Pass CCAK Brain Dump Updated Certification Sample Questions
Online CCAK Test Brain Dump Question and Test Engine
NEW QUESTION 24
ENISA: A reason for risk concerns of a cloud provider being acquired is:
- A. Mass layoffs may occur
- B. Provider may change physical location
- C. Resource isolation may fail
- D. Non-binding agreements put at risk
- E. Arbitrary contract termination by acquiring company
Answer: D
NEW QUESTION 25
An organization recently implemented a cloud document storage solution and removed the ability for end users to save data to their local workstation hard drives Which of the following findings should be the IS auditor's GREATEST concern?
- A. The business continuity plan (BCP) was not updated.
- B. Mobile devices are not encrypted.
- C. Users are not required to sign updated acceptable
- D. Users have not been trained on the new system.
Answer: A
NEW QUESTION 26
Which governance domain deals with evaluating how cloudcomputing affects compliance with internal security policies and various legal requirements, such as regulatory and legislative?
- A. Governance and Enterprise Risk Management
- B. Information Governance
- C. Legal Issues: Contracts and Electronic Discovery
- D. Compliance and Audit Management
- E. Infrastructure Security
Answer: D
NEW QUESTION 27
Which layer is the most important for securing because it is considered to be the foundation for secure cloud operations?
- A. Metastructure
- B. Infostructure
- C. Infrastructure
- D. Datastructure
- E. Applistructure
Answer: C
NEW QUESTION 28
Which of the following is the GREATEST concern associated with migrating computing resources to a cloud virtualized environment?
- A. An increase in the number of e-discovery requests
- B. An increase in inherent vulnerability
- C. An increase in the potential for data leakage
- D. An increase in residual risk
Answer: C
NEW QUESTION 29
Which of the following should be the PRIMARY concern of an IS auditor during a review of an external IT service level agreement (SLA) for computer operations?
- A. Vendor has exclusive control of IT resources
- B. Changes in services are not tracked
- C. No employee succession plan
- D. Lack of software escrow provisions
Answer: B
NEW QUESTION 30
All cloud services utilize virtualization technologies.
- A. False
- B. True
Answer: B
NEW QUESTION 31
Cloud applications can use virtual networks and other structures, for hyper-segregated environments.
- A. False
- B. True
Answer: B
NEW QUESTION 32
CCM: In the CCM tool, "Encryption and Key Management" is an example of which of the following?
- A. Domain
- B. Risk Impact
- C. Control Specification
Answer: A
NEW QUESTION 33
Which of the following would be MOST important to update once a decision has been made to outsource a critical application to a cloud service provider?
- A. IT budget
- B. Business impact analysis (BIA)
- C. Project portfolio
- D. IT resource plan
Answer: B
NEW QUESTION 34
Which data security control is the LEAST likely to be assigned to an IaaSprovider?
- A. Access controls
- B. Encryption solutions
- C. Application logic
- D. Asset management and tracking
- E. Physical destruction
Answer: C
NEW QUESTION 35
Your SLA with your cloudprovider ensures continuity for all services.
- A. False
- B. True
Answer: A
NEW QUESTION 36
Which of the following is NOT normally a method for detecting and preventing data migration into the cloud?
- A. URL filters
- B. Database Activity Monitoring
- C. Cloud Access and Security Brokers (CASB)
- D. Data Loss Prevention
- E. Intrusion Prevention System
Answer: E
NEW QUESTION 37
Which of the following is a perceived advantage or disadvantage of managing enterprise risk for cloud deployments?
- A. Increased need, but reduction in costs, for managing risks accepted by the cloud provider.
- B. Greater reliance on contracts, audits, and assessments due to lack of visibility or management.
- C. None of the above.
- D. Decreased requirement for proactive management of relationship and adherence to contracts.
- E. More physical control over assets and processes.
Answer: B
NEW QUESTION 38
What is the newer application development methodology and philosophy focused on automation of application development and deployment?
- A. SecDevOps
- B. DevOps
- C. Agile
- D. Scrum
- E. BusOps
Answer: B
NEW QUESTION 39
How does virtualized storage help avoid data loss if a drive fails?
- A. Full back ups weekly
- B. Incremental backups daily
- C. Drives are backed up, swapped, and archived constantly
- D. Multiple copies indifferent locations
- E. Data loss is unavoidable with drive failures
Answer: D
NEW QUESTION 40
CCM: In the CCM tool, ais a measure that modifies risk and includes any process, policy, device, practice or any other actions which modify risk.
- A. Risk Impact
- B. Control Specification
- C. Domain
Answer: B
NEW QUESTION 41
What is resource pooling?
- A. Internet-based CPUs are pooled to enable multi-threading.
- B. Placing Internet ("cloud") data centers near multiple sources of energy, such as hydroelectric dams.
- C. None of the above.
- D. The dedicated computing resources of each client are pooled together in a colocation facility.
- E. The provider's computing resources are pooled to serve multiple consumers.
Answer: E
NEW QUESTION 42
Big data includes high volume, high variety, and high velocity.
- A. False
- B. True
Answer: B
NEW QUESTION 43
Which cloud-based service model enables companies to provide client-based access for partners to databases or applications?
- A. Desktop-as-a-service (DaaS)
- B. Identity-as-a-service (IDaaS)
- C. Platform-as-a-service (PaaS)
- D. Software-as-a-service (SaaS)
- E. Infrastructure-as-a-service (IaaS)
Answer: C
NEW QUESTION 44
An internal audit department recently established a quality assurance (QA) program as part of its overall audit program. Which of the following activities is MOST important to include as part of the QA program requirements?
- A. Analyzing user satisfaction reports from business lines
- B. Conducting long-term planning for internal audit staffing
- C. Benchmarking the QA framework to international standards
- D. Reporting OA program results to the audit committee
Answer: A
NEW QUESTION 45
What is true of companies considering a cloud computing business relationship?
- A. The confidentiality agreements between companies using cloud computing services is limited legally to the company, not the provider.
- B. The cloud computing companies are absolved of all data security and associated risks through contracts and data laws.
- C. The companies using the cloud providers are the custodians ofthe data entrusted to them.
- D. The laws protecting customer data arebased on the cloud provider and customer location only.
- E. The cloud computing companies own all customer data.
Answer: C
NEW QUESTION 46
Which of the following should be of GREATEST concern to an IS auditor reviewing actions taken during a forensic investigation?
- A. An image copy of the attacked system was not taken.
- B. The investigation report does not indicate a conclusion.
- C. The proper authorities were not notified.
- D. The handling procedures of the attacked system are not documented.
Answer: C
NEW QUESTION 47
Use elastic servers when possible and move workloads to new instances.
- A. False
- B. True
Answer: B
NEW QUESTION 48
Which of the following is NOT a cloud computing characteristic that impacts incidence response?
- A. Privacy concerns for co-tenants regarding the collection and analysis of telemetry and artifacts associated with an incident.
- B. The on demand self-service nature of cloud computing environments.
- C. The resource pooling practiced by cloud services, in addition to the rapid elasticity offered by cloud infrastructures.
- D. Object-based storage in a private cloud.
- E. The possibility of data crossing geographic or jurisdictional boundaries.
Answer: A
NEW QUESTION 49
......
Real ISACA CCAK Exam Dumps with Correct 78 Questions and Answers: https://www.actual4dump.com/ISACA/CCAK-actualtests-dumps.html
ISACA CCAK Certification Real 2022 Mock Exam: https://drive.google.com/open?id=1vuqB-16vb5cw6llYZbymElwicTxoBsfy