Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Isaca Exam CCAK Topic 1 Question 56 Discussion

Actual exam question for Isaca's CCAK exam
Question #: 56
Topic #: 1
[All CCAK Questions]

A certification target helps in the formation of a continuous certification framework by incorporating:

Show Suggested Answer Hide Answer
Suggested Answer: B

According to the blog article ''Continuous Auditing and Continuous Certification'' by the Cloud Security Alliance, a certification target helps in the formation of a continuous certification framework by incorporating the scope description and security attributes to be tested1A certification target is a set of security objectives that a cloud service provider (CSP) defines and commits to fulfill as part of the continuous certification process1Each security objective is associated with a policy that specifies the assessment frequency, such as every four hours, every day, or every week1A certification target also includes a set of tools that are capable of verifying that the security objectives are met, such as automated scripts, APIs, or third-party services1

The other options are not correct because:

Option A is not correct because the service level objective (SLO) and service qualitative objective (SQO) are not part of the certification target, but rather part of the service level agreement (SLA) between the CSP and the cloud customer. An SLO is a measurable characteristic of the cloud service, such as availability, performance, or reliability.An SQO is a qualitative characteristic of the cloud service, such as security, privacy, or compliance2The SLA defines the expected level of service and the consequences of not meeting it. The SLA may be used as an input for defining the certification target, but it is not equivalent or synonymous with it.

Option C is not correct because the frequency of evaluating security attributes is not the only component of the certification target, but rather one aspect of it. The frequency of evaluating security attributes is determined by the policy that is associated with each security objective in the certification target.The policy defines how often the security objective should be verified by the tools, such as every four hours, every day, or every week1However, the frequency alone does not define the certification target, as it also depends on the scope description and the security attributes to be tested.

Option D is not correct because CSA STAR level 2 attestation is not a component of the certification target, but rather a prerequisite for it.CSA STAR level 2 attestation is a third-party independent assessment of the CSP's security posture based on ISO/IEC 27001 and CSA Cloud Controls Matrix (CCM)3CSA STAR level 2 attestation provides a baseline assurance level for the CSP before they can define and implement their certification target for continuous certification.CSA STAR level 2 attestation is also required for CSA STAR level 3 certification, which is based on continuous auditing and continuous certification3


by Rickie at Sep 19, 2024, 06:41 AM

Limited Time Offer

25%

Off

Get Premium CCAK Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Layla
8 months ago
This question is a real head-scratcher! I'd better brush up on my continuous certification framework knowledge before the exam. Maybe I should ask the test proctor for a snack break to help me think it through.
upvoted 0 times
Ligia
7 months ago
D) CSA STAR level 2 attestation.
upvoted 0 times
...
Vesta
7 months ago
C) the frequency of evaluating security attributes.
upvoted 0 times
...
Osvaldo
7 months ago
B) the scope description and security attributes to be tested.
upvoted 0 times
...
Ciara
7 months ago
A) the service level objective (SLO) and service qualitative objective (SQO).
upvoted 0 times
...
...
Jonell
8 months ago
C is a good option, but I think it's just one part of the continuous certification framework. The question is asking for a more comprehensive answer.
upvoted 0 times
...
Almeta
8 months ago
I'm still trying to wrap my head around this continuous certification thing. Sounds like a lot of work, but I guess it's important to keep up with the latest security standards. At least it's not as complicated as getting my driver's license renewed!
upvoted 0 times
Clay
7 months ago
C: Definitely, staying up to date with security standards is crucial in today's digital world.
upvoted 0 times
...
Herschel
7 months ago
B: Yeah, it's all about setting the right goals and objectives for security.
upvoted 0 times
...
Lynelle
8 months ago
A: A certification target helps in the formation of a continuous certification framework by incorporating the service level objective (SLO) and service qualitative objective (SQO).
upvoted 0 times
...
...
Christene
9 months ago
I think the correct answer is B. The certification target should include the scope description and security attributes to be tested as part of the continuous certification framework.
upvoted 0 times
Josue
7 months ago
CSA STAR level 2 attestation is also important for certification, but not part of the certification target.
upvoted 0 times
...
Marjory
7 months ago
User 3: Yes, that's right. It helps in forming a comprehensive certification framework.
upvoted 0 times
...
Nieves
8 months ago
I agree, the scope description and security attributes are important to include.
upvoted 0 times
...
Cordell
8 months ago
Including the scope description and security attributes ensures a comprehensive evaluation.
upvoted 0 times
...
Leatha
8 months ago
It's important to have a clear understanding of what needs to be tested for certification.
upvoted 0 times
...
Dominga
8 months ago
I think the correct answer is B.
upvoted 0 times
...
Lonny
8 months ago
I agree, the scope description and security attributes are crucial for the certification target.
upvoted 0 times
...
...
Anissa
9 months ago
I believe the scope description and security attributes should also be part of the certification target to ensure comprehensive testing.
upvoted 0 times
...
Maybelle
9 months ago
I agree with you, Catrice. Including SLO and SQO helps in setting clear goals for certification.
upvoted 0 times
...
Catrice
9 months ago
I think a certification target should include the service level objective and service qualitative objective.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77