• Home
  • Blogs
  • [Full-Version] 2021 New Prep4away CCAK PDF Recently Updated Questions [Q12-Q33]

[Full-Version] 2021 New Prep4away CCAK PDF Recently Updated Questions [Q12-Q33]

Share

[Full-Version] 2021 New Prep4away CCAK PDF Recently Updated Questions

CCAK Exam with Guarantee Updated 78 Questions

NEW QUESTION 12
A defining set of rules composed of claims and attributes of the entities in a transaction, which is used to determine their level of access to cloud-based resources is called what?

  • A. An entitlement matrix
  • B. An entrylog
  • C. A support table
  • D. A validation process
  • E. An access log

Answer: D

 

NEW QUESTION 13
An internal audit department recently established a quality assurance (QA) program as part of its overall audit program. Which of the following activities is MOST important to include as part of the QA program requirements?

  • A. Analyzing user satisfaction reports from business lines
  • B. Conducting long-term planning for internal audit staffing
  • C. Benchmarking the QA framework to international standards
  • D. Reporting OA program results to the audit committee

Answer: A

 

NEW QUESTION 14
Which of the following should be the PRIMARY concern of an IS auditor during a review of an external IT service level agreement (SLA) for computer operations?

  • A. Vendor has exclusive control of IT resources
  • B. Changes in services are not tracked
  • C. No employee succession plan
  • D. Lack of software escrow provisions

Answer: B

 

NEW QUESTION 15
A client/server configuration will:

  • A. optimize system performance by having a server on a front-end and clients on a host.
  • B. keep track of all the clients using the IS facilities of a service organization.
  • C. limit the clients and servers relationship by limiting the IS facilities to a single hardware system.
  • D. enhance system performance through the separation of front-end and back-end processes.

Answer: D

 

NEW QUESTION 16
APIs and web services require extensive hardening and must assume attacks from authenticated and unauthenticated adversaries.

  • A. False
  • B. True

Answer: B

 

NEW QUESTION 17
When deploying Security as a Service in a highly regulated industry or environment, what should bothparties agree on in advance and include in the SLA?

  • A. The cost per incident for security breaches of regulated information.
  • B. The metrics defining the service level required to achieve regulatory objectives.
  • C. The type of security software which meets regulations and the number of licenses that will be needed.
  • D. The regulations that are pertinent to the contract and how to circumvent them.
  • E. The duration of time that a security violation can occur before the client begins assessing regulatory fines.

Answer: B

 

NEW QUESTION 18
REST APIs are the standard for web-based services because they run over HTTPS and work well across diverse environments.

  • A. False
  • B. True

Answer: B

 

NEW QUESTION 19
Select the best definition of"compliance" from the options below.

  • A. The timely and efficient filing of security reports.
  • B. The diligent habits of good security practices and recording of the same.
  • C. The development of a routine that covers all necessary security measures.
  • D. The process of completing all forms and paperwork necessary to develop a defensible paper trail.
  • E. The awareness and adherence to obligations, including the assessment and prioritization of corrective actions deemed necessary and appropriate.

Answer: E

 

NEW QUESTION 20
How is encryption managed on multi-tenant storage?

  • A. C for data subject to the EU Data Protection Directive; B for all others
  • B. Multiple keys per data owner
  • C. Single key for all data owners
  • D. One key per data owner
  • E. The answer could be A, B, or C depending on the provider

Answer: D

 

NEW QUESTION 21
Which of the following cloud deployment models would BEST meet the needs of a startup software development organization with limited initial capital?

  • A. Public
  • B. Community
  • C. Hybrid
  • D. Private

Answer: A

 

NEW QUESTION 22
Which attack surfaces, if any, does virtualization technology introduce?

  • A. The hypervisor
  • B. All of the above
  • C. Configuration and VM sprawl issues
  • D. Virtualization management components apart from the hypervisor

Answer: B

 

NEW QUESTION 23
Which of the following is NOT normally a method for detecting and preventing data migration into the cloud?

  • A. URL filters
  • B. Database Activity Monitoring
  • C. Cloud Access and Security Brokers (CASB)
  • D. Data Loss Prevention
  • E. Intrusion Prevention System

Answer: E

 

NEW QUESTION 24
What item below allows disparate directory services and independent security domains to be interconnected?

  • A. Federation
  • B. Cloud
  • C. Coalition
  • D. Union
  • E. Intersection

Answer: A

 

NEW QUESTION 25
Which of the following should be of GREATEST concern to an IS auditor reviewing actions taken during a forensic investigation?

  • A. An image copy of the attacked system was not taken.
  • B. The investigation report does not indicate a conclusion.
  • C. The proper authorities were not notified.
  • D. The handling procedures of the attacked system are not documented.

Answer: C

 

NEW QUESTION 26
An IS department is evaluated monthly on its cost-revenue ratio user satisfaction rate, and computer downtime This is BEST zed as an application of.

  • A. risk framework
  • B. control self-assessment (CSA)
  • C. value chain analysis
  • D. balanced scorecard

Answer: D

 

NEW QUESTION 27
Your cloud and on-premisesinfrastructures should always use the same network address ranges.

  • A. False
  • B. True

Answer: A

 

NEW QUESTION 28
What is resource pooling?

  • A. Internet-based CPUs are pooled to enable multi-threading.
  • B. Placing Internet ("cloud") data centers near multiple sources of energy, such as hydroelectric dams.
  • C. None of the above.
  • D. The dedicated computing resources of each client are pooled together in a colocation facility.
  • E. The provider's computing resources are pooled to serve multiple consumers.

Answer: E

 

NEW QUESTION 29
Network logs from cloud providers are typically flow records, not full packet captures.

  • A. False
  • B. True

Answer: B

 

NEW QUESTION 30
Which of the following is NOT a cloud computing characteristic that impacts incidence response?

  • A. Privacy concerns for co-tenants regarding the collection and analysis of telemetry and artifacts associated with an incident.
  • B. The on demand self-service nature of cloud computing environments.
  • C. The resource pooling practiced by cloud services, in addition to the rapid elasticity offered by cloud infrastructures.
  • D. Object-based storage in a private cloud.
  • E. The possibility of data crossing geographic or jurisdictional boundaries.

Answer: A

 

NEW QUESTION 31
Which term is used to describe the use of tools to selectively degrade portions of the cloud to continuously test business continuity?

  • A. PlannedOutages
  • B. Chaos Engineering
  • C. Resiliency Planning
  • D. Expected Engineering
  • E. Organized Downtime

Answer: B

 

NEW QUESTION 32
All cloud services utilize virtualization technologies.

  • A. False
  • B. True

Answer: B

 

NEW QUESTION 33
......

Latest CCAK Pass Guaranteed Exam Dumps Certification Sample Questions: https://www.prep4away.com/ISACA-certification/braindumps.CCAK.ete.file.html

CCAK Updated Exam Dumps [2021] Practice Valid Exam Dumps Question: https://drive.google.com/open?id=1iL973rLskGErHv0iXlHTzNPm7iPM-DNb 

Related Blogs

more
ISACA CCAK Certification Practice Exam