Question 1

Which of the following would be a logical starting point for an auditor who has been engaged to assess the security of an organization’s DevOps pipeline?

Options :

A : Verify the inclusion of security gates in the pipeline.

B : Conduct an architectural assessment.

C : Review the CI/CD pipeline audit logs.

D : Verify separation of development and production pipelines.

Answer: C

Question 2

Which of the following cloud environments should be a concern to an organization s cloud auditor?

Options :

A : The cloud service provider’s data center is more than 100 miles away

B : The organization entirely depends on several proprietary Software as a Service (SaaS) applications.

C : The failover region of the cloud service provider is on another continent.

D :

The technical team is trained on only one vendor Infrastructure as a Service (Iaas) platform, but the organization has subscribed to another vendor’s IaaS platform as an alternative.

Answer: B

Question 3

Which of the following is a direct benefit of mapping the Cloud Control Matrix (CCM) to other international standards and regulations?

Options :

A :

CCM mapping entitles cloud service providers to be listed as an approved supplier for tenders and government contracts

B :

CCM mapping enables cloud service providers and customers alike to streamline their own compliance and security efforts.

C :

CCM mapping enables an uninterrupted data flow and, in particular, the export of personal data across different jurisdictions

D : CCM mapping entitles cloud service providers to be certified under the CSA STAR program

Answer: B

Question 4

"Network environments and virtual instances shall be designed and configured to restrict and monitor traffic between trusted and untrusted connections. These configurations shall be reviewed at least annually, and supported by a documented justification for use for all allowed services, protocols, ports, and by compensating controls." Which of the following types of controls BEST matches this control description?

Options :

A : Network Security

B : Change Detection

C : Virtual Instance and OS Hardening

D : Network Vulnerability Management

Answer: A

Question 5

Which of the following is the MOST efficient way for a customer organization to minimize the risk from a cloud service provider’s aggressive product release strategy that could cause the customer to deviate from its compliance obligations?

Options :

A :

Including a break clause in the provider processing contract to be activated in the event of significant product change

B :

Developing multiple lines of communication with the provider that provide visibility into upcoming changes to the product

C : Maintaining a failover processing agreement with another provider offering a similar product

D : Requiring that the source code for the provider product be held in escrow with an independent third party

Answer: B

Higher Test Marks with Free Online CCAK Exam Practice

Buying Options: