Free Cloud Security Alliance CCAK Exam Questions

Become Cloud Security Alliance Certified with updated CCAK exam questions and correct answers

Page: 1 / 60

Total 299 Questions | Updated On: Jun 03, 2025

Add To Cart

Question 1

When mapping controls to architectural implementations, requirements define:

A : control objectives.

B : control activities.

C : guidelines.

D : policies.

Answer: B

Question 2

With regard to the Cloud Controls Matrix (CCM), the Architectural Relevance is a feature that enables the filtering of security controls by:

A : relevant architecture frameworks such as the NIST Enterprise Architecture Model, the Federal Enterprise Architecture Framework (FEAF), The Open Group Architecture Framework (TOGAF). and the Zachman Framework for Enterprise Architecture.

B : relevant architectural paradigms such as Client-Server, Mainframe, Peer-to-Peer, and SmartClientBackend

C : relevant architectural components such as Physical, Network, Compute, Storage, Application, and Data.

D : relevant delivery models such as Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (laaS).

Answer: D

Question 3

From an auditor perspective, which of the following BEST describes shadow IT?

A : An opportunity to diversify the cloud control approach

B : A weakness in the cloud compliance posture

C : A strength of disaster recovery (DR) planning

D : A risk that jeopardizes business continuity planning

Answer: D

Question 4

An auditor is reviewing an organization’s virtual machines (VMs) hosted in the cloud. The organization utilizes a configuration management (CM) tool to enforce password policies on its VMs. Which of the following is the BEST approach for the auditor to use to review the operating effectiveness of the password requirement?

A : The auditor should not rely on the CM tool and its settings, and for thoroughness should review the password configuration on the set of sample VMs.

B : Review the relevant configuration settings on the CM tool and check whether the CM tool agents are operating effectively on the sample VMs.

C : As it is an automated environment, reviewing the relevant configuration settings on the CM tool would be sufficient.

D : Review the incident records for any incidents relating to brute force attacks or password compromise in the last 12 months and investigate whether the root cause of the incidents was due to in appropriate password policy configured on the VMs.

Answer: B

Question 5

When mapping controls to architectural implementations, requirements define:

A : control objectives.

B : control activities.

C : guidelines.

D : policies.

Answer: B

Page: 1 / 60

Total 299 Questions | Updated On: Jun 03, 2025

Add To Cart