Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CCAK All Questions

View all questions & answers for the CCAK exam
Go to Exam

Exam CCAK topic 1 question 22 discussion

Actual exam question from Isaca's CCAK
Question #: 22
Topic #: 1
[All CCAK Questions]

While performing the audit, the auditor found that an object storage bucket containing PII could be accessed by anyone on the Internet. Given this discovery, what should be the most appropriate action for the auditor to perform?

  • A. Highlighting the gap to the audit sponsor at the sponsor’s earliest possible availability
  • B. Asking the organization’s cloud administrator to immediately close the gap by updating the configuration settings and making the object storage bucket private and hence inaccessible from the Internet
  • C. Documenting the finding in the audit report and sharing the gap with the relevant stakeholders
  • D. Informing the organization’s internal audit manager immediately about the gap
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by CyberE9 at Dec. 7, 2022, 2:35 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
KarthikeyanTK
Highly Voted 1 year, 10 months ago
As per CCAK guide notify the relevant stakeholder immediately
upvoted 5 times
osys
9 months, 1 week ago
correct, especially when PII is involved
upvoted 1 times
...
...
STARBOY79
Most Recent 2 weeks, 4 days ago
Imagine if the audit will end in months, do you wait till end of that period to then document in your report? i think because of the urgency involved, it must be escalated to the sponsor for immediate corrective action, and then later documented in the report even if it is resolved, hence A
upvoted 1 times
...
sai_murthy
9 months, 1 week ago
CCAK Guide P# 289 - Answer is A. The first type of escalation occurs during the audit work when the auditor identifies an issue of material risk that is time-sensitive (e.g., a publicly readable S3 storage bucket containing customer PII). Regardless of whether the issue is resolved at the time or whether it is in scope, the auditor would communicate this issue to the client. If it is about material noncompliance with a legal or regulatory matter, it may need to be escalated to the relevant authority. It is strongly recommended to solicit specialist advice before doing this.
upvoted 1 times
...
survivalkit
1 year, 7 months ago
C is the right answer, always have to document everything and let relevant stakeholders know
upvoted 3 times
...
bala18679
1 year, 8 months ago
C is more appropriate process than A
upvoted 3 times
...
Ghac101
1 year, 11 months ago
I would say remediate asap
upvoted 1 times
...
CyberE9
1 year, 11 months ago
Why would this not be A?
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel