Leads4pass > Isaca > Isaca Certifications > CCAK > CCAK Online Practice Questions and Answers

CCAK Online Practice Questions and Answers

Questions 4

The MAIN difference between Cloud Control Matrix (CCM) and Consensus Assessment Initiative Questionnaire (CAIQ) is that:

A. CCM assesses the presence of controls, whereas CAIQ assesses overall security of a service.

B. CCM has a set of security questions, whereas CAIQ has a set of security controls.

C. CCM has 14 domains and CAIQ has 16 domains.

D. CCM provides a controls framework, whereas CAIQ provides industry-accepted ways to document which security controls exist in IaaS, PaaS, and SaaS offerings.

Buy Now
Questions 5

When developing a cloud compliance program, what is the PRIMARY reason for a cloud customer to review which cloud services will be deployed?

A. To determine how those services will fit within its policies and procedures

B. To determine the total cost of the cloud services to be deployed

C. To confirm which vendor will be selected based on the compliance with security requirements

D. To confirm if the compensating controls implemented are sufficient for the cloud

Buy Now
Questions 6

During an audit it was identified that a critical application hosted in an off-premises cloud is not part of the organization's DRP (Disaster Recovery Plan). Management stated that it is responsible for ensuring that the cloud service provider (CSP) has a plan that is tested annually. What should be the auditor's NEXT course of action?

A. Review the CSP audit reports.

B. Review the security white paper of the CSP.

C. Review the contract and DR capability.

D. Plan an audit of the CSP.

Buy Now
Questions 7

How should controls be designed by an organization?

A. By the internal audit team

B. Using the ISO27001 framework

C. By the cloud provider D. Using the organization's risk management framework

Buy Now
Questions 8

What data center and physical security measures should a cloud customer consider when assessing a cloud service provider?

A. Assess use of monitoring systems to control ingress and egress points of entry to the data center.

B. Implement physical security perimeters to safeguard personnel, data and information systems.

C. Conduct a due diligence to verify the cloud provider applies adequate physical security measures.

D. Review internal policies and procedures for relocation of hardware and software to an offsite location.

Buy Now
Questions 9

When establishing cloud governance, an organization should FIRST test by migrating:

A. all applications at once to the cloud.

B. complex applications to the cloud.

C. legacy applications to the cloud.

D. a few applications to the cloud.

Buy Now
Questions 10

Which of the following standards is designed to be used by organizations for cloud services that intend to select controls within the process of implementing an Information Security Management System based on ISO/IEC 27001?

A. ISO/IEC 27017:2015

B. CSA Cloud Control Matrix (CCM)

C. NIST SP 800-146

D. ISO/IEC 27002

Buy Now
Questions 11

A. schedule frequent reviews with high-risk cloud service providers.

B. develop plans using a standardized risk-based approach.

C. maintain a comprehensive cloud service inventory.

D. collate views from various business functions using cloud services.

Buy Now
Questions 12

What type of termination occurs at the initiative of one party, and without the fault of the other party?

A. Termination for cause

B. Termination for convenience

C. Termination at the end of the term

D. Termination without the fault

Buy Now
Questions 13

Account design in the cloud should be driven by:

A. security requirements.

B. organizational structure.

C. business continuity policies.

D. management structure.

Buy Now
Exam Code: CCAK
Exam Name: Certificate of Cloud Auditing Knowledge
Last Update: Jul 09, 2026
Questions: 126
10%OFF Coupon Code: SAVE10

PDF (Q&A)

$49.99

VCE

$55.99

PDF + VCE

$65.99