시험덤프
매달, 우리는 1000명 이상의 사람들이 시험 준비를 잘하고 시험을 잘 통과할 수 있도록 도와줍니다.
  / CCAK 덤프  / CCAK 문제 연습

ISACA CCAK 시험

Certificate of Cloud Auditing Knowledge 온라인 연습

최종 업데이트 시간: 2024년11월08일

당신은 온라인 연습 문제를 통해 ISACA CCAK 시험지식에 대해 자신이 어떻게 알고 있는지 파악한 후 시험 참가 신청 여부를 결정할 수 있다.

시험을 100% 합격하고 시험 준비 시간을 35% 절약하기를 바라며 CCAK 덤프 (최신 실제 시험 문제)를 사용 선택하여 현재 최신 76개의 시험 문제와 답을 포함하십시오.

 / 3

Question No : 1


The MOST critical concept of managing the build and test of code in DevOps is:

정답:
Explanation:
Reference: https://smartbear.com/blog/devops-testing-strategy-best-practices-tools/

Question No : 2


After finding a vulnerability in an internet-facing server of an organization, a cybersecurity criminal is able to access an encrypted file system and successfully manages to overwrite part of some files with random data.
In reference to the Top Threats Analysis methodology, how would you categorize the technical impact of this incident?

정답:

Question No : 3


To ensure that cloud audit resources deliver the best value to the organization, the PRIMARY step would be to:

정답:
Explanation:
It delivers value to the organization are the resources and efforts being dedicated to, and focused on, the higher-risk areas.

Question No : 4


An independent contractor is assessing security maturity of a SaaS company against industry standards. The SaaS company has developed and hosted all their products using the cloud services provided by a third-party cloud service provider (CSP) .
What is the optimal and most efficient mechanism to assess the controls CSP is responsible for?

정답:
Explanation:
Reference: https://www.sapidata.sm/img/cms/CAIQ_v3-1_2020-01-13.pdf

Question No : 5


In the context of Infrastructure as a Service (IaaS), a vulnerability assessment will scan virtual machines to identify vulnerabilities in:

정답:

Question No : 6


A large organization with subsidiaries in multiple locations has a business requirement to organize IT systems to have identified resources reside in particular locations with organizational personnel .
Which access control method will allow IT personnel to be segregated across the various locations?

정답:

Question No : 7


Which of the following is a corrective control that may be identified in a SaaS service provider?

정답:

Question No : 8


In all three cloud deployment models, (IaaS, PaaS, and SaaS), who is responsible for the patching of the hypervisor layer?

정답:

Question No : 9


What areas should be reviewed when auditing a public cloud?

정답:

Question No : 10


One of the Cloud Control Matrix’s (CCM’s) control specifications states that “Independent reviews and assessments shall be performed at least annually to ensure that the organization addresses nonconformities of established policies, standards, procedures, and compliance obligations.”
Which of the following controls under the Audit Assurance and Compliance domain does this match to?

정답:

Question No : 11


Which of the following approaches encompasses social engineering of staff, bypassing of physical access controls and penetration testing?

정답:
Explanation:
Reference: https://www.isaca.org/resources/isaca-journal/issues/2016/volume-5/planning-for-information-security-testinga-practical-approach

Question No : 12


Which of the following should be the FIRST step to establish a cloud assurance program during a cloud migration?

정답:

Question No : 13


You have been assigned the implementation of an ISMS, whose scope must cover both on premise and cloud infrastructure .
Which of the following is your BEST option?

정답:

Question No : 14


Which plan will guide an organization on how to react to a security incident that might occur on the organization’s systems, or that might be affecting one of their service providers?

정답:

Question No : 15


Which of the following contract terms is necessary to meet a company’s requirement that needs to move data from one CSP to another?

정답:
Explanation:
Reference: https://www.isaca.org/resources/isaca-journal/past-issues/2014/data-owners-responsibilities-when-migrating-to-the-cloud

 / 3
ISACA
CISA 덤프