exam questions

Exam CCAK All Questions

View all questions & answers for the CCAK exam

Exam CCAK topic 1 question 32 discussion

Actual exam question from Isaca's CCAK
Question #: 32
Topic #: 1
[All CCAK Questions]

An independent contractor is assessing security maturity of a SaaS company against industry standards. The SaaS company has developed and hosted all their products using the cloud services provided by a third-party cloud service provider (CSP). What is the optimal and most efficient mechanism to assess the controls CSP is responsible for?

  • A. Review third-party audit reports.
  • B. Review CSP’s published questionnaires.
  • C. Directly audit the CSP.
  • D. Send supplier questionnaire to the CSP.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Auditor2020
3 months, 3 weeks ago
Selected Answer: A
A. Review third-party audit reports. Reviewing third-party audit reports, such as SOC 2 or ISO 27001 certification reports, is the optimal and most efficient mechanism to assess the controls that the CSP is responsible for. These reports are conducted by independent auditors and provide a comprehensive assessment of the CSP's controls, saving time and resources compared to directly auditing the CSP or sending questionnaires.
upvoted 1 times
...
vsgsds
1 year, 1 month ago
Page 272 - In SaaS, the customer is responsible only for the security of data, therefore the assessors will largely focus on the compliance offered by the CSP via third-party reports, certifications and attestations.
upvoted 1 times
...
ats20
1 year, 2 months ago
Selected Answer: A
To assess the controls that the third-party cloud service provider (CSP) is responsible for, the optimal and most efficient mechanism is to review third-party audit reports. These reports provide an independent assessment of the CSP’s security controls and can help the independent contractor evaluate the effectiveness of the CSP’s security program. Reviewing the CSP’s published questionnaires can also provide valuable insights into the CSP’s security controls. However, these questionnaires may not provide a comprehensive view of the CSP’s security program.
upvoted 1 times
...
bala18679
2 years ago
Sounds to be B
upvoted 1 times
...
KarthikeyanTK
2 years, 1 month ago
Selected Answer: A
Page 272 says for SaaS auditors can review third party audit reports.
upvoted 3 times
...
Ghac101
2 years, 3 months ago
Selected Answer: A
Should be A
upvoted 1 times
DawnMBentley
2 years, 1 month ago
audit reports aren't always available to the public
upvoted 2 times
Kolusanya
2 years ago
Correct answer appears to be B
upvoted 3 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago