• Home
  • Articles
  • [Q16-Q34] Latest ISACA CCAK First Attempt, Exam real Dumps Updated [Nov-2021]

[Q16-Q34] Latest ISACA CCAK First Attempt, Exam real Dumps Updated [Nov-2021]

Share

Latest ISACA CCAK First Attempt, Exam real Dumps Updated [Nov-2021]

Get the superior quality CCAK Dumps Questions from TestKingFree. Nobody can stop you from getting to your dreams now. Your bright future is just a click away!

NEW QUESTION 16
Which of the following is NOT normally a method for detecting and preventing data migration into the cloud?

  • A. URL filters
  • B. Database Activity Monitoring
  • C. Cloud Access and Security Brokers (CASB)
  • D. Data Loss Prevention
  • E. Intrusion Prevention System

Answer: E

 

NEW QUESTION 17
ENISA: A reason for risk concerns of a cloud provider being acquired is:

  • A. Mass layoffs may occur
  • B. Provider may change physical location
  • C. Resource isolation may fail
  • D. Non-binding agreements put at risk
  • E. Arbitrary contract termination by acquiring company

Answer: D

 

NEW QUESTION 18
Which of the following statements are NOT requirements of governance and enterprise risk management in a cloud environment?

  • A. Respect the interdependency of the risks inherent in the cloud supply chain and communicate the corporate riskposture and readiness to consumers and dependent parties.
  • B. Inspect and account for risksinherited from other members of the cloud supply chain and take active measures to mitigate and contain risks through operational resiliency.
  • C. Provide transparency to stakeholders and shareholders demonstrating fiscal solvency and organizational transparency.
  • D. Negotiate long-term contracts with companies who use well-vetted software application to avoid the transient nature of the cloud environment.
  • E. Both B and C.

Answer: D

 

NEW QUESTION 19
What is true of searching data across cloud environments?

  • A. You can easily search across your environment using any E-Discovery tool.
  • B. All cloud-hosted email accounts are easily searchable.
  • C. You might not have the ability oradministrative rights to search or access all hosted data.
  • D. The cloud provider must conduct the search with the full administrative controls.
  • E. Search and discovery time is alwaysfactored into a contract between the consumer and provider.

Answer: C

 

NEW QUESTION 20
How can virtual machine communications bypass network security controls?

  • A. VM images can contain rootkits programmed to bypass firewalls
  • B. Most network security systems do not recognize encrypted VM traffic
  • C. The guest OS can invoke stealth mode
  • D. Hypervisors depend upon multiple network interfaces
  • E. VM communications may use a virtual network on the same hardware host

Answer: E

 

NEW QUESTION 21
An audit has identified that business units have purchased cloud-based applications without ITs support. What is the GREATEST risk associated with this situation?

  • A. The applications may not reasonably protect data.
  • B. The applications could be modified without advanced notice.
  • C. The application purchases did not follow procurement policy.
  • D. The applications are not included in business continuity plans (BCPs).

Answer: D

 

NEW QUESTION 22
APIs and web services require extensive hardening and must assume attacks from authenticated and unauthenticated adversaries.

  • A. False
  • B. True

Answer: B

 

NEW QUESTION 23
What factors should you understand about the data specifically due to legal, regulatory, and jurisdictional factors?

  • A. The actualsize of the data and the storage format
  • B. The implications of storing complex information on simple storage systems
  • C. Thephysical location of the data and how it is accessed
  • D. The language of the data and how it affects the user
  • E. The fragmentation and encryption algorithms employed

Answer: B

 

NEW QUESTION 24
Which communication methods within a cloud environment must be exposed for partners or consumers to access database information using a web application?

  • A. Software Development Kits (SDKs)
  • B. Application Binary Interface (ABI)
  • C. Extensible Markup Language (XML)
  • D. Application Programming Interface (API)
  • E. Resource Description Framework (RDF)

Answer: D

 

NEW QUESTION 25
When deploying an application that was created using the programming language and tools supported by the cloud provider, the MOST appropriate cloud computing model for an organization to adopt is:

  • A. Identity as a Service (IDaaS).
  • B. Infrastructure as a Service (laaS).
  • C. Platform as a Service (PaaS).
  • D. Software as a Service (SaaS).

Answer: C

 

NEW QUESTION 26
Which statement best describes why it is important to know how data is being accessed?

  • A. The devices used to access data use a variety of applications or clients and may have different security characteristics.
  • B. The device may affect data dispersion.
  • C. The devices used to access data may have differentownership characteristics.
  • D. The devices used to access data use a variety of operating systems and may have different programs installed on them.
  • E. The devices used to access data have different storage formats.

Answer: A

 

NEW QUESTION 27
An internal audit department recently established a quality assurance (QA) program as part of its overall audit program. Which of the following activities is MOST important to include as part of the QA program requirements?

  • A. Analyzing user satisfaction reports from business lines
  • B. Conducting long-term planning for internal audit staffing
  • C. Benchmarking the QA framework to international standards
  • D. Reporting OA program results to the audit committee

Answer: A

 

NEW QUESTION 28
Segregation of duties would be compromised if:

  • A. application programmers moved programs into production.
  • B. application programmers accessed test data.
  • C. database administrators (DBAs) modified the structure of user tables.
  • D. operations staff modified batch schedules.

Answer: B

 

NEW QUESTION 29
To understand their compliance alignments and gaps with a cloud provider, what must cloud customers rely on?

  • A. Provider documentation
  • B. Provider run audits and reports
  • C. Third-party attestations
  • D. EDiscovery tools
  • E. Provider and consumer contracts

Answer: C

 

NEW QUESTION 30
Who is responsible for the security of the physical infrastructure and virtualization platform?

  • A. The cloud consumer
  • B. The responsibility is split equally
  • C. The majority is covered by the consumer
  • D. Itdepends on the agreement
  • E. The cloud provider

Answer: E

 

NEW QUESTION 31
Which governance domain deals with evaluating how cloudcomputing affects compliance with internal security policies and various legal requirements, such as regulatory and legislative?

  • A. Governance and Enterprise Risk Management
  • B. Information Governance
  • C. Legal Issues: Contracts and Electronic Discovery
  • D. Compliance and Audit Management
  • E. Infrastructure Security

Answer: D

 

NEW QUESTION 32
Network logs from cloud providers are typically flow records, not full packet captures.

  • A. False
  • B. True

Answer: B

 

NEW QUESTION 33
Which attack surfaces, if any, does virtualization technology introduce?

  • A. The hypervisor
  • B. All of the above
  • C. Configuration and VM sprawl issues
  • D. Virtualization management components apart from the hypervisor

Answer: B

 

NEW QUESTION 34
......

ISACA Practice Test Engine with CCAK Questions: https://drive.google.com/open?id=1HbzOHNsMkaK7FPIk8J7e7G2c96YOErjC

Guaranteed Success with Valid ISACA CCAK Dumps: https://www.testkingfree.com/ISACA/CCAK-practice-exam-dumps.html

 

Related Articles

more
ISACA CCAK Certification Practice Exam