CCAK試験問題集合格させるのは2022年最新の認証済み試験問題 [Q19-Q34]

Share

CCAK試験問題集合格させるのは2022年最新の認証済み試験問題

CCAK試験問題でリアルに更新された問題PDF

質問 19
When deploying Security as a Service in a highly regulated industry or environment, what should bothparties agree on in advance and include in the SLA?

  • A. The metrics defining the service level required to achieve regulatory objectives.
  • B. The duration of time that a security violation can occur before the client begins assessing regulatory fines.
  • C. The cost per incident for security breaches of regulated information.
  • D. The type of security software which meets regulations and the number of licenses that will be needed.
  • E. The regulations that are pertinent to the contract and how to circumvent them.

正解: A

 

質問 20
Which of the following would be the GREATEST governance challenge to an organization where production is hosted in a public cloud and backups are held on the premises?

  • A. Aligning the cloud service delivery with the organization's objective
  • B. Aligning the cloud provider's SLA with the organization's policy
  • C. Aligning shared responsibilities between provider and customer
  • D. Aligning the organization's activity with the cloud provider's policy

正解: A

 

質問 21
Account design in the cloud should be driven by:

  • A. business continuity policies.
  • B. organizational structure.
  • C. management structure.
  • D. security requirements.

正解: D

 

質問 22
What item below allows disparate directory services and independent security domains to be interconnected?

  • A. Coalition
  • B. Intersection
  • C. Union
  • D. Cloud
  • E. Federation

正解: E

 

質問 23
During an audit it was identified that a critical application hosted in an off-premises cloud is not part of the organization's DRP (Disaster Recovery Plan). Management stated that it is responsible for ensuring that the cloud service provider (CSP) has a plan that is tested annually. What should be the auditor's NEXT course of action?

  • A. Review the contract and DR capability.
  • B. Plan an audit of the CSP.
  • C. Review the CSP audit reports.
  • D. Review the security white paper of the CSP.

正解: D

 

質問 24
Which of the following are the three MAIN phases of the cloud controls matrix (CCM) mapping methodology?

  • A. Preparation --> Execution --> Peer Review and Publication
  • B. Deploy --> Monitor --> Audit
  • C. Plan --> Develop --> Release
  • D. Initiation --> Execution --> Monitoring and Controlling

正解: A

 

質問 25
Which cloud-based service model enables companies to provide client-based access for partners to databases or applications?

  • A. Platform-as-a-service (PaaS)
  • B. Desktop-as-a-service (DaaS)
  • C. Software-as-a-service (SaaS)
  • D. Identity-as-a-service (IDaaS)
  • E. Infrastructure-as-a-service (IaaS)

正解: A

 

質問 26
An organization that is utilizing a community cloud is contracting an auditor to conduct a review on behalf of the group of organizations within the cloud community. From the following, to whom should the auditor report the findings?

  • A. Cloud service provider
  • B. Management of organization being audited
  • C. Shareholders/interested parties
  • D. Public

正解: A

 

質問 27
What should be the auditor's PRIMARY objective while examining a cloud service provider's (CSP's) SLA?

  • A. Verifying whether the SLA includes all the operational matters which are material to the operation of the service
  • B. Verifying whether commensurate compensation in the form of service credits is factored in if the CSC is unable to match its SLA obligations
  • C. Verifying whether the SLA caters to the availability requirements of the cloud service customer (CSC)
  • D. Verifying whether the SLAs are well-defined and measurable

正解: C

 

質問 28
Which of the following is a corrective control that may be identified in a SaaS service provider?

  • A. Penetration testing
  • B. Log monitoring
  • C. Vulnerability scan
  • D. Incident response plans

正解: C

 

質問 29
Since CCM allows cloud customers to build a detailed list of requirements and controls to be implemented by the CSP as part of their overall third-party risk management and procurement program, will CCM alone be enough to define all the items to be considered when operating/using cloud services?

  • A. Yes. CCM suffices since it maps a huge library of widely accepted frameworks.
  • B. No. CCM can serve as a foundation for a cloud assessment program, but it needs to be completed with requirements applicable to each company.
  • C. No. CCM must be completed with definitions established by the CSP because of its relevance to service continuity.
  • D. Yes. When implemented in the right manner. CCM alone can help to measure, assess and monitor the risk associated with a CSP or a particular service.

正解: C

 

質問 30
Which of the following is MOST important to consider when an organization is building a compliance program for the cloud?

  • A. The fairly static nature of the service portfolio and architecture of the cloud.
  • B. The rapidly changing service portfolio and architecture of the cloud.
  • C. Cloud providers should not be part of the compliance program.
  • D. The cloud is similar to the on-premise environment in terms of compliance.

正解: B

 

質問 31
When deploying an application that was created using the programming language and tools supported by the cloud provider, the MOST appropriate cloud computing model for an organization to adopt is:

  • A. Infrastructure as a Service (laaS).
  • B. Identity as a Service (IDaaS).
  • C. Platform as a Service (PaaS).
  • D. Software as a Service (SaaS).

正解: C

 

質問 32
When a client's business process changes, the CSP SLA should:

  • A. be reviewed, but the SLA cannot be updated.
  • B. be reviewed and updated if required.
  • C. not be reviewed as the SLA cannot be updated.
  • D. not be reviewed, but the cloud contract should be cancelled immediately.

正解: B

 

質問 33
Which of the following key stakeholders should be identified the earliest when an organization is designing a cloud compliance program?

  • A. Cloud strategy owners
  • B. Cloud process owners
  • C. Internal control function
  • D. Legal functions

正解: B

 

質問 34
......


ISACA CCAK 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • CCM
  • クラウドガバナンスを使用したクラウドの脅威分析方法
トピック 2
  • 継続的な保証とコンプライアンス
  • クラウドコンプライアンスプログラム
トピック 3
  • クラウドコンプライアンスプログラム
  • クラウド監査の評価
トピック 4
  • CCMとCAIQ:目標、目的、構造
  • CCM:監査統制

 

合格させる保証付き無料クイズ2022年最新の実際に出ると確認されたISACA:https://jp.fast2test.com/CCAK-premium-file.html

無料Cloud Security Alliance CCAK究極の学習ガイド:https://drive.google.com/open?id=1D5SbOyNQLm5HapU04PVHMUa5Bfpd1CVV


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어