CCAK Online Practice Questions and Answers

From the perspective of a senior cloud security audit practitioner in an organization of a mature security program with cloud adoption, which of the following statements BEST describes the DevSecOps concept?

A. Process of security integration using automation in software development

B. Development standards for addressing integration, testing, and deployment issues

C. Operational framework that promotes software consistency through automation

D. Making software development simpler, faster, and easier using automation

Which of the following would be the GREATEST governance challenge to an organization where production is hosted in a public cloud and backups are held on the premises?

A. Aligning the cloud service delivery with the organization's objective

B. Aligning the cloud provider's SLA with the organization's policy

C. Aligning shared responsibilities between provider and customer

D. Aligning the organization's activity with the cloud provider's policy

To assist an organization with planning a cloud migration strategy to execution, an auditor should recommend the use of:

A. object-oriented architecture.

B. software architecture.

C. service-oriented architecture.

D. enterprise architecture.

Which of the following would be considered as a factor to trust in a cloud service provider?

A. The level of exposure for public information

B. The level of proved technical skills

C. The level of willingness to cooperate

D. The level of open source evidence available

Which of the following would be the MOST critical finding of an application security and DevOps audit?

A. The organization is not using a unified framework to integrate cloud compliance with regulatory requirements.

B. Application architecture and configurations did not consider security measures.

C. Outsourced cloud service interruption, breach or loss of data stored at the cloud service provider.

D. Certifications with global security standards specific to cloud are not reviewed and the impact of noted findings are not assessed.

To support customer's verification of the CSP claims regarding their responsibilities according to the shared responsibility model, which of the following tools and techniques is appropriate?

A. Contractual agreement

B. Internal audit

C. External audit

D. Security assessment

A. Cloud compliance program

B. Legacy IT compliance program

C. Internal audit program

D. Service organization controls report

When building a cloud governance model, which of the following requirements will focus more on the cloud service provider's evaluation and control checklist?

A. Security requirements

B. Legal requirements

C. Compliance requirements

D. Operational requirements

Which of the following parties should have accountability for cloud compliance requirements?

A. Customer

B. Equally shared between customer and provider

C. Provider

D. Either customer or provider, depending on requirements

Which of the following is a cloud-specific security standard?

A. ISO27017

B. ISO27701

C. ISO22301

D. ISO14001