Massive Black Friday Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

CCAK Questions and Answers

Question # 4

In all three cloud deployment models, (IaaS, PaaS, and SaaS), who is responsible for the patching of the hypervisor layer?

A.

Cloud service customer

B.

Shared responsibility

C.

Cloud service provider

D.

Patching on hypervisor layer is not required

Full Access
Question # 5

Which of the following would be the MOST critical finding of an application security and DevOps audit?

A.

The organization is not using a unified framework to integrate cloud compliance with regulatory requirements.

B.

Application architecture and configurations did not consider security measures.

C.

Outsourced cloud service interruption, breach or loss of data stored at the cloud service provider.

D.

Certifications with global security standards specific to cloud are not reviewed and the impact of noted findings are not assessed.

Full Access
Question # 6

Customer management interface, if compromised over public internet, can lead to:

A.

customer’s computing and data compromise.

B.

access to the RAM of neighboring cloud computer.

C.

ease of acquisition of cloud services.

D.

incomplete wiping of the data.

Full Access
Question # 7

When applying the Top Threats Analysis methodology following an incident, what is the scope of the technical impact identification step?

A.

Determine the impact on the controls that were selected by the organization to respond to identified risks.

B.

Determine the impact on confidentiality, integrity and availability of the information system.

C.

Determine the impact on the financial, operational, compliance and reputation of the organization.

D.

Determine the impact on the physical and environmental security of the organization, excluding informational assets.

Full Access
Question # 8

When migrating to a cloud environment, which of the following should be the PRIMARY driver for the use of encryption?

A.

Cloud Service Provider encryption capabilities

B.

The presence of PII

C.

Organizational security policies

D.

Cost-benefit analysis

Full Access
Question # 9

What is the advantage of using dynamic application security testing (DAST) over static application security testing (SAST) methodology?

A.

Unlike SAST, DAST is a blackbox and programming language agnostic.

B.

DAST can dynamically integrate with most CI/CD tools.

C.

DAST delivers more false positives than SAST.

D.

DAST is slower but thorough.

Full Access
Question # 10

The Open Certification Framework is structured on three levels of trust. Those three levels of trust are:

A.

CSA STAR Self-Assessment, STAR Certification & Attestation (Third-party Assessment), STAR Compliance

B.

CSA STAR Audit, STAR Certification & Attestation (Third-party Assessment), STAR Continuous

C.

CSA STAR Self-Assessment, STAR Certification & Attestation (Third-party Assessment), STAR Monitoring and Control

D.

CSA STAR Self-Assessment, STAR Certification & Attestation (Third-party Assessment), STAR Continuous

Full Access
Question # 11

In an organization, how are policy violations MOST likely to occur?

A.

By accident

B.

Deliberately by the ISP

C.

Deliberately

D.

Deliberately by the cloud provider

Full Access
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 30 Nov 2021