exam questions

Exam CCAK All Questions

View all questions & answers for the CCAK exam

Exam CCAK topic 1 question 47 discussion

Actual exam question from Isaca's CCAK
Question #: 47
Topic #: 1
[All CCAK Questions]

Since CCM allows cloud customers to build a detailed list of requirements and controls to be implemented by the CSP as part of their overall third-party risk management and procurement program, will CCM alone be enough to define all the items to be considered when operating/using cloud services?

  • A. No. CCM must be completed with definitions established by the CSP because of its relevance to service continuity.
  • B. Yes. CCM suffices since it maps a huge library of widely accepted frameworks.
  • C. Yes. When implemented in the right manner, CCM alone can help to measure, assess and monitor the risk associated with a CSP or a particular service.
  • D. No. CCM can serve as a foundation for a cloud assessment program, but it needs to be completed with requirements applicable to each company.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
bportuguez
Highly Voted 2 years, 3 months ago
Selected Answer: D
Shoud be D. The CCM allows cloud customers to build a detailed list of requirements and controls they want their CSP to implement as part of their overall third-party risk management and procurement program. It also helps normalize security expectations, provide a cloud taxonomy, and improve understanding of the security measures implemented in the cloud supply chain.
upvoted 5 times
...
Auditor2020
Most Recent 3 months, 3 weeks ago
Selected Answer: D
D. No. CCM can serve as a foundation for a cloud assessment program, but it needs to be completed with requirements applicable to each company. While the Cloud Controls Matrix (CCM) provides a comprehensive framework for cloud security and helps in building a detailed list of requirements and controls, it should be supplemented with specific requirements tailored to each company's unique needs and regulatory environment. This ensures a more accurate and comprehensive risk assessment and management strategy.
upvoted 1 times
...
osys
1 year, 1 month ago
CCM doesn't have GDPR so D
upvoted 1 times
...
ats20
1 year, 2 months ago
Selected Answer: D
Agreed D
upvoted 1 times
...
AlfredP
1 year, 7 months ago
Agree with both above voters.
upvoted 1 times
...
YellowSky002
1 year, 7 months ago
Selected Answer: D
I go with D
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago