ISACA Certificate of Cloud Auditing Knowledge - CCAK Exam Practice Test
Which of the following cloud service provider activities MUST obtain a client's approval?
Correct Answer: C
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
A large healthcare provider within the United States is seeking a cloud service provider offering Software as a Service (SaaS) for core business systems. The selected provider MUST comply with which of the following regulations?
Correct Answer: B
Vote an answer
A cloud service customer is looking to subscribe to a finance solution provided by a cloud service provider. The provider has clarified that the audit logs cannot be taken out of the cloud environment by the customer to its security information and event management (SIEM) solution for monitoring purposes. Which of the following should be the GREATEST concern to the auditor?
Correct Answer: C
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
Which of the following standards is designed to be used by organizations for cloud services that intend to select controls within the process of implementing an information security management system based on ISO/IEC 27001?
Correct Answer: C
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
The MAIN limitation of relying on traditional cloud compliance assurance approaches such as SOC2 attestations is that:
Correct Answer: D
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
In a multi-level supply chain structure where cloud service provider A relies on other sub cloud services, the provider should ensure that any compliance requirements relevant to the provider are:
Correct Answer: D
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
Which of the following methods can be used by a cloud service provider with a cloud customer that does not want to share security and control information?
Correct Answer: B
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
Which of the following is the MOST important audit scope document when conducting a review of a cloud service provider?
Correct Answer: D
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
To ensure that compliance obligations for data residency in the cloud are aligned with an organization's risk appetite, which of the following activities is MOST important to perform?
Correct Answer: A
Vote an answer
What do cloud service providers offer to encourage clients to extend the cloud platform?
Correct Answer: D
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
Which of the following is an example of a corrective control?
Correct Answer: D
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).