Certificate of Cloud Auditing Knowledge (CCAK) Practice Exam
The Certificate of Cloud Auditing Knowledge (CCAK) is a joint certification offered by the Cloud Security Alliance (CSA®) and ISACA®. It's the first of its kind to focus on the essential principles of auditing cloud computing systems. Earning the CCAK credential validates your understanding in -
- Cloud-specific audit considerations compared to traditional IT infrastructure
- Risk management in the cloud environment
- Cloud security best practices from an audit perspective
- Compliance requirements applicable to cloud services
Who Should Pursue the CCAK?
This certification is ideal for various professionals involved in cloud security and auditing:
- Internal and External Auditors: Gaining expertise in auditing cloud deployments and controls.
- IT Security Professionals: Expanding their knowledge of cloud security risks and audit procedures.
- Cloud Architects and Engineers: Understanding audit requirements to design more secure cloud solutions.
- Compliance Professionals: Ensuring their organization's cloud adoption adheres to relevant regulations.
There are no formal prerequisites for taking the CCAK exam. However, a basic understanding of IT audit principles and cloud computing concepts would be beneficial.
Exam Details
- Format: Multiple-choice questions
- Delivery: Online proctored exam
- Duration: 2 hours
- Passing Score: around 70%
- Language: English
Course Outline
The Certificate of Cloud Auditing Knowledge (CCAK) exam covers the following modules:
MODULE 1 – Cloud Governance
- Overview of governance
- Cloud assurance
- Cloud governance frameworks
- Cloud risk management
- Cloud governance tools
MODULE 2 – Cloud Compliance Program
- Designing a cloud compliance program
- Building a cloud compliance program
- Legal and regulatory requirements
- Standards and security frameworks
- Identifying controls and measuring the effectiveness
- CSA certification, attestation, and validation
MODULE 3 – CCM and CAIQ Goals, Objectives, and Structure
- CCM
- CAIQ
- Relationship to standards: mappings and gap analysis
- The transition from CCM V3.0.1 to CCM V4
MODULE 4 – A Threat Analysis Methodology for Cloud Using CCM
- Definitions and purpose
- Attack details and impacts
- Mitigating controls and metrics
- Use case
MODULE 5 – Evaluating a Cloud Compliance Program
- Evaluation approach
- A governance perspective
- Legal, regulatory, and standards perspectives
- Risk perspectives
- Services changes implications
- The need for continuous assurance/continuous compliance
MODULE 6 – Cloud Auditing
- Audit characteristics, criteria & principles
- Auditing standards for cloud computing
- Auditing an on-premises environment vs. cloud
- Differences in assessing cloud services and cloud delivery models
- Cloud audit building, planning, and execution
MODULE 7 – CCM: Auditing Controls
- CCM audit scoping guidance
- CCM risk evaluation guide
- CCM audit workbook
- CCM is an auditing example
MODULE 8 – Continuous Assurance and Compliance
- DevOps and DevSecOps
- Auditing CI/CD pipelines
- DevSecOps automation and maturity
MODULE 9 – STAR Program
- The standard for security and privacy
- Open Certification Framework
- STAR Registry
- STAR Level 1
- STAR Level 2
- STAR Level 3