Online Access Free ISACA.CCAK.v2022-04-09.q55 Practice Test (Page 9)

CCAK Exam Question 36

CCM: A hypothetical company called: "Health4Sure" is located in the United States and provides cloud based services fortracking patient health. The company is compliant with HIPAA/HITECH Act among other industry standards. Health4Sure decides to assess the overall security of their cloud service against the CCM toolkit so that they will be able to present this document topotential clients.
Which of the following approach would be most suitable to assess the overall security posture of Health4Sure's cloud service?

A.The CCM domain controls are mapped to HIPAA/HITECH Act and therefore Health4Sure could verify the CCM controls already covered as a result of their compliance with HIPPA/HITECH Act. They could then assess the remaining controls thoroughly. This approach saves time while being able to assess the company's overall security posture in an efficient manner.

B.The CCM domains are not mapped to HIPAA/HITECH Act. Therefore Health4Sure should assess the security posture of their cloud service against each and every control in the CCM. This approach will allow a thorough assessment of the security posture.

C.The CCM columns are mapped to HIPAA/HITECH Act and therefore Health4Sure could verify the CCM controls already covered ad a result of their compliance with HIPPA/HITECH Act. They could then assess the remaining controls. This approach will save time.

CCAK Exam Question 37

Which layer is the most important for securing because it is considered to be the foundation for secure cloud operations?

A.Applistructure

B.Datastructure

C.Metastructure

D.Infostructure

E.Infrastructure

CCAK Exam Question 38

During an audit it was identified that a critical application hosted in an off-premises cloud is not part of the organization's DRP (Disaster Recovery Plan). Management stated that it is responsible for ensuring that the cloud service provider (CSP) has a plan that is tested annually. What should be the auditor's NEXT course of action?

A.Review the contract and DR capability.

B.Review the security white paper of the CSP.

C.Review the CSP audit reports.

D.Plan an audit of the CSP.

CCAK Exam Question 39

SAST testing is performed by:

A.scanning the application source code.

B.scanning the application interface.

C.scanning all infrastructure components.

D.performing manual actions to gain control of the application.

CCAK Exam Question 40

When developing a cloud compliance program, what is the PRIMARY reason for a cloud customer to review which cloud services will be deployed?

A.To confirm which vendor will be selected based on the compliance with security requirements

B.To determine the total cost of the cloud services to be deployed

C.To confirm if the compensating controls implemented are sufficient for the cloud

D.To determine how those services will fit within its policies and procedures

Other Version: 975ISACA.CCAK.v2025-08-01.q91; 521ISACA.CCAK.v2024-10-10.q64; 560ISACA.CCAK.v2024-05-13.q102; 110ISACA.Braindumpspass.CCAK.v2022-01-26.by.thomas.55q.pdf

Latest Upload: 119SAP.C_BCBAI_2509.v2026-01-15.q13; 188DAMA.DMF-1220.v2026-01-15.q271; 138SAP.C_SIGDA_2403.v2026-01-15.q66; 177ISACA.CRISC.v2026-01-15.q649; 128PaloAltoNetworks.NetSec-Pro.v2026-01-15.q26; 170Splunk.SPLK-1002.v2026-01-14.q121; 170EMC.NCP-AII.v2026-01-14.q144; 164Microsoft.AZ-800.v2026-01-13.q144; 176Microsoft.MS-102.v2026-01-13.q258; 121HP.HPE2-E84.v2026-01-13.q17

CCAK Exam Question 36

CCAK Exam Question 37

CCAK Exam Question 38

CCAK Exam Question 39

CCAK Exam Question 40

Download PDF File