Online Access Free ISACA.CCAK.v2022-04-09.q55 Practice Test (Page 5)

CCAK Exam Question 16

Your company is purchasing an application from a vendor. They do not allow you to perform an on-site audit on their information system. However, they say, they will provide the third-party audit attestation on the adequate control design within their environment. Which report is the vendor providing you?

A.SOC 3

B.SOC 1

C.SOC 2, TYPE 2

D.SOC 2, TYPE 1

CCAK Exam Question 17

How should controls be designed by an organization?

A.Using the ISO27001 framework

B.By the cloud provider

C.By the internal audit team

D.Using the organization's risk management framework

CCAK Exam Question 18

CCM: In the CCM tool, "Encryption and Key Management" is an example of which of the following?

A.Risk Impact

B.Control Specification

C.Domain

CCAK Exam Question 19

Network environments and virtual instances shall be designed and configured to restrict and monitor traffic between trusted and untrusted connections. These configurations shall be reviewed at least annually, and supported by a documented justification for use for all allowed services, protocols, ports, and by compensating controls. Which of the following controls BEST matches this control description?

A.Network Vulnerability Management

B.Virtual Instance and OS Hardening

C.Change Detection

D.Network Security

CCAK Exam Question 20

When performing audits in relation to Business Continuity Management and Operational Resilience strategy, what would be the MOST critical aspect to audit in relation to the strategy of the cloud customer that should be formulated jointly with the cloud service provider?

A.Validate if the strategy covers unavailability of all components required to operate the business-as-usual or in disrupted mode, in parts or total- when impacted by a disruption.

B.Validate if the strategy covers all aspects of Business Continuity and Resilience planning, taking inputs from the assessed impact and risks, to consider activities for before, during, and after a disruption.

C.Validate if the strategy covers all activities required to continue and recover prioritized activities within identified time frames and agreed capacity, aligned to the risk appetite of the organization including the invocation of continuity plans and crisis management capabilities.

D.Validate if the strategy is developed by both cloud service providers and cloud service consumers within the acceptable limits of their risk appetite.

Other Version: 565ISACA.CCAK.v2025-08-01.q91; 336ISACA.CCAK.v2024-10-10.q64; 343ISACA.CCAK.v2024-05-13.q102; 110ISACA.Braindumpspass.CCAK.v2022-01-26.by.thomas.55q.pdf

Latest Upload: 219ISACA.CGEIT.v2025-09-19.q537; 152Fortinet.FCP_FWF_AD-7.4.v2025-09-18.q62; 153Scrum.SAFe-Practitioner.v2025-09-18.q63; 141Workday.Workday-Prism-Analytics.v2025-09-17.q17; 131Oracle.1Z0-1055-24.v2025-09-17.q28; 128Oracle.1Z1-182.v2025-09-17.q32; 235Nutanix.NCP-US-6.5.v2025-09-16.q73; 256Oracle.1z0-071.v2025-09-16.q232; 195Oracle.1Z1-922.v2025-09-16.q125; 314CyberArk.PAM-CDE-RECERT.v2025-09-15.q100

CCAK Exam Question 16

CCAK Exam Question 17

CCAK Exam Question 18

CCAK Exam Question 19

CCAK Exam Question 20

Download PDF File