Free Access ISACA.CCAK.v2023-04-28.q71 Practice Test (Page 9)

Question 36

A cloud customer configured and developed a solution on top of the certified cloud services. Building on top of a compliant CSP:

A.means that the cloud customer and client are both compliant.

B.does not necessarily mean that the cloud customer is also compliant.

C.means that the cloud customer is also compliant.

D.means that the cloud customer is compliant but their client is not compliant.

Question 37

During a review, an IS auditor notes that an organization's marketing department has purchased a cloud-based software application without following the procurement process. What should the auditor do FIRST?

A.Review the business impact analysis (BIA).

B.Escalate to senior management.

C.Review the procurement process.

D.Perform a risk analysis.

Question 38

Which of the following attestation allows for immediate adoption of the Cloud Control Matrix (CCM) as additional criteria to AICPA Trust Service Criteria and provides the flexibility to update the criteria as technology and market requirements change?

A.MTCS

B.BSI Criteria Catalogue C5

C.CSA STAR Attestation

D.PC-IDSS

Question 39

Which of the following is a corrective control that may be identified in a SaaS service provider?

A.Log monitoring

B.Vulnerability scan

C.Penetration testing

D.Incident response plans

Question 40

Which objective is MOST appropriate to measure the effectiveness of password policy?

A.Attempts to log with weak credentials increases.

B.The number of related incidents increases.

C.The number of related incidents decreases.

D.Newly created account credentials satisfy requirements.

Other Version: 398ISACA.CCAK.v2025-05-13.q213; 887ISACA.CCAK.v2022-12-30.q72; 1620ISACA.CCAK.v2022-07-25.q75; 1595ISACA.CCAK.v2022-02-11.q57; 70ISACA.Passtestking.CCAK.v2021-10-20.by.jerry.27q.pdf

Latest Upload: 117Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 156TheSecOpsGroup.CNSP.v2025-09-08.q20; 207CFAInstitute.ESG-Investing.v2025-09-08.q173; 155PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 144Salesforce.Data-Architect.v2025-09-05.q216; 136Adobe.AD0-E605.v2025-09-05.q50; 177Nutanix.NCP-MCI-6.10.v2025-09-05.q55; 114Oracle.1z0-591.v2025-09-05.q104

Question 36

Question 37

Question 38

Question 39

Question 40

Download PDF File