Free Access ISACA.CCAK.v2022-07-25.q75 Practice Test (Page 2)

Question 1

Which of the following configuration change controls is acceptable to a cloud auditor?

A.Programmers have permanent access to production software.

B.Development, test and production are hosted in the same network environment.

C.Programmers cannot make uncontrolled changes to the source code production version.

D.The Head of Development approves changes requested to production.

Question 2

CCM: In the CCM tool, ais a measure that modifies risk and includes any process, policy, device, practice or any other actions which modify risk.

A.Risk Impact

B.Control Specification

C.Domain

Question 3

Which best describes the difference between a type 1 and a type 2 SOC report?

A.A type 2 SOC report validates the suitability of the design of the controls whereas a type 1 SOC report validates the operating effectiveness of controls.

B.A type 1 SOC report provides an attestation whereas a type 2 SOC report offers a certification.

C.A type 2 SOC report validates the operating effectiveness of controls whereas a type 1 SOC report validates the suitability of the design of the controls.

D.There is no difference between a type 2 and type 1 SOC report.

Question 4

An independent contractor is assessing security maturity of a SaaS company against industry standards. The SaaS company has developed and hosted all their products using the cloud services provided by a third-party cloud service provider (CSP). What is the optimal and most efficient mechanism to assess the controls CSP is responsible for?

A.Review CSP's published questionnaires.

B.Directly audit the CSP.

C.Review third-party audit reports.

D.Send supplier questionnaire to the CSP.

Question 5

In which control should a cloud service provider, upon request, inform customers of compliance impact and risk, especially if customer data is used as part of the services?

A.Service Provider control

B.Compliance control

C.Data Inventory control

D.Impact and Risk control

Other Version: 397ISACA.CCAK.v2025-05-13.q213; 785ISACA.CCAK.v2023-04-28.q71; 886ISACA.CCAK.v2022-12-30.q72; 1595ISACA.CCAK.v2022-02-11.q57; 70ISACA.Passtestking.CCAK.v2021-10-20.by.jerry.27q.pdf

Latest Upload: 107Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 155TheSecOpsGroup.CNSP.v2025-09-08.q20; 206CFAInstitute.ESG-Investing.v2025-09-08.q173; 153PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 140Salesforce.Data-Architect.v2025-09-05.q216; 136Adobe.AD0-E605.v2025-09-05.q50; 176Nutanix.NCP-MCI-6.10.v2025-09-05.q55; 114Oracle.1z0-591.v2025-09-05.q104

Question 1

Question 2

Question 3

Question 4

Question 5

Download PDF File