ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CCAK All Questions

View all questions & answers for the CCAK exam
Go to Exam

Exam CCAK topic 1 question 224 discussion

Actual exam question from Isaca's CCAK
Question #: 224
Topic #: 1
[All CCAK Questions]

When auditing a Software as a Service (SaaS) cloud service provider, which of the following observations would be of GREATEST concern to the auditor?

  • A. The provider was in breach of a couple of service level agreements (SLAs) in the past year.
  • B. The audit trails are available for 3-4 days and are typically overwritten as soon as the disk reaches its capacity.
  • C. Only an executive summary of the annual penetration testing report was made available by the provider for the review. It had details about the criticality of the vulnerabilities and the plan and timeline to mitigate them, but the detailed penetration testing report was not made available.
  • D. In case of a breach in the provider’s environment involving the organization's data, the provider sends the breach notification to the organization's breach notification shared mailbox that is documented in the service agreement.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Auditor2020 at March 27, 2025, 11:02 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Auditor2020
1 month, 2 weeks ago
Selected Answer: B
B. The audit trails are available for 3-4 days and are typically overwritten as soon as the disk reaches its capacity. This observation would be of the greatest concern because audit trails are essential for detecting and investigating security incidents, ensuring compliance, and maintaining accountability. If audit trails are only available for a very short period and are overwritten quickly, it severely limits the ability to perform effective audits, conduct forensic analysis, and meet compliance requirements. This could hinder the organization's ability to respond to incidents or demonstrate compliance with relevant regulations, posing significant risks to security and compliance.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago