New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Changed CCAK Exam Questions

Page: 10 / 14
Total 182 questions

Certificate of Cloud Auditing Knowledge Questions and Answers

Question 37

Which of the following BEST ensures adequate restriction on the number of people who can access the pipeline production environment?

Options:

A.

Separation of production and development pipelines

B.

Ensuring segregation of duties in the production and development pipelines

C.

Role-based access controls in the production and development pipelines

D.

Periodic review of the continuous integration and continuous delivery (CI/CD) pipeline audit logs to identify any access violations

Question 38

An auditor examining a cloud service provider's service level agreement (SLA) should be MOST concerned about whether:

Options:

A.

the agreement includes any operational matters that are material to the service operations.

B.

the agreement excludes any sourcing and financial matters that are material in meeting the

service level agreement (SLA).

C.

the agreement includes any service availability matters that are material to the service operations.

D.

the agreement excludes any operational matters that are material to the service operations

Question 39

Which of the following is an example of financial business impact?

Options:

A.

A distributed denial of service (DDoS) attack renders the customer's cloud inaccessible for

24 hours, resulting in millions in lost sales.

B.

A hacker using a stolen administrator identity brings down the Software of a Service (SaaS)

sales and marketing systems, resulting in the inability to process customer orders or

manage customer relationships.

C.

While the breach was reported in a timely manner to the CEO, the CFO and CISO blamed

each other in public consulting in a loss of public confidence that led the board to replace all

three.

Question 40

During an audit, it was identified that a critical application hosted in an off-premises cloud is not part of the organization's disaster recovery plan (DRP). Management stated that it is responsible for ensuring the cloud service provider has a plan that is tested annually. What should be the auditor's NEXT course of action?

Options:

A.

Review the security white paper of the provider.

B.

Review the provider’s audit reports.

C.

Review the contract and DR capability.

D.

Plan an audit of the provider

Page: 10 / 14
Total 182 questions