[2022年09月]更新のCCAK問題集で時間限定!無料アクセスせよ! [Q63-Q88]

Share

[2022年09月]更新のCCAK問題集で時間限定!無料アクセスせよ!

CCAK問題集で2022年最新のISACA CCAK試験問題


ISACA CCAK 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • CCMとCAIQ:目標、目的、構造
  • CCM:監査統制
トピック 2
  • CCM
  • クラウドガバナンスを使用したクラウドの脅威分析方法
トピック 3
  • 継続的な保証とコンプライアンス
  • クラウドコンプライアンスプログラム
トピック 4
  • クラウドコンプライアンスプログラム
  • クラウド監査の評価

 

質問 63
Cloud services exhibit fiveessential characteristics that demonstrate their relation to, and differences from, traditional computing approaches. Which one of the five characteristics is described as: a consumer can unilaterally provision computing capabilities such as server time and network storage as needed.

  • A. Measured service
  • B. On-demand self-service
  • C. Resource pooling
  • D. Broad network access
  • E. Rapid elasticity

正解: B

 

質問 64
Why is a service type of network typically isolated on different hardware?

  • A. It has distinct functions from other networks
  • B. It requires unique security
  • C. It manages resource pools for cloud consumers
  • D. It manages the traffic between other networks
  • E. It requires distinct access controls

正解: D

 

質問 65
CCM: A hypothetical company called: "Health4Sure" is located in the United States and provides cloud based services fortracking patient health. The company is compliant with HIPAA/HITECH Act among other industry standards. Health4Sure decides to assess the overall security of their cloud service against the CCM toolkit so that they will be able to present this document topotential clients.
Which of the following approach would be most suitable to assess the overall security posture of Health4Sure's cloud service?

  • A. The CCM columns are mapped to HIPAA/HITECH Act and therefore Health4Sure could verify the CCM controls already covered ad a result of their compliance with HIPPA/HITECH Act. They could then assess the remaining controls. This approach will save time.
  • B. The CCM domain controls are mapped to HIPAA/HITECH Act and therefore Health4Sure could verify the CCM controls already covered as a result of their compliance with HIPPA/HITECH Act. They could then assess the remaining controls thoroughly. This approach saves time while being able to assess the company's overall security posture in an efficient manner.
  • C. The CCM domains are not mapped to HIPAA/HITECH Act. Therefore Health4Sure should assess the security posture of their cloud service against each and every control in the CCM. This approach will allow a thorough assessment of the security posture.

正解: C

 

質問 66
To assist an organization with planning a cloud migration strategy to execution, an auditor should recommend the use of:

  • A. software architecture.
  • B. service-oriented architecture.
  • C. object-oriented architecture.
  • D. enterprise architecture.

正解: B

 

質問 67
Sending data to a provider's storage over an API is likely as much morereliable and secure than setting up your own SFTP server on a VM in the same provider

  • A. False
  • B. True

正解: B

 

質問 68
Which cloud storage technology is basically a virtual hard drive for instanced or VMs?

  • A. Volume storage
  • B. Database
  • C. Platform
  • D. Application
  • E. Object storage

正解: A

 

質問 69
What is the best way to ensure that all data has been removed from a public cloud environment including all media such as back-up tapes?

  • A. Practice Integration of Duties (IOD) so that everyone is able to delete the encrypted data.
  • B. Maintaining customer managed key management and revoking ordeleting keys from the key management system to prevent the data from being accessed again.
  • C. Both B and D.
  • D. Keep the keys stored on the client side so that they are secure and so that the users have the ability to delete their own data.
  • E. Allowing the cloud provider to manage your keys so that they have the ability to access and delete the data from the main and back-up storage.

正解: B

 

質問 70
How can virtual machine communications bypass network security controls?

  • A. Most network security systems do not recognize encrypted VM traffic
  • B. The guest OS can invoke stealth mode
  • C. VM communications may use a virtual network on the same hardware host
  • D. VM images can contain rootkits programmed to bypass firewalls
  • E. Hypervisors depend upon multiple network interfaces

正解: C

 

質問 71
Which of the following is a perceived advantage or disadvantage of managing enterprise risk for cloud deployments?

  • A. Decreased requirement for proactive management of relationship and adherence to contracts.
  • B. Increased need, but reduction in costs, for managing risks accepted by the cloud provider.
  • C. More physical control over assets and processes.
  • D. Greater reliance on contracts, audits, and assessments due to lack of visibility or management.
  • E. None of the above.

正解: D

 

質問 72
Dynamic Application Security Testing (DAST) might be limited or require pre-testing permission from the provider.

  • A. False
  • B. True

正解: B

 

質問 73
Which of the following contract terms is necessary to meet a company's requirement that needs to move data from one CSP to another?

  • A. Drag and Drop
  • B. Flexibility to move
  • C. Transition and data portability
  • D. Lift and shift

正解: C

 

質問 74
Which of the following should be of GREATEST concern to an IS auditor reviewing actions taken during a forensic investigation?

  • A. An image copy of the attacked system was not taken.
  • B. The proper authorities were not notified.
  • C. The investigation report does not indicate a conclusion.
  • D. The handling procedures of the attacked system are not documented.

正解: B

 

質問 75
Policies and procedures shall be established, and supporting business processes and technical measures implemented, for maintenance of several items ensuring continuity and availability of operations and support personnel. Which of the following controls BEST matches this control description?

  • A. System Maintenance
  • B. Operations Maintenance
  • C. Equipment Maintenance
  • D. System Development Maintenance

正解: B

 

質問 76
Which of the following is the MOST important audit scope document when conducting a review of a cloud service provider?

  • A. Processes and systems to be audited
  • B. Updated audit/work program
  • C. Testing procedure to be performed
  • D. Documentation criteria for the audit evidence

正解: D

 

質問 77
Which term is used to describe the use of tools to selectively degrade portions of the cloud to continuously test business continuity?

  • A. Chaos Engineering
  • B. PlannedOutages
  • C. Resiliency Planning
  • D. Organized Downtime
  • E. Expected Engineering

正解: A

 

質問 78
An internal audit department recently established a quality assurance (QA) program as part of its overall audit program. Which of the following activities is MOST important to include as part of the QA program requirements?

  • A. Analyzing user satisfaction reports from business lines
  • B. Benchmarking the QA framework to international standards
  • C. Conducting long-term planning for internal audit staffing
  • D. Reporting OA program results to the audit committee

正解: A

 

質問 79
Which plan will guide an organization on how to react to a security incident that might occur on the organization's systems, or that might be affecting one of their service providers?

  • A. Emergency Incident Plans
  • B. Unexpected Event Plans
  • C. Incident Response Plans
  • D. Security Incident Plans

正解: C

 

質問 80
The Cloud Computing Compliance Controls Catalogue (C5) framework is maintained by which of the following agencies?

  • A. Bundesamt fur Sicherheit in der Informationstechnik (BSI)
  • B. National Security Agency (NSA)
  • C. National Institute of Standards and Technology (NIST)
  • D. Agence nationale de la securite des systemes d'information (ANSSI)

正解: A

 

質問 81
Which of the following metrics are frequently immature?

  • A. Metrics around Infrastructure as a Service (IaaS) computing environments
  • B. Metrics around specific Software as a Service (SaaS) application services
  • C. Metrics around Platform as a Service (PaaS) development environments
  • D. Metrics around Infrastructure as a Service (IaaS) storage and network environments

正解: D

 

質問 82
An independent contractor is assessing security maturity of a SaaS company against industry standards. The SaaS company has developed and hosted all their products using the cloud services provided by a third-party cloud service provider (CSP). What is the optimal and most efficient mechanism to assess the controls CSP is responsible for?

  • A. Review third-party audit reports.
  • B. Directly audit the CSP.
  • C. Send supplier questionnaire to the CSP.
  • D. Review CSP's published questionnaires.

正解: D

 

質問 83
Which objective is MOST appropriate to measure the effectiveness of password policy?

  • A. Newly created account credentials satisfy requirements.
  • B. Attempts to log with weak credentials increases.
  • C. The number of related incidents decreases.
  • D. The number of related incidents increases.

正解: C

 

質問 84
The rapid and dynamic rate of changes found in a cloud environment affects the organization's:

  • A. risk appetite.
  • B. risk communication.
  • C. risk scoring.
  • D. risk profile.

正解: A

 

質問 85
Which of the following is the GREATEST concern associated with migrating computing resources to a cloud virtualized environment?

  • A. An increase in the potential for data leakage
  • B. An increase in the number of e-discovery requests
  • C. An increase in inherent vulnerability
  • D. An increase in residual risk

正解: A

 

質問 86
ENISA: "VMhopping" is:

  • A. Using a compromised VM to exploit a hypervisor, used to take control of other VMs.
  • B. Looping within virtualized routing systems.
  • C. Improper management of VM instances, causing customer VMs to be commingled with other customer systems.
  • D. Instability in VM patch management causing VM routing errors.
  • E. Lack of vulnerability management standards.

正解: A

 

質問 87
To ensure that integration of security testing is implemented on large code sets in environments where time to completion is critical, what form of validation should an auditor expect?

  • A. Regression testing
  • B. Parallel testing
  • C. Full application stack unit testing
  • D. Functional verification

正解: C

 

質問 88
......

ISACA CCAK試験実践テスト問題:https://jp.fast2test.com/CCAK-premium-file.html

最新の無料CCAK別格問題集をダウンロード:https://drive.google.com/open?id=1D5SbOyNQLm5HapU04PVHMUa5Bfpd1CVV


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어