Isaca CCAK Exam Practice Test Instant Access

Question 1

To ensure that cloud audit resources deliver the best value to the organization, the FIRST step is to:

Aschedule the audits and monitor the time spent on each audit.

Bmonitor progress of audits and initiate cost control measures.

Cdevelop a cloud audit plan on the basis of a detailed risk assessment.

Dtrain the cloud audit staff on current technology used in the organization.

Answer : C

Question 2

Which audit report provides an attestation of audit results that cloud service providers will make available for public consumption?

ASOC1 Type1

BSOC2 Type2

CSOC 3

DSOC1

Answer : C

Question 3

Which of the following principles, when combined with a structured development methodology, would BEST contribute to the consistent introduction of secure and compliant Software as a Service (SaaS) solutions in an organization?

ALeast common mechanism

BSecurity by design

CLeast privilege

DFail safe defaults

Answer : B

Question 4

To ensure that compliance obligations for data residency in the cloud are aligned with an organization's risk appetite, which of the following activities is MOST important to perform?

AManage compliance obligations through a structured risk management process.

BCommunicate the organization's risk appetite across cloud service providers.

CPerform a cloud vendor assessment every time there is a change to data flows.

DDevelop risk metrics to show how the organization is meeting the obligations.

Answer : A

Question 5

Which of the following is MOST important to consider when an organization is building a compliance program for the cloud?

AThe similarity of the cloud to the on-premise environment in terms of compliance

BThe fairly static nature of the service portfolio and architecture of the cloud

CThe rapidly changing service portfolio and architecture of the cloud

DThat cloud providers should not be part of the compliance program

Answer : C

Question 6

Which of the following is MOST important for an auditor to understand regarding cloud security controls?

AControls adapt to changes in the threat landscape.

BControls are the responsibility of the cloud service provider.

CControls are the responsibility of the internal audit team.

DControls are static and do not change.

Answer : A

Question 7

Account design in the cloud should be driven by:

Abusiness continuity policies.

Bsecurity requirements.

Cmanagement structure.

Dorganizational structure.

Answer : B

Isaca CCAK Certificate of Cloud Auditing Knowledge Exam Practice Test