CCAK Online Practice Questions and Answers

In an organization, how are policy violations MOST likely to occur?

A. By accident

B. Deliberately by the ISP

C. Deliberately

D. Deliberately by the cloud provider

Organizations maintain mappings between the different control frameworks they adopt to:

A. help identify controls with common assessment status.

B. avoid duplication of work when assessing compliance.

C. help identify controls with different assessment status.

D. start a compliance assessment using latest assessment.

Within an organization, which of the following functions should be responsible for defining the cloud adoption approach?

A. Audit committee

B. Compliance manager

C. IT manager

D. Senior management

Which of the following CSP activities requires a client's approval?

A. Delete the guest account or test accounts

B. Delete the master account or subscription owner accounts

C. Delete the guest account or destroy test data

D. Delete the test accounts or destroy test data

An organization has an ISMS implemented, following ISO 27001 and Annex A controls. The CIO would like to migrate some of the infrastructure to the cloud. Which of the following standards would BEST assist in identifying controls to consider for this migration?

A. ISO/IEC 27701

B. ISO/IEC 22301

C. ISO/IEC 27002

D. ISO/IEC 27017

When using a SaaS solution, who is responsible for application security?

A. The cloud service provider only

B. The cloud service consumer only

C. Both cloud consumer and the enterprise

D. Both cloud provider and the consumer

Which of the following is a direct benefit of mapping the Cloud Control Matrix (CCM) to other international standards and regulations?

A. CCM mapping entitles cloud service providers to be listed as an approved supplier for tenders and government contracts.

B. CCM mapping enables cloud service providers and customers alike to streamline their own compliance and security efforts.

C. CCM mapping enables an uninterrupted data flow and, in particular, the export of personal data across different jurisdictions.

D. CCM mapping entitles cloud service providers to be certified under the CSA STAR program.

Which of the following activities are part of the implementation phase of a cloud assurance program during a cloud migration?

A. Development of the monitoring goals and requirements

B. Identification of processes, functions, and systems

C. Identification of the relevant laws, regulations, and standards

D. Identification of roles and responsibilities

With regard to the Cloud Control Matrix (CCM), the ‘Architectural Relevance’ is a feature that enables the filtering of security controls by:

A. relevant architecture frameworks such as the NIST Enterprise Architecture Model, the Federal Enterprise Architecture Framework (FEAF), The Open Group Architecture Framework (TOGAF), and the Zachman Framework for Enterprise Architecture.

B. relevant delivery models such as Software as a Service, Platform as a Service, Infrastructure as a Service.

C. relevant architectural paradigms such as Client-Server, Mainframe, Peer-to-Peer, and SmartClient-Backend.

D. relevant architectural components such as Physical, Network, Compute, Storage, Application, and Data.

When building a cloud governance model, which of the following requirements will focus more on the cloud service provider's evaluation and control checklist?

A. Security requirements

B. Legal requirements

C. Compliance requirements

D. Operational requirements