Download WGU C838 MANAGING CLOUD SECURITY FINAL EXAM and more Exams Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!
WGU C838 MANAGING CLOUD SECURITY FINAL EXAM
OA ACTUAL EXAM 202 6 QUESTIONS AND VERIFIED
ANSWERS (DETAILED & ELABORATED)!!
What are the 4 characteristics of cloud computing? - CORRECT ANSWER >>> Broad network access On-demand services Resource Pooling Measured or "metered" service What NIST publication number defines cloud computing? - CORRECT ANSWER >>> 800 - 145 What ISO/IEC standard provides information on cloud computing? - CORRECT ANSWER >>> 17788 What is another way of describing a functional business requirement? - CORRECT ANSWER >>> necessary What is another way of describing a nonfunctional business requirement? - CORRECT ANSWER >>> not necessary What is the greatest driver pushing orgs to the cloud? - CORRECT ANSWER >>> Cost savings What is cloud bursting? - CORRECT ANSWER >>> Ability to increase available cloud resources on demand
What are 3 characteristics of cloud computing? - CORRECT ANSWER >>> Elasticity Simplicity Scalability What is a cloud customer? - CORRECT ANSWER >>> Anyone purchasing cloud services What is a cloud user? - CORRECT ANSWER >>> Anyone using cloud services What are the three cloud computing service models? - CORRECT ANSWER >>> SaaS(Software as a service) PaaS(Platform as a service) IaaS(Infrastructure as a service) What is IaaS (Infrastructure as a Service)? - CORRECT ANSWER >>> Cloud provider provides all the physical capability and administration, while the customer is responsible for logical resources. What is PaaS (Platform as a Service)? - CORRECT ANSWER >>> A cloud computing service that provides the hardware and the operating system and is responsible for updating and maintaining both. What is SaaS (Software As A Service)? - CORRECT ANSWER >>> Cloud provider manages everything. What are the four cloud deployment models? - CORRECT ANSWER >>> Public Private Community
What is a cloud architect? - CORRECT ANSWER >>> Expert in cloud computing What is cloud os also known as? - CORRECT ANSWER >>> PaaS NIST standard number that lists accredited and outmoded cryptosystems - CORRECT ANSWER >>> FIPS 140- 2 customer may be unable to leave, migrate, or transfer to an alternate provider due to technical or non-technical constraints. - CORRECT ANSWER >>> vendor lock-m What is cloud migration? - CORRECT ANSWER >>> Process of transitioning part of a company's data or services from onsite premises to the cloud What is cloud portability? - CORRECT ANSWER >>> Move applications and data between cloud providers What offers a degree of assurance that nobody w/o authorization will be able to access other's data? - CORRECT ANSWER >>> Encryption If a cloud customer wants a secure, isolated sandbox in order to conduct software development and testing, which cloud service model would probably be best? - CORRECT ANSWER >>> PaaS What technology has NOT made cloud service viable? - CORRECT ANSWER >>> Smart hubs What determines the critical paths, processes, and assets of an organization? - CORRECT
ANSWER >>> BIA
Fully-operational environment with very little maintenance or administration necessary, which cloud service model would probably be best? - CORRECT ANSWER >>> PaaS customer is unable to recover or access their own data due to the cloud provider going into bankruptcy or otherwise leaving the market. - CORRECT ANSWER >>> Vendor lock-out What are four examples of things to know to decide how to handle risks within an org? - CORRECT ANSWER >>> Inventory of all assets Valuation of each asset Critical paths, processes, and assets Clear understanding of risk appetite T/F: Assets are only tangible items. - CORRECT ANSWER >>> False. Assets are everything owned or controlled by an org. The process of evaluating assets? - CORRECT ANSWER >>> Business Impact Analysis(BIA) What is criticality? - CORRECT ANSWER >>> Something an org could not operate or exist without What are 5 examples of criticality for an org - CORRECT ANSWER >>> Tangible assets Intangible assets Processes Data paths Personnel
