Free Isaca CCAK Exam Dumps and CCAK Exam Questions

Question No: 1

MultipleChoice

From the perspective of a senior cloud security audit practitioner in an organization of a mature security program with cloud adoption, which of the following statements BEST describes the DevSecOps concept?

Options

AProcess of security integration using automation in software development

BDevelopment standards for addressing integration, testing, and deployment issues

COperational framework that promotes software consistency through automation

DMaking software development simpler, faster, and easier using automation

Question No: 2

MultipleChoice

The MAIN difference between Cloud Control Matrix (CCM) and Consensus Assessment Initiative Questionnaire (CAIQ) is that:

Options

ACCM assesses the presence of controls, whereas CAIQ assesses overall security of a service.

BCCM has a set of security questions, whereas CAIQ has a set of security controls.

CCCM has 14 domains and CAIQ has 16 domains.

DCCM provides a controls framework, whereas CAIQ provides industry-accepted ways to document which security controls exist in IaaS, PaaS, and SaaS offerings.

Question No: 3

MultipleChoice

Which of the following approaches encompasses social engineering of staff, bypassing of physical access controls and penetration testing?

Options

ABlue team

BWhite box

CGray box

DRed team

Question No: 4

MultipleChoice

Policies and procedures shall be established, and supporting business processes and technical measures implemented, for maintenance of several items ensuring continuity and availability of operations and support personnel. Which of the following controls BEST matches this control description?

Options

AOperations Maintenance

BSystem Development Maintenance

CEquipment Maintenance

DSystem Maintenance

Question No: 5

MultipleChoice

An auditor identifies that a CSP received multiple customer inquiries and RFPs during the last month. Which of the following should be the BEST recommendation to reduce the CSP burden?

Options

ACSP can share all security reports with customers to streamline the process.

BCSP can schedule a call with each customer.

CCSP can answer each customer individually.

DCSP can direct all customers' inquiries to the information in the CSA STAR registry.

Question No: 6

MultipleChoice

The PRIMARY objective of an audit initiation meeting with a cloud audit client is to:

Options

Aselect the methodology of an audit.

Breview requested evidence provided by the audit client.

Cdiscuss the scope of the cloud audit.

Didentify resource requirements of the cloud audit.

Question No: 7

MultipleChoice

When a client's business process changes, the CSP SLA should:

Options

Abe reviewed, but the SLA cannot be updated.

Bnot be reviewed, but the cloud contract should be cancelled immediately.

Cnot be reviewed as the SLA cannot be updated.

Dbe reviewed and updated if required.

Question No: 8

MultipleChoice

SAST testing is performed by:

Options

Ascanning the application source code.

Bscanning the application interface.

Cscanning all infrastructure components.

Dperforming manual actions to gain control of the application.

Question No: 9

MultipleChoice

After finding a vulnerability in an internet-facing server of an organization, a cybersecurity criminal is able to access an encrypted file system and successfully manages to overwrite part of some files with random dat

a. In reference to the Top Threats Analysis methodology, how would you categorize the technical impact of this incident?

Options

AAs an integrity breach

BAs control breach

CAs an availability breach

DAs a confidentiality breach

Question No: 10

MultipleChoice

Network environments and virtual instances shall be designed and configured to restrict and monitor traffic between trusted and untrusted connections. These configurations shall be reviewed at least annually, and supported by a documented justification for use for all allowed services, protocols, ports, and by compensating controls. Which of the following controls BEST matches this control description?

Options

ANetwork Security

BChange Detection

CVirtual Instance and OS Hardening

DNetwork Vulnerability Management