Certificate of Cloud Auditing Knowledge CCAK real exam questions have been updated, which are valuable for you to pass CCAK test. The Certificate of Cloud Auditing Knowledge CCAK is the first credential available for industry professionals to demonstrate their expertise in the essential principles of auditing cloud computing systems. CCAK benefits both CSA and ISACA members and certification holders as it builds on the body of knowledge covered in CSA's Certificate of Cloud Security Knowledge (CCSK) and complement's ISACA's ANSI accredited certifications such as CISA, CISM, CRISC and CGEIT.
ISACA CCAK Exam
CCAK certificate fills a gap in the industry for competent technical professionals who can help organizations mitigate risks and optimize ROI in the cloud.
Number of questions: 76 multiple choice questions
Duration: 2 hours
Passing score: 70%
Language: English
Certificate of Cloud Auditing Knowledge CCAK Exam Domains
CCAK prepares IT professionals to address the unique challenges of auditing the cloud, ensuring the right controls for confidentiality, integrity and accessibility and mitigating risks and costs of audit management and non-compliance. Certificate of Cloud Auditing Knowledge CCAK exam domains cover the following details.
Cloud Governance (18%)
Cloud Compliance Program (21%)
CCM and CAIQ: Goals, Objectives, and Structure (12%)
A Threat Analysis Methodology for Cloud Using CCM (5%)
Evaluating a Cloud Compliance Program (9%)
Cloud Auditing (15%)
CCM: Auditing Controls (8%)
Continuous Assurance and Compliance (7%)
STAR Program (5%)
Share updated CCAK Real Exam Questions
All the updated CCAK real exam questions are the material for you to study the above Certificate of Cloud Auditing Knowledge domains. Share some updated ISACA certification CCAK real exam questions below.
1.Which of the following key stakeholders should be identified the earliest when an organization is designing a cloud compliance program?
A. Cloud strategy owners
B. Legal functions
C. Internal control function
D. Cloud process owners
Answer: D
2.When developing a cloud compliance program, what is the PRIMARY reason for a cloud customer to review which cloud services will be deployed?
A. To determine the total cost of the cloud services to be deployed
B. To confirm which vendor will be selected based on the compliance with security requirements
C. To confirm if the compensating controls implemented are sufficient for the cloud
D. To determine how those services will fit within its policies and procedures
Answer: D
3.Network environments and virtual instances shall be designed and configured to restrict and monitor traffic between trusted and untrusted connections. These configurations shall be reviewed at least annually, and supported by a documented justification for use for all allowed services, protocols, ports, and by compensating controls. Which of the following controls BEST matches this control description?
A. Network Security
B. Network Vulnerability Management
C. Virtual Instance and OS Hardening
D. Change Detection
Answer: A
4.Policies and procedures shall be established, and supporting business processes and technical measures implemented, for maintenance of several items ensuring continuity and availability of operations and support personnel. Which of the following controls BEST matches this control description?
A. Operations Maintenance
B. Equipment Maintenance
C. System Maintenance
D. System Development Maintenance
Answer: A
5.A CSP contracts for a penetration test to be conducted on its infrastructures. The auditor engages the target with no prior knowledge of its defenses, assets, or channels. The CSP's security operation center is not notified in advance of the scope of the audit and the test vectors. Which mode is selected by the CSP?
A. Double blind
B. Tandem
C. Double gray box
D. Reversal
Answer: A
