ISACA CCAK - Isaca Certificate of Cloud Auditing Knowledge Certification Exam
Question #6 (Topic: Demo Questions)
Which of the following is MOST important for an auditor to understand regarding cloud security controls?
Correct Answer: A
Explanation not available for this question.
Question #7 (Topic: Demo Questions)
Which of the following approaches encompasses social engineering of staff, bypassing of physical access controls, and penetration testing?
Correct Answer: A
Explanation:
The approach that encompasses social engineering of staff, bypassing of physical access controls, and penetration testing is typically associated with a Red team . A Red team is designed to simulate real-world attacks to test the effectiveness of security measures. They often use tactics like social engineering and penetration testing to identify vulnerabilities. In contrast, a Blue team is responsible for defending against attacks, a White box approach involves testing with internal knowledge of the system, and a Gray box is a combination of both White box and Black box testing methods.
References = The information aligns with the principles of cloud auditing and security assessments as outlined in the resources provided by ISACA and the Cloud Security Alliance, which emphasize the importance of understanding various security testing methodologies to effectively audit cloud systems 1 2 3 .
Question #8 (Topic: Demo Questions)
Which of the following is the GREATEST risk associated with hidden interdependencies between cloud services?
Correct Answer: B
Explanation: