Create Next App

Exam contains 261 questions

Page 3 of 44

Question 13 🔥

Which of the following approaches encompasses social engineering of staff, bypassing of physical access controls and penetration testing?

Which database solution meets these requirements?

A. Blue team

Highly voted

B. White box

Highly voted

C. Gray box

Highly voted

D. Red team

Highly voted

Discussion of the question

Question 14 🔥

When applying the Top Threats Analysis methodology following an incident, what is the scope of the technical impact identification step?

Which database solution meets these requirements?

A. Determine the impact on the controls that were selected by the organization to respond to identified risks.

Highly voted

B. Determine the impact on confidentiality, integrity and availability of the information system.

Highly voted

C. Determine the impact on the financial, operational, compliance and reputation of the organization.

Highly voted

D. Determine the impact on the physical and environmental security of the organization, excluding informational assets.

Highly voted

Discussion of the question

Question 15 🔥

When performing audits in relation to Business Continuity Management and Operational Resilience strategy, what would be the MOST critical aspect to audit in relation to the strategy of the cloud customer that should be formulated jointly with the cloud service provider?

Which database solution meets these requirements?

A. Validate if the strategy covers unavailability of all components required to operate the business-as-usual or in disrupted mode, in parts or total- when impacted by a disruption.

Highly voted

B. Validate if the strategy covers all aspects of Business Continuity and Resilience planning, taking inputs from the assessed impact and risks, to consider activities for before, during, and after a disruption.

Highly voted

C. Validate if the strategy covers all activities required to continue and recover prioritized activities within identified time frames and agreed capacity, aligned to the risk appetite of the organization including the invocation of continuity plans and crisis management capabilities.

Highly voted

D. Validate if the strategy is developed by both cloud service providers and cloud service consumers within the acceptable limits of their risk appetite.

Highly voted

Discussion of the question

Question 16 🔥

Which of the following metrics are frequently immature?

Which database solution meets these requirements?

A. Metrics around Infrastructure as a Service (IaaS) storage and network environments

Highly voted

B. Metrics around Platform as a Service (PaaS) development environments

Highly voted

C. Metrics around Infrastructure as a Service (IaaS) computing environments

Highly voted

D. Metrics around specific Software as a Service (SaaS) application services

Highly voted

Discussion of the question

Question 17 🔥

The MAIN difference between Cloud Control Matrix (CCM) and Consensus Assessment Initiative Questionnaire (CAIQ) is that:

Which database solution meets these requirements?

A. CCM assesses the presence of controls, whereas CAIQ assesses overall security of a service.

Highly voted

B. CCM has a set of security questions, whereas CAIQ has a set of security controls.

Highly voted

C. CCM has 14 domains and CAIQ has 16 domains.

Highly voted

D. CCM provides a controls framework, whereas CAIQ provides industry-accepted ways to document which security controls exist in IaaS, PaaS, and SaaS offerings.

Highly voted

Discussion of the question

Question 18 🔥

Changes to which of the following will MOST likely influence the expansion or reduction of controls required to remediate the risk arising from changes to an organization’s SaaS vendor?

Which database solution meets these requirements?

A. Risk exceptions policy

Highly voted

B. Contractual requirements

Highly voted

C. Risk appetite

Highly voted

D. Board oversight

Highly voted

Discussion of the question

Ready to Pass Your Certification Test

isaca CCAK

Exam contains 261 questions

Lorem ipsum dolor sit amet consectetur. Eget sed turpis aenean sit aenean. Integer at nam ullamcorper a.

Company

Product

Resources

Follow us