Valid CCAK Dumps shared by ExamDiscuss.com for Helping Passing CCAK Exam! ExamDiscuss.com now offer the newest CCAK exam dumps, the ExamDiscuss.com CCAK exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CCAK dumps with Test Engine here:
Access CCAK Dumps Premium Version
(207 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 45/73
An organization has an ISMS implemented, following ISO 27001 and Annex A controls. The CIO would like to migrate some of the infrastructure to the cloud. Which of the following standards would BEST assist in identifying controls to consider for this migration?
Correct Answer: D
ISO/IEC 27017 standard defines the requirements for an information security management system (ISMS). Note that the entire organization is not necessarily affected by the standard, because it all depends on the scope of the ISMS. The scope could be limited by the provider to one group within an organization, and there is no guarantee that any group outside of the scope has appropriate ISMSs in place. It is up to the auditor to verify that the scope of the engagement is "fit for purpose." As the customer, you are responsible for determining whether the scope of the certification is relevant for your purposes.
- Question List (73q)
- Question 1: You have been assigned the implementation of an ISMS, whose ...
- Question 2: Which attack surfaces, if any, does virtualization technolog...
- Question 3: With regard to the Cloud Control Matrix (CCM), the 'Architec...
- Question 4: Customer management interface, if compromised over public in...
- Question 5: When deploying Security as a Service in a highly regulated i...
- Question 6: Your SLA with your cloudprovider ensures continuity for all ...
- Question 7: While performing the audit, the auditor found that an object...
- Question 8: Which of the following is the BEST recommendation to offer a...
- Question 9: Which of the following cloud deployment models would BEST me...
- Question 10: To ensure that integration of security testing is implemente...
- Question 11: A large organization with subsidiaries in multiple locations...
- Question 12: Which of the following aspects of risk management involves i...
- Question 13: Which cloud-based service model enables companies to provide...
- Question 14: To ensure that cloud audit resources deliver the best value ...
- Question 15: Which data security control is the LEAST likely to be assign...
- Question 16: In which control should a cloud service provider, upon reque...
- Question 17: Which of the following is the BEST tool to perform cloud sec...
- Question 18: Which of the following attestation allows for immediate adop...
- Question 19: How does running applications on distinct virtual networks a...
- Question 20: An IS auditor is a member of an application development team...
- Question 21: What should be an organization's control audit schedule of a...
- Question 22: Which best describes the difference between a type 1 and a t...
- Question 23: Which of the following is MOST important to consider when de...
- Question 24: An organization is in the initial phases of cloud adoption. ...
- Question 25: An independent contractor is assessing security maturity of ...
- Question 26: To ensure that cloud audit resources deliver the best value ...
- Question 27: Which of the following is an example of a corrective control...
- Question 28: When deploying an application that was created using the pro...
- Question 29: Which objective is MOST appropriate to measure the effective...
- Question 30: What type of termination occurs at the initiative of one par...
- Question 31: Changes to which of the following will MOST likely influence...
- Question 32: APIs and web services require extensive hardening and must a...
- Question 33: Use elastic servers when possible and move workloads to new ...
- Question 34: Which of the following is the MOST important audit scope doc...
- Question 35: The rapid and dynamic rate of changes found in a cloud envir...
- Question 36: Which of the following is the common cause of misconfigurati...
- Question 37: What is true of searching data across cloud environments?...
- Question 38: Which concept provides the abstraction needed for resource p...
- Question 39: A certification target helps in the formation of a continuou...
- Question 40: An organization deploying the Cloud Control Matrix (CCM) to ...
- Question 41: Account design in the cloud should be driven by:...
- Question 42: The Cloud Computing Compliance Controls Catalogue (C5) frame...
- Question 43: What is the advantage of using dynamic application security ...
- Question 44: To qualify for CSA STAR attestation for a particular cloud s...
- Question 45: An organization has an ISMS implemented, following ISO 27001...
- Question 46: Which communication methods within a cloud environment must ...
- Question 47: In an organization, how are policy violations MOST likely to...
- Question 48: Which of the following statements are NOT requirements of go...
- Question 49: Which statement about compliance responsibilities and owners...
- Question 50: Why is a service type of network typically isolated on diffe...
- Question 51: Which statement best describes the impact of Cloud Computing...
- Question 52: Which of the following is a perceived advantage or disadvant...
- Question 53: The BEST method to report continuous assessment of a cloud p...
- Question 54: In all three cloud deployment models, (IaaS, PaaS, and SaaS)...
- Question 55: When developing a cloud compliance program, what is the PRIM...
- Question 56: Which of the following is the BEST control framework for a E...
- Question 57: Select the best definition of"compliance" from the options b...
- Question 58: What is the newer application development methodology and ph...
- Question 59: In which type of environment is it impractical to allow the ...
- Question 60: Which of the following would be the MOST critical finding of...
- Question 61: Who is responsible for the security of the physical infrastr...
- Question 62: How does virtualized storage help avoid data loss if a drive...
- Question 63: An audit has identified that business units have purchased c...
- Question 64: Which of the following contract terms is necessary to meet a...
- Question 65: Which of the following configuration change controls is acce...
- Question 66: The criteria for limiting services allowing non-critical ser...
- Question 67: As a developer building codes into a container in a DevSecOp...
- Question 68: Which of the following parties should have accountability fo...
- Question 69: What is known as a code execution environment running within...
- Question 70: The BEST way to deliver continuous compliance in a cloud env...
- Question 71: What is true of security as it relates to cloud network infr...
- Question 72: Due to cloud audit team resource constraints, an audit plan ...
- Question 73: When reviewing a third-party agreement with a cloud service ...
