C Certs Club
Home
Oracle SAP Microsoft Cisco CompTIA Fortinet Salesforce Nutanix Linux Foundation Amazon View All Vendors →
Login Register

ISACA CCAK - Isaca Certificate of Cloud Auditing Knowledge Certification Exam

Download Exam View Entire Exam
Page: 2 / 2
Question #6 (Topic: Demo Questions)
Which of the following is MOST important for an auditor to understand regarding cloud security controls?
A.
Controls adapt to changes in the threat landscape.
B.
Controls are the responsibility of the cloud service provider.
C.
Controls are the responsibility of the internal audit team.
D.
Controls are static and do not change.
Correct Answer: A
Explanation not available for this question.
Question #7 (Topic: Demo Questions)

Which of the following approaches encompasses social engineering of staff, bypassing of physical access controls, and penetration testing?

A.
Red team
B.
Blue team
C.
White box
D.
Gray box
Correct Answer: A
Explanation:
The approach that encompasses social engineering of staff, bypassing of physical access controls, and penetration testing is typically associated with a  Red team . A Red team is designed to simulate real-world attacks to test the effectiveness of security measures. They often use tactics like social engineering and penetration testing to identify vulnerabilities. In contrast, a Blue team is responsible for defending against attacks, a White box approach involves testing with internal knowledge of the system, and a Gray box is a combination of both White box and Black box testing methods.
References  = The information aligns with the principles of cloud auditing and security assessments as outlined in the resources provided by ISACA and the Cloud Security Alliance, which emphasize the importance of understanding various security testing methodologies to effectively audit cloud systems 1 2 3 .
Question #8 (Topic: Demo Questions)

Which of the following is the GREATEST risk associated with hidden interdependencies between cloud services?

A.
The IT department does not clearly articulate the cloud to the organization.
B.
There is a lack of visibility over the cloud service providers ' supply chain.
C.
Customers do not understand cloud technologies in enough detail.
D.
Cloud services are very complicated.
Correct Answer: B
Explanation:
 The greatest risk associated with hidden interdependencies between cloud services is the lack of visibility over the cloud service providers’ supply chain. Hidden interdependencies are the complex and often unknown relationships and dependencies between different cloud services, providers, sub- providers, and customers. These interdependencies can create challenges and risks for the security, availability, performance, and compliance of the cloud services and data.  For example, a failure or breach in one cloud service can affect other cloud services that depend on it, or a change in one cloud provider’s policy or contract can impact other cloud providers or customers that rely on it. 1 2
The lack of visibility over the cloud service providers’ supply chain means that the customers do not have enough information or control over how their cloud services and data are delivered, managed, and protected by the providers and their sub-providers. This can expose the customers to various threats and vulnerabilities, such as data breaches, data loss, service outages, compliance violations, legal disputes, or contractual conflicts. The customers may also face difficulties in monitoring, auditing, or verifying the security and compliance status of their cloud services and data across the supply chain.  Therefore, it is important for the customers to understand the hidden interdependencies between cloud services and to establish clear and transparent agreements with their cloud providers and sub-providers regarding their roles, responsibilities, expectations, and obligations. 3
References  := How to identify and map service dependencies - Gremlin 1 ; Mitigate Risk for Data Center Network Migration - Cisco 2 ; Practical Guide to Cloud Service Agreements Version 2.0 3 ; HIDDEN INTERDEPENDENCIES BETWEEN INFORMATION AND ORGANIZATIONAL …
Download Exam
« Prev Page: 2 / 2
Next Page