ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CCAK All Questions

View all questions & answers for the CCAK exam
Go to Exam

Exam CCAK topic 1 question 185 discussion

Actual exam question from Isaca's CCAK
Question #: 185
Topic #: 1
[All CCAK Questions]

From a compliance perspective, which of the following artifacts should an assessor review when evaluating the effectiveness of Infrastructure as Code deployments?

  • A. SOC reports
  • B. Logs
  • C. Evaluation summaries
  • D. Interviews
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by ats20 at Dec. 21, 2023, 1:37 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Auditor2020
1 month, 2 weeks ago
Selected Answer: B
When evaluating the effectiveness of Infrastructure as Code (IaC) deployments from a compliance perspective, an assessor should most notably review: B. Logs Logs are crucial artifacts for assessing compliance because they provide detailed records of actions and events that occur within systems. They can offer insights into whether IaC deployments are being executed as intended, help identify any deviations from expected configurations, and ensure that compliance requirements are being met consistently. Logs can also demonstrate the adherence to security policies, traceability, and accountability within the infrastructure management process. While SOC reports, evaluation summaries, and interviews provide valuable information, logs offer the most direct evidence of deployment activities and are key for understanding ongoing operational effectiveness and compliance adherence in IaC contexts.
upvoted 1 times
...
sai_murthy
9 months ago
Selected Answer: B
CCAK P#300 In a mature cloud environment, policies are often translated into code as opposed to just being text documents. Likewise, the controls need to verify that the policy is effectively implemented. So, policies and controls are directly implemented in the system in a (semi) automated fashion. From the cloud compliance program perspective, most of the evaluation on the suitability of policy to effectively manage the risk and align with the governance goal is done via the analysis of audit trails (e.g., logs). Logging of activities takes place alongside the development, delivery and integration pipelines to determine who has done what, who has approved what, when something has been tested, when a certain change has occurred, etc. The logs are not the only evidence the assessor will rely upon, but their role is much more central than before.
upvoted 3 times
...
ats20
10 months, 3 weeks ago
Selected Answer: A
When evaluating the effectiveness of Infrastructure as Code (IaC) deployments from a compliance perspective, an assessor should review SOC reports. SOC reports are independent third-party assessments of an organization’s internal controls and are used to evaluate the effectiveness of an organization’s security, availability, processing integrity, confidentiality, and privacy controls.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago