ISACA CCAK
Q: 1
Regarding cloud service provider agreements and contracts, unless otherwise stated, the provider is:
Options
Q: 2
What does “The Egregious 11" refer to?
Options
Q: 3
Which of the following principles, when combined with a structured development methodology,
would BEST contribute to the consistent introduction of secure and compliant Software as a Service
(SaaS) solutions in an organization?
Options
Q: 4
Which of the following is the BEST method to demonstrate assurance in the cloud services to
multiple cloud customers?
Options
Q: 5
The PRIMARY purpose of Open Certification Framework (OCF) for the CSA STAR program is to:
Options
Q: 6
Which objective is MOST appropriate to measure the effectiveness of password policy?
Options
Q: 7
Which of the following is a good candidate for continuous auditing?
Options
Q: 8
Who should define what constitutes a policy violation?
Options
Q: 9
In relation to testing business continuity management and operational resilience, an auditor should
review which of the following database documentation?
Options
Q: 10
Which of the following is the PRIMARY area for an auditor to examine in order to understand the
criticality of the cloud services in an organization, along with their dependencies and risks?
Options
Question 1 of 10
