Isaca
CCAK
Q1:
Which of the following is a KEY benefit of using the Cloud Controls Matrix (CCM)?
○
A
CCM uses a specific control for Infrastructure as a Service (IaaS).○
B
CCM maps to existing security standards, best practices, and regulations.○
C
CCM V4 is an improved version from CCM V3.0.1.○
D
CCM utilizes an ITIL framework to define the capabilities needed to manage the IT services and security services.
Isaca
CCAK
Q2:
Which of the following BEST describes the difference between a Type 1 and a Type 2 SOC report?
○
A
A Type 2 SOC report validates the operating effectiveness of controls, whereas a Type 1 SOC report validates the suitability of the design of the controls.○
B
A Type 1 SOC report provides an attestation, whereas a Type 2 SOC report offers a certification.○
C
A Type 2 SOC report validates the suitability of the control design, whereas a Type 1 SOC report validates the operating effectiveness of controls.○
D
There is no difference between a Type 2 and a Type 1 SOC report.
Isaca
CCAK
Q3:
In cloud computing, which KEY subject area relies on measurement results and metrics?
○
A
Software as a Service (SaaS) application services○
B
Infrastructure as a Service (IaaS) storage and network○
C
Platform as a Service (PaaS) development environment○
D
Service level agreements (SLAs)
Isaca
CCAK
Q4:
Which of the following is a cloud-native solution designed to counter threats that do not exist within the enterprise?
○
A
Rule-based access control○
B
Attribute-based access control○
C
Policy-based access control○
D
Role-based access control
Isaca
CCAK
Q5:
Which industry organization offers both security controls and cloud-relevant benchmarking?
○
A
Cloud Security Alliance (CSA)○
B
SANS Institute○
C
International Organization for Standardization (ISO)○
D
Center for Internet Security (CIS)