
CCAK試験問題集合格させるのは2022年最新の認証済み試験問題
CCAK試験問題でリアルに更新された問題PDF
質問 19
When deploying Security as a Service in a highly regulated industry or environment, what should bothparties agree on in advance and include in the SLA?
- A. The metrics defining the service level required to achieve regulatory objectives.
- B. The duration of time that a security violation can occur before the client begins assessing regulatory fines.
- C. The cost per incident for security breaches of regulated information.
- D. The type of security software which meets regulations and the number of licenses that will be needed.
- E. The regulations that are pertinent to the contract and how to circumvent them.
正解: A
質問 20
Which of the following would be the GREATEST governance challenge to an organization where production is hosted in a public cloud and backups are held on the premises?
- A. Aligning the cloud service delivery with the organization's objective
- B. Aligning the cloud provider's SLA with the organization's policy
- C. Aligning shared responsibilities between provider and customer
- D. Aligning the organization's activity with the cloud provider's policy
正解: A
質問 21
Account design in the cloud should be driven by:
- A. business continuity policies.
- B. organizational structure.
- C. management structure.
- D. security requirements.
正解: D
質問 22
What item below allows disparate directory services and independent security domains to be interconnected?
- A. Coalition
- B. Intersection
- C. Union
- D. Cloud
- E. Federation
正解: E
質問 23
During an audit it was identified that a critical application hosted in an off-premises cloud is not part of the organization's DRP (Disaster Recovery Plan). Management stated that it is responsible for ensuring that the cloud service provider (CSP) has a plan that is tested annually. What should be the auditor's NEXT course of action?
- A. Review the contract and DR capability.
- B. Plan an audit of the CSP.
- C. Review the CSP audit reports.
- D. Review the security white paper of the CSP.
正解: D
質問 24
Which of the following are the three MAIN phases of the cloud controls matrix (CCM) mapping methodology?
- A. Preparation --> Execution --> Peer Review and Publication
- B. Deploy --> Monitor --> Audit
- C. Plan --> Develop --> Release
- D. Initiation --> Execution --> Monitoring and Controlling
正解: A
質問 25
Which cloud-based service model enables companies to provide client-based access for partners to databases or applications?
- A. Platform-as-a-service (PaaS)
- B. Desktop-as-a-service (DaaS)
- C. Software-as-a-service (SaaS)
- D. Identity-as-a-service (IDaaS)
- E. Infrastructure-as-a-service (IaaS)
正解: A
質問 26
An organization that is utilizing a community cloud is contracting an auditor to conduct a review on behalf of the group of organizations within the cloud community. From the following, to whom should the auditor report the findings?
- A. Cloud service provider
- B. Management of organization being audited
- C. Shareholders/interested parties
- D. Public
正解: A
質問 27
What should be the auditor's PRIMARY objective while examining a cloud service provider's (CSP's) SLA?
- A. Verifying whether the SLA includes all the operational matters which are material to the operation of the service
- B. Verifying whether commensurate compensation in the form of service credits is factored in if the CSC is unable to match its SLA obligations
- C. Verifying whether the SLA caters to the availability requirements of the cloud service customer (CSC)
- D. Verifying whether the SLAs are well-defined and measurable
正解: C
質問 28
Which of the following is a corrective control that may be identified in a SaaS service provider?
- A. Penetration testing
- B. Log monitoring
- C. Vulnerability scan
- D. Incident response plans
正解: C
質問 29
Since CCM allows cloud customers to build a detailed list of requirements and controls to be implemented by the CSP as part of their overall third-party risk management and procurement program, will CCM alone be enough to define all the items to be considered when operating/using cloud services?
- A. Yes. CCM suffices since it maps a huge library of widely accepted frameworks.
- B. No. CCM can serve as a foundation for a cloud assessment program, but it needs to be completed with requirements applicable to each company.
- C. No. CCM must be completed with definitions established by the CSP because of its relevance to service continuity.
- D. Yes. When implemented in the right manner. CCM alone can help to measure, assess and monitor the risk associated with a CSP or a particular service.
正解: C
質問 30
Which of the following is MOST important to consider when an organization is building a compliance program for the cloud?
- A. The fairly static nature of the service portfolio and architecture of the cloud.
- B. The rapidly changing service portfolio and architecture of the cloud.
- C. Cloud providers should not be part of the compliance program.
- D. The cloud is similar to the on-premise environment in terms of compliance.
正解: B
質問 31
When deploying an application that was created using the programming language and tools supported by the cloud provider, the MOST appropriate cloud computing model for an organization to adopt is:
- A. Infrastructure as a Service (laaS).
- B. Identity as a Service (IDaaS).
- C. Platform as a Service (PaaS).
- D. Software as a Service (SaaS).
正解: C
質問 32
When a client's business process changes, the CSP SLA should:
- A. be reviewed, but the SLA cannot be updated.
- B. be reviewed and updated if required.
- C. not be reviewed as the SLA cannot be updated.
- D. not be reviewed, but the cloud contract should be cancelled immediately.
正解: B
質問 33
Which of the following key stakeholders should be identified the earliest when an organization is designing a cloud compliance program?
- A. Cloud strategy owners
- B. Cloud process owners
- C. Internal control function
- D. Legal functions
正解: B
質問 34
......
ISACA CCAK 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
合格させる保証付き無料クイズ2022年最新の実際に出ると確認されたISACA:https://jp.fast2test.com/CCAK-premium-file.html
無料Cloud Security Alliance CCAK究極の学習ガイド:https://drive.google.com/open?id=1D5SbOyNQLm5HapU04PVHMUa5Bfpd1CVV