Free Access to ISACA.CCAK.v2024-07-01.q143 with Valid Practice Test (Page 27)

Question 126

Which of the following is the MOST important audit scope document when conducting a review of a cloud service provider?

A.Documentation criteria for the audit evidence
B.Testing procedure to be performed
C.Processes and systems to be audited
D.Updated audit work program

Question 127

Which of the following is the reason for designing the Consensus Assessments Initiative Questionnaire (CAIQ)?

A.Cloud service providers need the CAIQ to improve quality of customer service.
B.Cloud service providers can document their security and compliance controls.
C.Cloud service providers can document roles and responsibilities for cloud security.
D.Cloud users can use CAIQ to sign statement of work (SOW) with cloud access security

Question 128

Cloud services exhibit fiveessential characteristics that demonstrate their relation to, and differences from, traditional computing approaches. Which one of the five characteristics is described as: a consumer can unilaterally provision computing capabilities such as server time and network storage as needed.

A.Rapid elasticity
B.On-demand self-service
C.Measured service
D.Broad network access
E.Resource pooling

Question 129

Which of the following cloud service provider activities MUST obtain a client's approval?

A.Destroying test data
B.Deleting subscription owner accounts
C.Deleting test accounts
D.Deleting guest accounts

Question 130

During an audit, it was identified that a critical application hosted in an off-premises cloud is not part of the organization's disaster recovery plan (DRP). Management stated that it is responsible for ensuring the cloud service provider has a plan that is tested annually. What should be the auditor's NEXT course of action?

A.Review the contract and DR capability.
B.Plan an audit of the provider.
C.Review the security white paper of the provider.
D.Review the provider's audit reports.

Correct Answer: A

The auditor's next course of action should be to review the contract and DR capability of the cloud service provider. The contract should specify the roles and responsibilities of both parties regarding disaster recovery, as well as the service level agreements (SLAs) and recovery time objectives (RTOs) for the critical application. The DR capability should demonstrate that the cloud service provider has a plan that is aligned with the organization's requirements and expectations, and that it is tested annually and validated by independent auditors. The auditor should also verify that the organization has a process to monitor and review the cloud service provider's performance and compliance with the contract and SLAs.
Planning an audit of the provider (B) may not be feasible or necessary, as the auditor may not have access to the provider's environment or data, and may not have the authority or expertise to conduct such an audit. The auditor should rely on the provider's audit reports and certifications to assess their compliance with relevant standards and regulations.
Reviewing the security white paper of the provider may not be sufficient or relevant, as the security white paper may not cover the specific aspects of disaster recovery for the critical application, or may not reflect the current state of the provider's security controls and practices. The security white paper may also be biased or outdated, as it is produced by the provider themselves.
Reviewing the provider's audit reports (D) may be helpful, but not enough, as the audit reports may not address the specific requirements and expectations of the organization for disaster recovery, or may not cover the latest changes or incidents that may affect the provider's DR capability. The audit reports may also have limitations or qualifications that may affect their reliability or validity. References :=
* Audit a Disaster Recovery Plan | AlertFind
* ISACA Introduces New Audit Programs for Business Continuity/Disaster ...
* How to Maintain and Test a Business Continuity and Disaster Recovery Plan

Question 126

Question 127

Question 128

Question 129

Question 130

Download PDF File