CCAK無料問題集「ISACA Certificate of Cloud Auditing Knowledge」

質問 1

DevSecOps aims to integrate security tools and processes directly into the software development life cycle and should be done:

（A）at the end of the development cycle.

（B）at the beginning of the development cycle.

（C）in all development steps.

（D）after go-live.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

An auditor is assessing a European organization's compliance. Which regulation is suitable if health information needs to be protected?

（A）GDPR

（B）DPA

（C）DPIA

（D）HIPAA

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

Regarding suppliers of a cloud service provider, it is MOST important for the auditor to be aware that the:

（A）client organization has a clear understanding of the provider's suppliers.

（B）suppliers are accountable for the provider's service that they are providing.

（C）client organization does not need to worry about the provider's suppliers, as this is the provider's responsibility.

（D）client organization and provider are both responsible for the provider's suppliers.

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

Which of the following is an example of reputational business impact?

（A）While the breach was reported in a timely manner to the CEO, the CFO and CISO blamed each other in public, resulting in a loss of public confidence that led the board to replace all three.

（B）The cloud provider fails to report a breach of customer personal data from an unsecured server, resulting in GDPR fines of 10 million euros.

（C）A hacker using a stolen administrator identity brings down the Software as a Service (SaaS) sales and marketing systems, resulting in the inability to process customer orders or manage customer relationships.

（D）A distributed denial of service (DDoS) attack renders the customer's cloud inaccessible for 24 hours, resulting in millions in lost sales.

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

In relation to testing business continuity management and operational resilience, an auditor should review which of the following database documentation?

（A）Database backup and replication guidelines

（B）System backup documentation

（C）Incident management documentation

（D）Operational manuals

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

Which of the following is a good candidate for continuous auditing?

（A）Cryptography and authentication

（B）Procedures

（C）Documentation quality

（D）Governance

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

In audit parlance, what is meant by "management representation"?

（A）Statements made by management in response to specific inquiries

（B）A project management technique to demonstrate management's involvement in key project stages

（C）A mechanism to represent organizational structure

（D）A person or group of persons representing executive management during audits

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

What should be the control audit frequency for an organization's business continuity management and operational resilience strategy?

（A）Monthly

（B）Annually

（C）Quarterly

（D）Biannually

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

Visibility to which of the following would give an auditor the BEST view of design and implementation decisions when an organization uses programmatic automation for Infrastructure as a Service (laaS) deployments?

（A）Results from automated testing

（B）Source code within build scripts

（C）Output from threat modeling exercises

（D）Service level agreements (SLAs)

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

After finding a vulnerability in an Internet-facing server of an organization, a cybersecurity criminal is able to access an encrypted file system and successfully manages to overwrite parts of some files with random dat a. In reference to the Top Threats Analysis methodology, how would the technical impact of this incident be categorized?

（A）As a control breach

（B）As an availability breach

（C）As an integrity breach

（D）As a confidentiality breach

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 11

To ensure that compliance obligations for data residency in the cloud are aligned with an organization's risk appetite, which of the following activities is MOST important to perform?

（A）Perform a cloud vendor assessment every time there is a change to data flows.

（B）Manage compliance obligations through a structured risk management process.

（C）Develop risk metrics to show how the organization is meeting the obligations.

（D）Communicate the organization's risk appetite across cloud service providers.

正解：B 解答を投票する

質問 12

Which of the following should a cloud auditor recommend regarding controls for application interfaces and databases to prevent manual or systematic processing errors, corruption of data, or misuse?

（A）Data input and output integrity routines

（B）Assessment of contractual and regulatory requirements for customer access

（C）Testing in accordance with leading industry standards such as OWASP

（D）Establishment of policies and procedures across multiple system interfaces, jurisdictions, and business functions to prevent improper disclosure, alteration, or destruction

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 13

Which of the following is a cloud-specific security standard?

（A）15014001

（B）15027701

（C）15027017

（D）15022301

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 14

Which of the following is the MOST relevant question in the cloud compliance program design phase?

（A）Who owns the cloud services strategy?

（B）Who owns the cloud strategy?

（C）Who owns the cloud portfolio strategy?

（D）Who owns the cloud governance strategy?

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

CCAK 無料問題集「ISACA Certificate of Cloud Auditing Knowledge」

弊社を連絡する

関連リンク

トップ試験