Isaca Certificate of Cloud Auditing Knowledge (CCAK) - Isaca Actual Exam Questions
Last updated on April 30, 2026
Which of the following BEST describes the difference between a Type 1 and a Type 2 SOC report?
A Type 2 SOC report validates the operating effectiveness of controls, whereas a Type 1 SOC report validates the suitability of the design of the controls.
A Type 1 SOC report provides an attestation, whereas a Type 2 SOC report offers a certification.
A Type 2 SOC report validates the suitability of the control design, whereas a Type 1 SOC report validates the operating effectiveness of controls.
There is no difference between a Type 2 and a Type 1 SOC report.
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
To promote the adoption of secure cloud services across the federal government by
To providing a standardized approach to security and risk assessment
To provide agencies of the federal government a dedicated tool to certify Authority to Operate (ATO)
To enable 3PAOs to perform independent security assessments of cloud service providers
To publish a comprehensive and official framework for the secure implementation of controls for cloud security
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
Which of the following provides the BEST evidence that a cloud service provider's continuous integration and continuous delivery (CI/CD) development pipeline includes checks for compliance as new features are added to its Software as a Service (SaaS) applications?
Compliance tests are automated and integrated within the Cl tool.
Developers keep credentials outside the code base and in a secure repository.
Frequent compliance checks are performed for development environments.
Third-party security libraries are continuously kept up to date.
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
Which of the following enables auditors to conduct gap analyses of what a cloud service provider offers versus what the customer requires?
Using a standardized control framework
The experience gained over the years
Understanding the customer risk profile
The as-is and to-be enterprise architecture (EA
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
In cloud computing, which KEY subject area relies on measurement results and metrics?
Software as a Service (SaaS) application services
Infrastructure as a Service (IaaS) storage and network
Platform as a Service (PaaS) development environment
Service level agreements (SLAs)
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
Finish Practice?
Are you sure you want to finish? This will end your practice session.