Create Next App

Exam contains 261 questions

Page 4 of 44

Question 19 🔥

From the perspective of a senior cloud security audit practitioner in an organization of a mature security program with cloud adoption, which of the following statements BEST describes the DevSecOps concept?

Which database solution meets these requirements?

A. Process of security integration using automation in software development

Highly voted

B. Development standards for addressing integration, testing, and deployment issues

Highly voted

C. Operational framework that promotes software consistency through automation

Highly voted

D. Making software development simpler, faster, and easier using automation

Highly voted

Discussion of the question

Question 20 🔥

Which of the following is MOST important to consider when developing an effective threat model during the introduction of a new SaaS service into a customer organization’s architecture? The threat model:

Which database solution meets these requirements?

A. recognizes the shared responsibility for risk management between the customer and the CSP.

Highly voted

B. leverages SaaS threat models developed by peer organizations.

Highly voted

C. is developed by an independent third-party with expertise in the organization’s industry sector.

Highly voted

D. considers the loss of visibility and control from transitioning to the cloud.

Highly voted

Discussion of the question

Question 21 🔥

While performing the audit, the auditor found that an object storage bucket containing PII could be accessed by anyone on the Internet. Given this discovery, what should be the most appropriate action for the auditor to perform?

Which database solution meets these requirements?

A. Highlighting the gap to the audit sponsor at the sponsor’s earliest possible availability

Highly voted

B. Asking the organization’s cloud administrator to immediately close the gap by updating the configuration settings and making the object storage bucket private and hence inaccessible from the Internet

Highly voted

C. Documenting the finding in the audit report and sharing the gap with the relevant stakeholders

Highly voted

D. Informing the organization’s internal audit manager immediately about the gap

Highly voted

Discussion of the question

Question 22 🔥

To qualify for CSA STAR attestation for a particular cloud system, the SOC 2 report must cover:

Which database solution meets these requirements?

A. ISO/IЕС 27001: 2013 controls.

Highly voted

B. maturity model criteria.

Highly voted

C. all Cloud Control Matrix (CCM) controls and TSPC security principles.

Highly voted

D. Cloud Control Matrix (CCM) and ISO/IEC 27001:2013 controls.

Highly voted

Discussion of the question

Question 23 🔥

Which of the following is MOST important to consider when an organization is building a compliance program for the cloud?

Which database solution meets these requirements?

A. The rapidly changing service portfolio and architecture of the cloud.

Highly voted

B. Cloud providers should not be part of the compliance program.

Highly voted

C. The fairly static nature of the service portfolio and architecture of the cloud.

Highly voted

D. The cloud is similar to the on-premise environment in terms of compliance.

Highly voted

Discussion of the question

Question 24 🔥

Changes to which of the following will MOST likely influence the expansion or reduction of controls required to remediate the risk arising from changes to an organization’s SaaS vendor?

Which database solution meets these requirements?

A. Risk exceptions policy

Highly voted

B. Contractual requirements

Highly voted

C. Risk appetite

Highly voted

D. Board oversight

Highly voted

Discussion of the question

Ready to Pass Your Certification Test

isaca CCAK

Exam contains 261 questions

Lorem ipsum dolor sit amet consectetur. Eget sed turpis aenean sit aenean. Integer at nam ullamcorper a.

Company

Product

Resources

Follow us