Question 1

The Open Certification Framework is structured on three levels of trust. Those three levels of trust are:

Options :

A : CSA STAR Self-Assessment, STAR Certification & Attestation (Third-party Assessment), STAR Compliance

B : CSA STAR Audit, STAR Certification & Attestation (Third-party Assessment), STAR Continuous

C : CSA STAR Self-Assessment, STAR Certification & Attestation (Third-party Assessment), STAR Monitoring and Control

D : CSA STAR Self-Assessment, STAR Certification & Attestation (Third-party Assessment), STAR Continuous

Answer: D

Question 2

Which of the following is an example of compliance business impact?

Options :

A :

A hacker using a stolen administrator identity brings down the Software as a Service (SaaS) sales and marketing systems, resulting in the inability to process customer orders or manage customer relationships.

B :

A distributed denial of service (DDoS) attack renders the customer’s cloud inaccessible for 24 hours, resulting in millions in lost sales.

C :

While the breach was reported in a timely manner to the CEO, the CFO and CISO blamed each other in public, resulting in a loss of public confidence that led the board to replace all three.

D :

The cloud provider fails to report a breach of customer personal data from an unsecured server, resulting in GDPR fines of 10 million euros.

Answer: C

Question 3

What should be an organization’s control audit schedule of a cloud service provider’s business continuity plan and operational resilience policy?

Options :

A : Annual

B : Quarterly

C : Monthly

D : Semi-annual

Answer: A

Question 4

In a situation where duties related to cloud risk management and control are split between an organization and its cloud service providers, which of the following would BEST help to ensure a coordinated approach to risk and control processes?

Options :

A : Establishing a joint security operations center

B : Automating reporting of risk and control compliance

C : Co-locating compliance management specialists

D : Maintaining a centralized risk and controls dashboard

Answer: D

Question 5

In a multi-level supply chain structure where cloud service provider A relies on other sub cloud services, the provider should ensure that any compliance requirements relevant to the provider are:

Options :

A : passed to the sub cloud service providers based on the sub cloud service providers’ geographic location.

B : passed to the sub cloud service providers

C : treated as confidential information and withheld from all sub cloud service providers.

D : treated as sensitive information and withheld from certain sub cloud service providers

Answer: A

Higher Test Marks with Free Online CCAK Exam Practice

Buying Options: