Free Access to ISACA.CCAK.premium with Valid Practice Test

Question 1

Which of the following configuration change controls is acceptable to a cloud auditor?

A. The head of development approves changes requested to production.
B. Programmers cannot make uncontrolled changes to the source code production version.
C. Development, test, and production are hosted in the same network environment.
D. Programmers have permanent access to production software.

Question 2

An auditor is auditing the services provided by a cloud service provider. When evaluating the security of the cloud customer's data in the cloud, which of the following should be of GREATEST concern to the auditor?

A. Personally identifiable information (Pll) is pseudonymized but not fully encrypted.
B. The confidential data stored in the cloud is encrypted using encryption keys that are managed by the provider.
C. According to the cloud customer's data handling policy, all confidential data should be encrypted, but the confidential data stored in the cloud is well segmented but not encrypted.
D. The cloud customer has encrypted the confidential data in the cloud using its own encryption keys.

Question 3

"Network environments and virtual instances shall be designed and configured to restrict and monitor traffic between trusted and untrusted connections. These configurations shall be reviewed at least annually, and supported by a documented justification for use for all allowed services, protocols, ports, and by compensating controls." Which of the following types of controls BEST matches this control description?

A. Virtual instance and OS hardening
B. Network vulnerability management
C. Change detection
D. Network security

Question 4

Which of the following activities is performed outside information security monitoring?

A. Periodic review of risks, vulnerabilities, likelihoods, and threats
B. Collection and review of security events before escalation
C. Management review of the information security framework
D. Monitoring the effectiveness of implemented controls

Question 5

What aspect of Software as a Service (SaaS) functionality and operations would the cloud customer be responsible for and should be audited?

A. Patching
B. Source code reviews
C. Access controls
D. Vulnerability management


Exam Code/Number:	CCAKJoin the discussion
Exam Name:	Certificate of Cloud Auditing Knowledge
Certification:	ISACA
Question Number:	207
Publish Date:	May 30, 2026
Rating 100%

Free ISACA CCAK Exam Dumps Questions & Answers

Question 1

Question 2

Question 3

Question 4

Question 5

Add Comments

CCAK Dumps Other Version

Download PDF File