FreeCram
  1. Home
  2. ISACA
  3. Certificate of Cloud Auditing Knowledge
  4. ISACA.CCAK.v2022-05-30.q44
  5. Question 20
<< Prev Question Next Question >>

Question 20/44

A CSP contracts for a penetration test to be conducted on its infrastructures. The auditor engages the target with no prior knowledge of its defenses, assets, or channels. The CSP's security operation center is not notified in advance of the scope of the audit and the test vectors. Which mode is selected by the CSP?

LEAVE A REPLY

Your email address will not be published. Required fields are marked *

Question List (44q)
Question 1: You have been assigned the implementation of an ISMS, whose ...
Question 2: Which of the following activities are part of the implementa...
Question 3: Which of the following would be considered as a factor to tr...
Question 4: Due to cloud audit team resource constraints, an audit plan ...
Question 5: When developing a cloud compliance program, what is the PRIM...
Question 6: To ensure that cloud audit resources deliver the best value ...
Question 7: Which of the following is the MOST important audit scope doc...
Question 8: Which of the following is a corrective control that may be i...
Question 9: A certification target helps in the formation of a continuou...
Question 10: SAST testing is performed by:
Question 11: As a developer building codes into a container in a DevSecOp...
Question 12: Which of the following is the BEST way for a client to enfor...
Question 13: Account design in the cloud should be driven by:...
Question 14: Which of the following is a cloud-native solution designed t...
Question 15: When performing audits in relation to Business Continuity Ma...
Question 16: Which of the following CSP activities requires a client's ap...
Question 17: Which of the following standards is designed to be used by o...
Question 18: Under GDPR, an organization should report a data breach with...
Question 19: To assist an organization with planning a cloud migration st...
Question 20: A CSP contracts for a penetration test to be conducted on it...
Question 21: Which objective is MOST appropriate to measure the effective...
Question 22: The rapid and dynamic rate of changes found in a cloud envir...
Question 23: Which of the following cloud models prohibits penetration te...
Question 24: A large organization with subsidiaries in multiple locations...
Question 25: The Cloud Computing Compliance Controls Catalogue (C5) frame...
Question 26: What should be the auditor's PRIMARY objective while examini...
Question 27: In cloud computing, with whom does the responsibility and ac...
Question 28: Which of the following would give an auditor the BEST view o...
Question 29: What data center and physical security measures should a clo...
Question 30: Which of the following key stakeholders should be identified...
Question 31: Which of the following approaches encompasses social enginee...
Question 32: Cloud Control Matrix (CCM) controls can be used by cloud cus...
Question 33: Within an organization, which of the following functions sho...
Question 34: Which of the following metrics are frequently immature?...
Question 35: From the perspective of a senior cloud security audit practi...
Question 36: An auditor is performing an audit on behalf of a cloud custo...
Question 37: Which of the following is the MOST feasible way to validate ...
Question 38: With regard to the Cloud Control Matrix (CCM), the 'Architec...
Question 39: An independent contractor is assessing security maturity of ...
Question 40: During an audit it was identified that a critical applicatio...
Question 41: When building a cloud governance model, which of the followi...
Question 42: What should be an organization's control audit schedule of a...
Question 43: Which of the following is a fundamental concept of FedRAMP t...
Question 44: Which of the following should be the FIRST step to establish...