Free Cloud Security Alliance CCAK Exam Questions

Question 1

With regard to the Cloud Controls Matrix (CCM), the Architectural Relevance is a feature that enables the filtering of security controls by:

A : relevant architecture frameworks such as the NIST Enterprise Architecture Model, the Federal Enterprise Architecture Framework (FEAF), The Open Group Architecture Framework (TOGAF). and the Zachman Framework for Enterprise Architecture.

B : relevant architectural paradigms such as Client-Server, Mainframe, Peer-to-Peer, and SmartClientBackend

C : relevant architectural components such as Physical, Network, Compute, Storage, Application, and Data.

D : relevant delivery models such as Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (laaS).

Answer: D

Question 2

With regard to the Cloud Controls Matrix (CCM), the Architectural Relevance is a feature that enables the filtering of security controls by:

A : relevant architecture frameworks such as the NIST Enterprise Architecture Model, the Federal Enterprise Architecture Framework (FEAF), The Open Group Architecture Framework (TOGAF). and the Zachman Framework for Enterprise Architecture.

B : relevant architectural paradigms such as Client-Server, Mainframe, Peer-to-Peer, and SmartClientBackend

C : relevant architectural components such as Physical, Network, Compute, Storage, Application, and Data.

D : relevant delivery models such as Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (laaS).

Answer: D

Question 3

When an organization is moving to the cloud, responsibilities are shared based upon the cloud service provider's model and accountability is:

A : shared

B : avoided.

C : transferred.

D : maintained.

Answer: D

Question 4

From an auditor perspective, which of the following BEST describes shadow IT?

A : An opportunity to diversify the cloud control approach

B : A weakness in the cloud compliance posture

C : A strength of disaster recovery (DR) planning

D : A risk that jeopardizes business continuity planning

Answer: D

Question 5

Which of the following is an example of reputational business impact?

A : While the breach was reported in a timely manner to the CEO, the CFO and CISO blamed each other in public, resulting in a loss of public confidence that led the board to replace all three.

B : The cloud provider fails to report a breach of customer personal data from an unsecured server, resulting in GDPR fines of 10 million euros.

C : A distributed denial of service (DDoS) attack renders the customer’s cloud inaccessible for 24 hours, resulting in millions in lost sales.

D : A hacker using a stolen administrator identity brings down the Software as a Service (SaaS) sales and marketing systems, resulting in the inability to process customer orders or manage customer relationships.

Answer: A