[Dec-2021] Use Real CCAK Dumps Free Sample Questions and Practice Test Engine
Pass ISACA CCAK exam - questions - convert Tets Engine to PDF
NEW QUESTION 23
APIs and web services require extensive hardening and must assume attacks from authenticated and unauthenticated adversaries.
- A. True
- B. False
Answer: A
NEW QUESTION 24
When deploying Security as a Service in a highly regulated industry or environment, what should bothparties agree on in advance and include in the SLA?
- A. The duration of time that a security violation can occur before the client begins assessing regulatory fines.
- B. The type of security software which meets regulations and the number of licenses that will be needed.
- C. The cost per incident for security breaches of regulated information.
- D. The regulations that are pertinent to the contract and how to circumvent them.
- E. The metrics defining the service level required to achieve regulatory objectives.
Answer: E
NEW QUESTION 25
What item below allows disparate directory services and independent security domains to be interconnected?
- A. Intersection
- B. Cloud
- C. Federation
- D. Union
- E. Coalition
Answer: C
NEW QUESTION 26
ENISA: A reason for risk concerns of a cloud provider being acquired is:
- A. Resource isolation may fail
- B. Non-binding agreements put at risk
- C. Arbitrary contract termination by acquiring company
- D. Provider may change physical location
- E. Mass layoffs may occur
Answer: B
NEW QUESTION 27
A defining set of rules composed of claims and attributes of the entities in a transaction, which is used to determine their level of access to cloud-based resources is called what?
- A. An entitlement matrix
- B. A support table
- C. An entrylog
- D. An access log
- E. A validation process
Answer: E
NEW QUESTION 28
Network logs from cloud providers are typically flow records, not full packet captures.
- A. True
- B. False
Answer: A
NEW QUESTION 29
How does running applications on distinct virtual networks and only connecting networksas needed help?
- A. It reduces hardware costs
- B. It provides dynamic and granular policies with less management overhead
- C. It enables you to configure applications around business groups
- D. It reduces the blast radius of a compromised system
- E. It locks down access and provides stronger data security
Answer: D
NEW QUESTION 30
Which term is used to describe the use of tools to selectively degrade portions of the cloud to continuously test business continuity?
- A. Resiliency Planning
- B. Expected Engineering
- C. Organized Downtime
- D. Chaos Engineering
- E. PlannedOutages
Answer: D
NEW QUESTION 31
Your cloud and on-premisesinfrastructures should always use the same network address ranges.
- A. True
- B. False
Answer: B
NEW QUESTION 32
How can virtual machine communications bypass network security controls?
- A. Hypervisors depend upon multiple network interfaces
- B. The guest OS can invoke stealth mode
- C. Most network security systems do not recognize encrypted VM traffic
- D. VM communications may use a virtual network on the same hardware host
- E. VM images can contain rootkits programmed to bypass firewalls
Answer: D
NEW QUESTION 33
Which communication methods within a cloud environment must be exposed for partners or consumers to access database information using a web application?
- A. Resource Description Framework (RDF)
- B. Software Development Kits (SDKs)
- C. Application Binary Interface (ABI)
- D. Application Programming Interface (API)
- E. Extensible Markup Language (XML)
Answer: D
NEW QUESTION 34
If there are gaps in network logging data,what can you do?
- A. Ask the cloud provider to open more ports.
- B. Nothing. There are simply limitations around the data that can be logged in the cloud.
- C. You can instrument the technology stack with your own logging.
- D. Nothing. The cloud provider must make the information available.
- E. Ask the cloud provider to close more ports.
Answer: C
NEW QUESTION 35
Which concept provides the abstraction needed for resource pools?
- A. Applistructure
- B. Metastructure
- C. Hypervisor
- D. Orchestration
- E. Virtualization
Answer: E
NEW QUESTION 36
A third-party service provider is hosting a private cloud for an organization. Which of the following findings during an audit of the provider poses the GREATEST risk to the organization?
- A. Two different hypervisor versions are used due to the compatibility restrictions of some virtual machines.
- B. 2% of backups had to be rescheduled due to backup media failures.
- C. The organization's virtual machines share the same hypervisor with virtual machines of other clients.
- D. 5% of detected incidents exceeded the defined service level agreement (SLA) for escalation.
Answer: C
NEW QUESTION 37
Which governance domain deals with evaluating how cloudcomputing affects compliance with internal security policies and various legal requirements, such as regulatory and legislative?
- A. Infrastructure Security
- B. Legal Issues: Contracts and Electronic Discovery
- C. Information Governance
- D. Governance and Enterprise Risk Management
- E. Compliance and Audit Management
Answer: E
NEW QUESTION 38
Which of the following is the GREATEST concern associated with migrating computing resources to a cloud virtualized environment?
- A. An increase in the number of e-discovery requests
- B. An increase in the potential for data leakage
- C. An increase in residual risk
- D. An increase in inherent vulnerability
Answer: B
NEW QUESTION 39
An important consideration when performing a remote vulnerability test of a cloud-based application is to
- A. Use techniques to evade cloud provider's detection systems
- B. Schedule vulnerability test at night
- C. Obtain provider permission for test
- D. Use network layer testing tools exclusively
- E. Use application layer testing tools exclusively
Answer: C
NEW QUESTION 40
CCM: A hypothetical company called: "Health4Sure" is located in the United States and provides cloud based services fortracking patient health. The company is compliant with HIPAA/HITECH Act among other industry standards. Health4Sure decides to assess the overall security of their cloud service against the CCM toolkit so that they will be able to present this document topotential clients.
Which of the following approach would be most suitable to assess the overall security posture of Health4Sure's cloud service?
- A. The CCM columns are mapped to HIPAA/HITECH Act and therefore Health4Sure could verify the CCM controls already covered ad a result of their compliance with HIPPA/HITECH Act. They could then assess the remaining controls. This approach will save time.
- B. The CCM domain controls are mapped to HIPAA/HITECH Act and therefore Health4Sure could verify the CCM controls already covered as a result of their compliance with HIPPA/HITECH Act. They could then assess the remaining controls thoroughly. This approach saves time while being able to assess the company's overall security posture in an efficient manner.
- C. The CCM domains are not mapped to HIPAA/HITECH Act. Therefore Health4Sure should assess the security posture of their cloud service against each and every control in the CCM. This approach will allow a thorough assessment of the security posture.
Answer: C
NEW QUESTION 41
ENISA: Lock-in is ranked as a high risk in ENISA research, a key underlying vulnerability causing lock in is:
- A. Lack of information onjurisdictions
- B. Unclear asset ownership
- C. Lack of completeness and transparency in terms of use
- D. Audit or certification not available to customers
- E. No source escrow agreement
Answer: C
NEW QUESTION 42
......
Pass Your CCAK Exam Easily - Real CCAK Practice Dump Updated Dec 15, 2021: https://www.crampdf.com/CCAK-exam-prep-dumps.html
2021 Realistic Verified Free ISACA CCAK Exam Questions : https://drive.google.com/open?id=1-KaxYaUt5UN7tYgBsXTYtDnDGaUVAB9_