Practice CCAK Exam Online

Question 1

The Cloud Octagon Model was developed to support organizations:

A : risk assessment methodology

B : risk treatment methodology.

C : incident response methodology.

D : incident detection methodology.

Answer: A

Question 2

During an audit it was identified that a critical application hosted in an off-premises cloud is not part of the organization’s DRP (Disaster Recovery Plan). Management stated that it is responsible for ensuring that the cloud service provider (CSP) has a plan that is tested annually. What should be the auditor’s NEXT course of action?

A : Review the CSP audit reports

B : Review the security white paper of the CSP.

C : Review the contract and DR capability.

D : Plan an audit of the CSP.

Answer: B

Question 3

Which of the following would be a logical starting point for an auditor who has been engaged to assess the security of an organization’s DevOps pipeline?

A : Verify the inclusion of security gates in the pipeline.

B : Conduct an architectural assessment.

C : Review the CI/CD pipeline audit logs.

D : Verify separation of development and production pipelines.

Answer: C

Question 4

You have been assigned the implementation of an ISMS, whose scope must cover both on premise and cloud infrastructure. Which of the following is your BEST option?

A : Implement ISO/IEC 27002 and complement it with additional controls from the CCM

B : Implement ISO/IEC 27001 and complement it with additional controls from ISO/IEC 27017.

C : Implement ISO/IEC 27001 and complement it with additional controls from ISO/IEC 27002.

D : Implement ISO/IEC 27001 and complement it with additional controls from the NIST SP 800-145

Answer: B

Question 5

What is below the waterline in the context of cloud operationalization?

A : The controls operated by the cloud access security broker (CASB)

B : The controls operated by both

C : The controls operated by the customer

D : The controls operated by the cloud service provider

Answer: D

Name:	Certificate of Cloud Auditing Knowledge
Exam Code:	CCAK
Certification:	CSA Cloud Security
Vendor:	Cloud Security Alliance
Total Questions:	231
Last Updated:	Apr 24, 2024

Cloud Security Alliance CCAK