Free Cloud Security Alliance CCAK Exam Questions

Become Cloud Security Alliance Certified with updated CCAK exam questions and correct answers

Page: 1 / 60

Total 299 Questions | Updated On: Feb 20, 2025

Add To Cart

Question 1

An auditor is reviewing an organization’s virtual machines (VMs) hosted in the cloud. The organization utilizes a configuration management (CM) tool to enforce password policies on its VMs. Which of the following is the BEST approach for the auditor to use to review the operating effectiveness of the password requirement?

A : The auditor should not rely on the CM tool and its settings, and for thoroughness should review the password configuration on the set of sample VMs.

B : Review the relevant configuration settings on the CM tool and check whether the CM tool agents are operating effectively on the sample VMs.

C : As it is an automated environment, reviewing the relevant configuration settings on the CM tool would be sufficient.

D : Review the incident records for any incidents relating to brute force attacks or password compromise in the last 12 months and investigate whether the root cause of the incidents was due to in appropriate password policy configured on the VMs.

Answer: B

Question 2

What legal documents should be provided to the auditors in relation to risk management?

A : Enterprise cloud strategy and policy

B : Contracts and service level agreements (SLAs) of cloud service providers

C : Policies and procedures established around third-party risk assessments

D : Inventory of third-party attestation reports

Answer: B

Question 3

From an auditor perspective, which of the following BEST describes shadow IT?

A : An opportunity to diversify the cloud control approach

B : A weakness in the cloud compliance posture

C : A strength of disaster recovery (DR) planning

D : A risk that jeopardizes business continuity planning

Answer: D

Question 4

An auditor is assessing a European organization's compliance. Which regulation is suitable if health information needs to be protected?

A : GDPR

B : DPIA

C : DPA

D : HIPAA

Answer: A

Question 5

In audit parlance, what is meant by "management representation"?

A : A person or group of persons representing executive management during audits

B : A mechanism to represent organizational structure

C : A project management technique to demonstrate management's involvement in key project stages

D : Statements made by management in response to specific inquiries

Answer: D

Page: 1 / 60

Total 299 Questions | Updated On: Feb 20, 2025

Add To Cart