Free Access to ISACA.CCAK.v2023-10-14.q70 with Valid Practice Test (Page 7)

Question 26

A third-party service provider is hosting a private cloud for an organization. Which of the following findings during an audit of the provider poses the GREATEST risk to the organization?

A.2% of backups had to be rescheduled due to backup media failures.
B.The organization's virtual machines share the same hypervisor with virtual machines of other clients.
C.Two different hypervisor versions are used due to the compatibility restrictions of some virtual machines.
D.5% of detected incidents exceeded the defined service level agreement (SLA) for escalation.

Question 27

A certification target helps in the formation of a continuous certification framework by incorporating:

A.scope description and security attributes to be tested.
B.service level objective and service qualitative objective.
C.CSA STAR level 2 attestation.
D.frequency of evaluating security attributes.

Question 28

Which plan will guide an organization on how to react to a security incident that might occur on the organization's systems, or that might be affecting one of their service providers?

A.Emergency Incident Plans
B.Incident Response Plans
C.Unexpected Event Plans
D.Security Incident Plans

Question 29

Changes to which of the following will MOST likely influence the expansion or reduction of controls required to remediate the risk arising from changes to an organization's SaaS vendor?

A.Contractual requirements
B.Risk appetite
C.Risk exceptions policy
D.Board oversight

Question 30

Which governance domain deals with evaluating how cloudcomputing affects compliance with internal security policies and various legal requirements, such as regulatory and legislative?

A.Information Governance
B.Compliance and Audit Management
C.Infrastructure Security
D.Governance and Enterprise Risk Management
E.Legal Issues: Contracts and Electronic Discovery

Question 26

Question 27

Question 28

Question 29

Question 30

Download PDF File