ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CCAK All Questions

View all questions & answers for the CCAK exam
Go to Exam

Exam CCAK topic 1 question 242 discussion

Actual exam question from Isaca's CCAK
Question #: 242
Topic #: 1
[All CCAK Questions]

An auditor is reviewing an organization's virtual machines (VMs) hosted in the cloud. The organization utilizes a configuration management (CM) tool to enforce password policies on its VMs. Which of the following is the BEST approach for the auditor to use to review the operating effectiveness of the password requirement?

  • A. The auditor should not rely on the CM tool and its settings, and for thoroughness should review the password configuration on the set of sample VMs.
  • B. Review the relevant configuration settings on the CM tool and check whether the CM tool agents are operating effectively on the sample VMs.
  • C. As it is an automated environment, reviewing the relevant configuration settings on the CM tool would be sufficient.
  • D. Review the incident records for any incidents relating to brute force attacks or password compromise in the last 12 months and investigate whether the root cause of the incidents was due to inappropriate password policy configured on the VMs.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Auditor2020 at March 28, 2025, 4:26 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Auditor2020
5 days, 21 hours ago
Selected Answer: B
B. Review the relevant configuration settings on the CM tool and check whether the CM tool agents are operating effectively on the sample VMs. This approach is the most comprehensive for assessing the operating effectiveness of the password policies enforced by the CM tool. By reviewing the configuration settings on the CM tool, the auditor can verify that the correct password policies are defined. Additionally, by checking the operation of the CM tool agents on a sample of VMs, the auditor can ensure that these policies are being correctly applied and enforced. This dual approach provides assurance that the CM tool is functioning as intended and that the VMs adhere to the organization's password requirements.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago