IT認証試験問題集
毎月、GOWUKAKUは1500人以上の受験者が試験準備を助けて、試験に合格するために受験者にご協力します
 ホームページ / CCAK 問題集  / CCAK 問題練習

ISACA CCAK 問題練習

Certificate of Cloud Auditing Knowledge 試験

最新更新時間: 2024/03/19,合計76問。

【2024年3月キャンペーン】:CCAK 最新真題を買う時、日本語版と英語版両方を同時に獲得できます。

実際の問題集を練習し、試験のポイントを了解し、テストに申し込むするかどうかを決めることができます。

さらに試験準備時間の35%を節約するには、CCAK 問題集を使用してください。

 / 3

Question No : 1
The MOST critical concept of managing the build and test of code in DevOps is:

正解:
Explanation:
Reference: https://smartbear.com/blog/devops-testing-strategy-best-practices-tools/

Question No : 2
After finding a vulnerability in an internet-facing server of an organization, a cybersecurity criminal is able to access an encrypted file system and successfully manages to overwrite part of some files with random data.
In reference to the Top Threats Analysis methodology, how would you categorize the technical impact of this incident?

正解:

Question No : 3
To ensure that cloud audit resources deliver the best value to the organization, the PRIMARY step would be to:

正解:
Explanation:
It delivers value to the organization are the resources and efforts being dedicated to, and focused on, the higher-risk areas.

Question No : 4
An independent contractor is assessing security maturity of a SaaS company against industry standards. The SaaS company has developed and hosted all their products using the cloud services provided by a third-party cloud service provider (CSP) .
What is the optimal and most efficient mechanism to assess the controls CSP is responsible for?

正解:
Explanation:
Reference: https://www.sapidata.sm/img/cms/CAIQ_v3-1_2020-01-13.pdf

Question No : 5
In the context of Infrastructure as a Service (IaaS), a vulnerability assessment will scan virtual machines to identify vulnerabilities in:

正解:

Question No : 6
A large organization with subsidiaries in multiple locations has a business requirement to organize IT systems to have identified resources reside in particular locations with organizational personnel .
Which access control method will allow IT personnel to be segregated across the various locations?

正解:

Question No : 7
Which of the following is a corrective control that may be identified in a SaaS service provider?

正解:

Question No : 8
In all three cloud deployment models, (IaaS, PaaS, and SaaS), who is responsible for the patching of the hypervisor layer?

正解:

Question No : 9
What areas should be reviewed when auditing a public cloud?

正解:

Question No : 10
One of the Cloud Control Matrix’s (CCM’s) control specifications states that “Independent reviews and assessments shall be performed at least annually to ensure that the organization addresses nonconformities of established policies, standards, procedures, and compliance obligations.”
Which of the following controls under the Audit Assurance and Compliance domain does this match to?

正解:

Question No : 11
Which of the following approaches encompasses social engineering of staff, bypassing of physical access controls and penetration testing?

正解:
Explanation:
Reference: https://www.isaca.org/resources/isaca-journal/issues/2016/volume-5/planning-for-information-security-testinga-practical-approach

Question No : 12
Which of the following should be the FIRST step to establish a cloud assurance program during a cloud migration?

正解:

Question No : 13
You have been assigned the implementation of an ISMS, whose scope must cover both on premise and cloud infrastructure .
Which of the following is your BEST option?

正解:

Question No : 14
Which plan will guide an organization on how to react to a security incident that might occur on the organization’s systems, or that might be affecting one of their service providers?

正解:

Question No : 15
Which of the following contract terms is necessary to meet a company’s requirement that needs to move data from one CSP to another?

正解:
Explanation:
Reference: https://www.isaca.org/resources/isaca-journal/past-issues/2014/data-owners-responsibilities-when-migrating-to-the-cloud

 / 3