Free Access to ISACA.CCAK.v2024-07-01.q143 with Valid Practice Test (Page 11)

Question 46

What legal documents should be provided to the auditors in relation to risk management?

A.Enterprise cloud strategy and policy
B.Contracts and service level agreements (SLAs) of cloud service providers
C.Policies and procedures established around third-party risk assessments
D.Inventory of third-party attestation reports

Question 47

All cloud services utilize virtualization technologies.

A.False
B.True

Question 48

An organization currently following the ISO/IEC 27002 control framework has been charged by a new CIO to switch to the NIST 800-53 control framework. Which of the following is the FIRST step to this change?

A.Discard all work done and start implementing NIST 800-53 from scratch.
B.Recommend no change, since the scope of ISO/IEC 27002 is broader.
C.Recommend no change, since NIST 800-53 is a US-scoped control framework.
D.Map ISO/IEC 27002 and NIST 800-53 and detect gaps and commonalities.

Question 49

To BEST prevent a data breach from happening, cryptographic keys should be:

A.distributed in public-facing repositories.
B.embedded in source code.
C.rotated regularly.
D.transmitted in clear text.

Question 50

An auditor is performing an audit on behalf of a cloud customer. For assessing security awareness, the auditor should:

A.not assess the security awareness training program as it is each organization's responsibility
B.assess the existence and adequacy of a security awareness training program at both the cloud customer's organization and the cloud service provider's organization.
C.assess the existence and adequacy of a security awareness training program at the cloud service provider's organization as the cloud customer hired the auditor to review and cloud service.
D.assess the existence and adequacy of a security awareness training program at the cloud customer's organization as they hired the auditor.

Question 46

Question 47

Question 48

Question 49

Question 50

Download PDF File