 22080-2008. D. SOC 2 Type 1 or 2 reports.

Correct Answer: A

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

ISACA Certificate of Cloud Auditing Knowledge - CCAK Exam Practice Test