Isaca Certificate of Cloud Auditing Knowledge CCAK Question # 34 Topic 4 Discussion

CCAK Exam Topic 4 Question 34 Discussion:

Question #: 34

Topic #: 4

After finding a vulnerability in an Internet-facing server of an organization, a cybersecurity criminal is able to access an encrypted file system and successfully manages to overwrite parts of some files with random data. In reference to the Top Threats Analysis methodology, how would the technical impact of this incident be categorized?

As an availability breach

As a control breach

As a confidentiality breach

As an integrity breach

Get Premium CCAK Questions

Explanation

The technical impact of this incident would be categorized as an integrity breach in reference to the Top Threats Analysis methodology. The Top Threats Analysis methodology is a process developed by the Cloud Security Alliance (CSA) to help organizations identify, analyze, and mitigate the top threats to cloud computing, as defined in the CSA Top Threats reports. The methodology consists of six steps: scope definition, threat identification, technical impact identification, business impact identification, risk assessment, and risk treatment. Each of these provides different insights and visibility into the organization’s security posture.1

The technical impact identification step involves determining the impact on confidentiality, integrity, and availability of the information system caused by each threat. Confidentiality refers to the protection of data from unauthorized access or disclosure. Integrity refers to the protection of data from unauthorized modification or deletion. Availability refers to the protection of data and services from disruption or denial.2

An integrity breach occurs when a threat compromises the accuracy and consistency of the data or system. An integrity breach can result in data corruption, falsification, or manipulation, which can affect the reliability and trustworthiness of the data or system. An integrity breach can also have serious consequences for the business operations and decisions that depend on the data or system.3

In this case, the cybersecurity criminal was able to access an encrypted file system and overwrite parts of some files with random data. This means that the data in those files was altered without authorization and became unusable or invalid. This is a clear example of an integrity breach, as it violated the principle of ensuring that data is accurate and consistent throughout its lifecycle.4

References := CCAK Study Guide, Chapter 4: A Threat Analysis Methodology for Cloud Using CCM, page 811; What is CIA Triad? Definition and Examples2; Data Integrity vs Data Security: What’s The Difference?3; Data Integrity: Definition & Examples

Actual exam question for Isaca CCAK exam by Rune5751 at Aug 3, 2025, 12:00:00 AM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Isaca Certificate of Cloud Auditing Knowledge CCAK Question # 34 Topic 4 Discussion

Isaca Certificate of Cloud Auditing Knowledge CCAK Question # 34 Topic 4 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Isaca Certificate of Cloud Auditing Knowledge CCAK Question # 34 Topic 4 Discussion

Isaca Certificate of Cloud Auditing Knowledge CCAK Question # 34 Topic 4 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval