New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

CCAK Reviews Questions

Page: 6 / 14
Total 182 questions

Certificate of Cloud Auditing Knowledge Questions and Answers

Question 21

Which of the following would be the GREATEST governance challenge to an organization where production is hosted in a public cloud and backups are held on the premises?

Options:

A.

Aligning the cloud service delivery with the organization’s objectives

B.

Aligning shared responsibilities between provider and customer

C.

Aligning the cloud provider’s service level agreement (SLA) with the organization's policy

D.

Aligning the organization's activity with the cloud provider’s policy

Question 22

A cloud service provider contracts for a penetration test to be conducted on its infrastructures. The auditor engages the target with no prior knowledge of its defenses, assets, or channels. The provider's security operation center is not notified in advance of the scope of the audit and the test vectors. Which mode has been selected by the provider?

Options:

A.

Reversal

B.

Double blind

C.

Double gray box

D.

Tandem

Question 23

Which of the following is the GREATEST risk associated with hidden interdependencies between cloud services?

Options:

A.

The IT department does not clearly articulate the cloud to the organization.

B.

There is a lack of visibility over the cloud service providers' supply chain.

C.

Customers do not understand cloud technologies in enough detail.

D.

Cloud services are very complicated.

Question 24

A cloud auditor should use statistical sampling rather than judgment (nonstatistical) sampling when:

Options:

A.

generalized audit software is unavailable.

B.

the auditor wants to avoid sampling risk.

C.

the probability of error must be objectively quantified.

D.

the tolerable error rate cannot be determined.

Page: 6 / 14
Total 182 questions