Isaca CCAK Exam Practice Test Instant Access

Question 1

As part of continuous auditing, which of the following should a third-party auditor verify on a regular basis?

AReporting tools are reliable and based on defined objectives.

BThe cloud service provider is compliant.

CAssessment tools are configured based on cloud security best practices.

DApplication programming interfaces (APIs) implemented are appropriate.

Answer : C

Question 2

When performing audits in relation to the organizational strategy and governance, what should be requested from the cloud service provider?

AEnterprise cloud security strategy

BEnterprise cloud strategy and policy

CAttestation reports

DPolicies and procedures

Answer : C

Question 3

An auditor is auditing the services provided by a cloud service provider. When evaluating the security of the cloud customer's data in the cloud, which of the following should be of GREATEST concern to the auditor?

APersonally identifiable information (Pll) is pseudonymized but not fully encrypted.

BThe cloud customer has encrypted the confidential data in the cloud using its own encryption keys.

CThe confidential data stored in the cloud is encrypted using encryption keys that are managed by the provider.

DAccording to the cloud customer's data handling policy, all confidential data should be encrypted, but the confidential data stored in the cloud is well segmented but not encrypted.

Answer : A

Question 4

For an auditor auditing an organization's cloud resources, which of the following should be of GREATEST concern?

AThe organization does not have separate policies for governing its cloud environment.

BThe organization's IT team does not include resources with cloud certifications.

CThe organization does not perform periodic reviews or control monitoring for its cloud environment, but it has a documented audit plan and performs an audit for its cloud environment every alternate year.

DThe risk management team reports to the head of audit.

Answer : C

Question 5

What should be the auditor's PRIMARY objective when examining a cloud service provider's service level agreement (SLA)?

AVerifying whether the SLA includes all the operational matters that are material to the operation of the service

BVerifying whether the SLAs are well defined and measurable

CVerifying whether commensurate compensation in the form of service credits are factored in if the customer is unable to match its SLA obligations

DVerifying whether the SLA caters to the availability requirements of the cloud service customer

Answer : B

Question 6

Which of the following is a PRIMARY benefit of using a standardized control framework?

AIt enables senior management to receive regular and detailed executive reports easily.

BIt enables the organization to implement an effective process of control measurement.

CIt enables auditors to assess an information system based on a well-defined set of controls.

DIt enables consultants to speed up the implementation of management systems, thus reducing costs.

Answer : C

Question 7

Which of the following is a tool that visually depicts the gaps in an organization's security capabilities?

ACloud security alliance (CSA) cloud control matrix

BRequirements traceability matrix

CCloud security alliance (CSA) enterprise architecture (EA)

DColored impact and likelihood risk matrix

Answer : C

Isaca CCAK Certificate of Cloud Auditing Knowledge Exam Practice Test