Free Access ISACA.CCAK.v2023-04-28.q71 Practice Test (Page 15)

Question 66

Which of the following should be the PRIMARY concern of an IS auditor during a review of an external IT service level agreement (SLA) for computer operations?

A.Lack of software escrow provisions

B.Changes in services are not tracked

C.Vendor has exclusive control of IT resources

D.No employee succession plan

Question 67

When applying the Top Threats Analysis methodology following an incident, what is the scope of the technical impact identification step?

A.Determine the impact on the controls that were selected by the organization to respond to identified risks.

B.Determine the impact on the financial, operational, compliance and reputation of the organization.

C.Determine the impact on the physical and environmental security of the organization, excluding informational assets.

D.Determine the impact on confidentiality, integrity and availability of the information system.

Question 68

REST APIs are the standard for web-based services because they run over HTTPS and work well across diverse environments.

A.False

B.True

Question 69

After finding a vulnerability in an internet-facing server of an organization, a cybersecurity criminal is able to access an encrypted file system and successfully manages to overwrite part of some files with random data. In reference to the Top Threats Analysis methodology, how would you categorize the technical impact of this incident?

A.As a confidentiality breach

B.As control breach

C.As an availability breach

D.As an integrity breach

Question 70

You have been assigned the implementation of an ISMS, whose scope must cover both on premise and cloud infrastructure. Which of the following is your BEST option?

A.Implement ISO/IEC 27001 and complement it with additional controls from the NIST SP 800-145.

B.Implement ISO/IEC 27002 and complement it with additional controls from the CCM.

C.Implement ISO/IEC 27001 and complement it with additional controls from ISO/IEC 27017.

D.Implement ISO/IEC 27001 and complement it with additional controls from ISO/IEC 27002.

Other Version: 408ISACA.CCAK.v2025-05-13.q213; 887ISACA.CCAK.v2022-12-30.q72; 1630ISACA.CCAK.v2022-07-25.q75; 1595ISACA.CCAK.v2022-02-11.q57; 70ISACA.Passtestking.CCAK.v2021-10-20.by.jerry.27q.pdf

Latest Upload: 101OCEG.GRCP.v2025-09-11.q211; 101HP.HPE0-V27.v2025-09-11.q78; 117Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 164TheSecOpsGroup.CNSP.v2025-09-08.q20; 222CFAInstitute.ESG-Investing.v2025-09-08.q173; 156PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 146Salesforce.Data-Architect.v2025-09-05.q216; 140Adobe.AD0-E605.v2025-09-05.q50

Question 66

Question 67

Question 68

Question 69

Question 70

Download PDF File