Free ISACA CCAK Exam Dumps Questions & Answers

A cloud service provider utilizes services of other service providers for its cloud service. Which of the following is the BEST approach for the auditor while performing the audit for the cloud service?

• A.  The auditor should review the relationship between the cloud service provider and its service provider to help direct and estimate the level of effort and analysis the auditor should apply.
• B.  As the relationship between the cloud service provider and its service providers is governed by separate contracts between them, there is no need for the auditor to review the services
• C.  As the contract for the cloud service is between the cloud customer and the cloud service provider, there is no need for the auditor to review the services provided by the service providers.
• D.  The auditor should review the service providers' security controls even more strictly, as they are further separated from the cloud customer.

Which of the following BEST ensures adequate restriction on the number of people who can access the pipeline production environment?

• A.  Role-based access controls in the production and development pipelines
• B.  Periodic review of the continuous integration and continuous delivery (CI/CD) pipeline audit logs to identify any access violations
• C.  Separation of production and development pipelines
• D.  Ensuring segregation of duties in the production and development pipelines

Which of the following is MOST important for an auditor to understand regarding cloud security controls?

• A.  Controls are the responsibility of the internal audit team.
• B.  Controls are static and do not change.
• C.  Controls adapt to changes in the threat landscape.
• D.  Controls are the responsibility of the cloud service provider.

A cloud auditor observed that just before a new software went live, the librarian transferred production data to the test environment to confirm the new software can work in the production environment. What additional control should the cloud auditor check?

• A.  Explicit documented approval from all customers whose data is affected
• B.  Verification that the hardware of the test and production environments are compatible
• C.  Training for the librarian
• D.  Approval of the change by the change advisory board

Organizations maintain mappings between the different control frameworks they adopt to:

• A.  start a compliance assessment using the latest assessment.
• B.  help identify controls with common assessment status.
• C.  help identify controls with different assessment status.
• D.  avoid duplication of work when assessing compliance,