Free Access ISACA.CCAK.v2022-07-25.q75 Practice Test (Page 6)

Question 21

If the degree of verification for information shared with the auditor during an audit is low, the auditor should:

A.stop evaluating the requirement altogether and review other audit areas.

B.delve deeper to obtain the required information to decide conclusively.

C.reject the information as audit evidence.

D.use professional judgment to determine the degree of reliance that can be placed on the information as evidence.

Question 22

One of the Cloud Control Matrix's (CCM's) control specifications states that "Independent reviews and assessments shall be performed at least annually to ensure that the organization addresses nonconformities of established policies, standards, procedures, and compliance obligations." Which of the following controls under the Audit Assurance and Compliance domain does this match to?

A.Audit planning

B.GDPR auditing

C.Information system and regulatory mapping

D.Independent audits

Question 23

A cloud service provider does not allow audits using automated tools as these tools could be considered destructive techniques for the cloud environment. Which of the following aspects of the audit will be constrained?

A.Objectives

B.Nature of relationship

C.Scope

D.Purpose

Question 24

Dynamic Application Security Testing (DAST) might be limited or require pre-testing permission from the provider.

A.False

B.True

Question 25

Which of the following would be a logical starting point for an auditor who has been engaged to assess the security of an organization's DevOps pipeline?

A.Verify separation of development and production pipelines.

B.Verify the inclusion of security gates in the pipeline.

C.Review the CI/CD pipeline audit logs.

D.Conduct an architectural assessment.

Other Version: 408ISACA.CCAK.v2025-05-13.q213; 795ISACA.CCAK.v2023-04-28.q71; 887ISACA.CCAK.v2022-12-30.q72; 1595ISACA.CCAK.v2022-02-11.q57; 70ISACA.Passtestking.CCAK.v2021-10-20.by.jerry.27q.pdf

Latest Upload: 117Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 162TheSecOpsGroup.CNSP.v2025-09-08.q20; 221CFAInstitute.ESG-Investing.v2025-09-08.q173; 155PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 145Salesforce.Data-Architect.v2025-09-05.q216; 139Adobe.AD0-E605.v2025-09-05.q50; 184Nutanix.NCP-MCI-6.10.v2025-09-05.q55; 114Oracle.1z0-591.v2025-09-05.q104

Question 21

Question 22

Question 23

Question 24

Question 25

Download PDF File