← Back to exam page

CCAK Certificate of Cloud Auditing Knowledge

Loading demo links...

Showing 7–9 of 10 questions

Question 7

Which of the following is an example of a corrective control?

Select an option, then click Submit answer.

  • A central anti-virus system installing the latest signature files before allowing a connection to the network

  • Unsuccessful access attempts being automatically logged for investigation

  • Privileged access to critical information systems requiring a second factor of authentication using soft token

  • All new employees having standard access rights until their manager approves privileged rights
Question 8

What is the advantage of using dynamic application security testing (DAST) over static application security testing (SAST) methodology?

Select an option, then click Submit answer.

  • Unlike SAST, DAST is a blackbox and programming language agnostic.

  • DAST can dynamically integrate with most CI/CD tools.

  • DAST delivers more false positives than SAST.

  • DAST is slower but thorough.
Question 9

A Dot Release of Cloud Control Matrix (CCM) indicates what?

Select an option, then click Submit answer.

  • The introduction of new control frameworks mapped to previously-published CCM controls.

  • A revision of the CCM domain structure.

  • A technical change (revision or addition or deletion) of a number of controls is smaller than 10% compared to the previous “Full” release.

  • A technical change (revision or addition or deletion) of a number of controls is greater than 10% compared to the previous “Full” release.