ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CCAK All Questions

View all questions & answers for the CCAK exam
Go to Exam

Exam CCAK topic 1 question 48 discussion

Actual exam question from Isaca's CCAK
Question #: 48
Topic #: 1
[All CCAK Questions]

During an audit it was identified that a critical application hosted in an off-premises cloud is not part of the organization’s DRP (Disaster Recovery Plan). Management stated that it is responsible for ensuring that the cloud service provider (CSP) has a plan that is tested annually. What should be the auditor’s NEXT course of action?

  • A. Review the CSP audit reports.
  • B. Review the security white paper of the CSP.
  • C. Review the contract and DR capability.
  • D. Plan an audit of the CSP.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by PCTAN at Oct. 30, 2022, 11:43 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
KarthikeyanTK
Highly Voted 2 years, 1 month ago
Selected Answer: A
As per CCAK page 335, if BCP/ DR is outsourced, CSP to provide latest assurance report
upvoted 5 times
osys
1 year, 1 month ago
it is not outsourced, Management stated
upvoted 2 times
...
...
Auditor2020
Most Recent 3 months, 3 weeks ago
Selected Answer: C
C. Review the contract and DR capability. The auditor should first review the contract and the disaster recovery (DR) capability to understand the specific terms and commitments made by the cloud service provider (CSP) regarding disaster recovery. This includes verifying whether the CSP has a tested DR plan, the responsibilities of both the organization and the CSP, and any related service level agreements (SLAs). This step is crucial to ensure that all necessary DR measures are in place and are compliant with the organization's requirements and expectations.
upvoted 1 times
...
ats20
1 year, 2 months ago
Selected Answer: C
Agreed C
upvoted 2 times
...
AlfredP
1 year, 7 months ago
C, as stated in CCAK-329.
upvoted 1 times
...
YellowSky002
1 year, 7 months ago
Selected Answer: C
I go with C
upvoted 1 times
...
ME79
1 year, 11 months ago
Selected Answer: C
The answer to the question is C. The auditor's NEXT course of action should be to review the contract and DR capability. This information can be found on page 329 of the Certificate of Cloud Auditing Knowledge Study Guide. "Does the CSP BC/DR plan meet the customer SLA requirements?" This implies that reviewing the contract and DR capability would be a good next step for the auditor, as it would help determine if the CSP's plan meets the organization's requirements.
upvoted 2 times
...
PCTAN
2 years, 4 months ago
Should be A
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago