Exam CCAK: Certificate of Cloud Auditing Knowledge

Some new questions:
Q
If a customer management interface is compromised over the public Internet, it can lead to:
A. incomplete wiping of the data.
B. computing and data compromise for customers.
C. ease of acquisition of cloud services.
D. access to the RAM of neighboring cloud computers.

Q
Which of the following is an example of a corrective control?
A. A central antivirus system installing the latest signature files before allowing a connection to the network
B. All new employees having standard access rights until their manager approves privileged rights
C. Unsuccessful access attempts being automatically logged for investigation
D. Privileged access to critical information systems requiring a second factor of authentication using a soft token

Q
During the cloud service provider evaluation process, which of the following BEST helps identify baseline configuration requirements?
A. Vendor requirements
B. Product benchmarks
C. Benchmark controls lists
D. Contract terms and conditions

Q
Which of the following is MOST useful for an auditor to review when seeking visibility into the cloud supply chain for a newly acquired Software as a Service (SaaS) solution?
A. SaaS provider contract
B. Payments made by the service owner
C. SaaS vendor white papers
D. Cloud compliance obligations register

Q
Which of the following is the BEST method to demonstrate assurance in the cloud services to multiple cloud customers?
A. Provider’s financial stability report and market value
B. Reputation of the service provider in the industry
C. Provider self-assessment and technical documents
D. External attestation and certification audit reports
……..