Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CCAK All Questions

View all questions & answers for the CCAK exam
Go to Exam

Exam CCAK topic 1 question 191 discussion

Actual exam question from Isaca's CCAK
Question #: 191
Topic #: 1
[All CCAK Questions]

A cloud service customer is looking to subscribe to a finance solution provided by a cloud service provider. The provider has clarified that the audit logs cannot be taken out of the cloud environment by the customer to its security information and event management (SIEM) solution for monitoring purposes. Which of the following should be the GREATEST concern to the auditor?

  • A. The provider does not maintain audit logs in their environment.
  • B. The customer cannot monitor its cloud subscription on its own and must rely on the provider for monitoring purposes.
  • C. The audit logs are overwritten every 30 days, and all past audit trail is lost.
  • D. The audit trails are backed up regularly, but the backup is not encrypted.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by sai_murthy at Feb. 15, 2024, 1:10 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
4f2a581
3 months, 3 weeks ago
Answer is C
upvoted 2 times
...
sai_murthy
9 months, 1 week ago
Selected Answer: B
CCAK P# 197 Cloud infrastructures are rapidly evolving, and new concepts and technologies, such as serverless, are being adopted. Serverless technologies have redefined the attribution of the security responsibilities between IaaS and PaaS and SaaS, and between the CSP and customer. Following are examples of measures an organization should have in place to mitigate the risk related to infrastructure and virtualization management. Establish, implement, enforce and maintain policies and procedures to ensure the security, retention and access control of audit logs. Continuously monitor security audit logs to detect anomalies, and take appropriate action. Monitor, encrypt and restrict communications between environments to authenticated and authorized connections.
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel