Isaca CCAK Exam Practice Test Instant Access

Question 1

Management planes deployed in cloud environments may pose a risk of potentially allowing access to the entire environment. Which of the following controls is MOST appropriate for mitigating this risk?

AChange management

BRegular audits

CAccess restriction

DIncreased monitoring

Answer : C

Question 2

The MAIN difference between the Cloud Controls Matrix (CCM) and the Consensus Assessment Initiative Questionnaire (CAIQ) is that:

ACCM assesses the presence of controls, whereas CAIQ assesses the overall security of a service.

BCCM has 14 domains, whereas CAIQ has 16 domains.

CCCM provides a controls framework, whereas CAIQ provides industry-accepted ways to document which security controls exist in Infrastructure as a Service (laaS), Platform as a Service (PaaS), and Software as a Service (SaaS) offerings.

DCCM has a set of security questions, whereas CAIQ has a set of security controls.

Answer : C

Question 3

Which of the following configuration change controls is acceptable to a cloud auditor?

AProgrammers have permanent access to production software.

BProgrammers cannot make uncontrolled changes to the source code production version.

CDevelopment, test, and production are hosted in the same network environment.

DThe head of development approves changes requested to production.

Answer : B

Question 4

"Policies and procedures shall be established, and supporting business processes and technical measures implemented, for maintenance of several items ensuring continuity and availability of operations and support personnel." Which of the following types of controls BEST matches this control description?

ASystem development maintenance

BOperations maintenance

CSystem maintenance

DEquipment maintenance

Answer : B

Question 5

Which of the following are independent assessment organizations that verify cloud providers' security implementations and provide the overall risk posture of a cloud environment for a FedRAMP security authorization decision?

AFedRAMP Program Management Office (FedRAMP PMO)

BAmerican Association of Laboratory Accreditation (A2LA)

CThird-party Assessment Organizations (3PAOs)

DFedRAMP Joint Authorization Boards (JABs)

Answer : C

Question 6

Which plan guides an organization on how to react to a security incident that might occur on the organization's systems, or that might be affecting one of its service providers?

AIncident response plan

BSecurity incident plan

CUnexpected event plan

DEmergency incident plan

Answer : A

Question 7

Which of the following cloud service models creates a cloud version of a contract template?

APlatform as a Service (PaaS)

BInfrastructure as a Service (laaS)

CSoftware as a Service (SaaS)

DSecurity as a Service (SecaaS)

Answer : C

Isaca CCAK Certificate of Cloud Auditing Knowledge Exam Practice Test