Free Cloud Security Alliance CCAK Exam Questions

Become Cloud Security Alliance Certified with updated CCAK exam questions and correct answers

Page: 1 / 60

Total 299 Questions | Updated On: Feb 03, 2022

Add To Cart

Question 1

Which of the following is an example of reputational business impact?

A : While the breach was reported in a timely manner to the CEO, the CFO and CISO blamed each other in public, resulting in a loss of public confidence that led the board to replace all three.

B : The cloud provider fails to report a breach of customer personal data from an unsecured server, resulting in GDPR fines of 10 million euros.

C : A distributed denial of service (DDoS) attack renders the customer’s cloud inaccessible for 24 hours, resulting in millions in lost sales.

D : A hacker using a stolen administrator identity brings down the Software as a Service (SaaS) sales and marketing systems, resulting in the inability to process customer orders or manage customer relationships.

Answer: A

Question 2

In audit parlance, what is meant by "management representation"?

A : A person or group of persons representing executive management during audits

B : A mechanism to represent organizational structure

C : A project management technique to demonstrate management's involvement in key project stages

D : Statements made by management in response to specific inquiries

Answer: D

Question 3

An auditor is assessing a European organization's compliance. Which regulation is suitable if health information needs to be protected?

A : GDPR

B : DPIA

C : DPA

D : HIPAA

Answer: A

Question 4

When an organization is moving to the cloud, responsibilities are shared based upon the cloud service provider's model and accountability is:

A : shared

B : avoided.

C : transferred.

D : maintained.

Answer: D

Question 5

An auditor is reviewing an organization’s virtual machines (VMs) hosted in the cloud. The organization utilizes a configuration management (CM) tool to enforce password policies on its VMs. Which of the following is the BEST approach for the auditor to use to review the operating effectiveness of the password requirement?

A : The auditor should not rely on the CM tool and its settings, and for thoroughness should review the password configuration on the set of sample VMs.

B : Review the relevant configuration settings on the CM tool and check whether the CM tool agents are operating effectively on the sample VMs.

C : As it is an automated environment, reviewing the relevant configuration settings on the CM tool would be sufficient.

D : Review the incident records for any incidents relating to brute force attacks or password compromise in the last 12 months and investigate whether the root cause of the incidents was due to in appropriate password policy configured on the VMs.

Answer: B

Page: 1 / 60

Total 299 Questions | Updated On: Feb 03, 2022

Add To Cart