What should encryption be used for in a cloud datacenter? - CORRECT ANSWER >>> Longterm storage/archiving Protecting near-term stored files, such as snapshots of virtualized instances Preventing unauthorized access to specific datasets by authorized personnel What should encryption be used for in communications between cloud providers and users? - CORRECT ANSWER >>> Creating secure sessions Ensuring the integrity and confidentiality of data in transit What are 4 controls/mechanisms a cloud provider should play a role in in layered defense? - CORRECT ANSWER >>> Strong personnel controls Technological controls Physical controls Governance mechanisms In cloud layered defense what are examples of personnel controls? - CORRECT ANSWER >>> background checks continual monitoring In cloud layered defense what are examples of technological controls? - CORRECT ANSWER >>> encryption event logging access control enforcement In cloud layered defense what is an examples of physical controls? - CORRECT ANSWER >>> access to overall campus
In cloud layered defense what is an example of governance mechanisms? - CORRECT ANSWER >>> auditing What are ways for securing devices in a datacenter? - CORRECT ANSWER >>> Guess accounts removed no default passwords systems are patched, maintained and updated unused ports are closed limited physical access What is layered defense? - CORRECT ANSWER >>> The practice of having multiple overlapping means of securing the environment with a variety of methods Who determines risk appetite? - CORRECT ANSWER >>> senior management Experimental technology of processing encrypted data w/o decrypting it first? - CORRECT ANSWER >>> Homomorphic T/F: Data owners remain legally responsible for all data they own - CORRECT ANSWER >>> True What are four ways an org might categorize data? - CORRECT ANSWER >>> Regulatory compliance business function function unit by project What are three examples of classification? - CORRECT ANSWER >>> sensitivity jurisdiction criticality What is a data owner? - CORRECT ANSWER >>> Collects or creates the data, and possesses the rights and responsibilities of the data
What data discovery method is used to locate and identify specific kinds of data by delving into the datasets? - CORRECT ANSWER >>> Content-based What data discovery method is used to create new data feeds from sets of data already existing within the environment? - CORRECT ANSWER >>> data analytics T/F: Being in the cloud means organization may not be subject to many legal constructs simultaneously. - CORRECT ANSWER >>> False T/F: Awareness and compliance with specific jurisdictions are challenges of cloud computing. - CORRECT ANSWER >>> True T/F: Cloud user is responsible for managing virtualized images, stored data, and operational data. - CORRECT ANSWER >>> False T/F: Cloud user is unaware about that where the data is exactly present at the moment in terms of both datacenters and geographic locations. - CORRECT ANSWER >>> True What are four examples of Fair Use under copyright laws? - CORRECT ANSWER >>> Academic Critique News Reporting Scholarly Research What are five examples of exceptions under copyright laws? - CORRECT ANSWER >>> Fair use satire library preservation
personal backup versions for people with physical disabilities What is copyright? - CORRECT ANSWER >>> protection of written material or ideas What is a trademark? - CORRECT ANSWER >>> a symbol, word, or words legally registered or established by use as representing a company or product. What is a patent? - CORRECT ANSWER >>> legal mechanism for protecting intellectual property in the form of inventions, processes, materials, decorations, and plant life What are trade secrets? - CORRECT ANSWER >>> Any form of knowledge or info that has economic value from not being known to others, or readily ascertainable by proper means and has been the subject of reasonable efforts by the owner to maintain secrecy What are rudimentary reference checks? - CORRECT ANSWER >>> Content itself can automatically check for proper usage or ownership What is the presence of licensed media? - CORRECT ANSWER >>> DRM engine on the media identifies the unique disk What are online reference checks? - CORRECT ANSWER >>> Product key What is support-based licensing? - CORRECT ANSWER >>> the need for continual help for content
data retention policy: applicable regulation - CORRECT ANSWER >>> senior management's decision to resolve conflict in policy What is jurisdiction? - CORRECT ANSWER >>> geophysical location of the source or storage point of the data might have significant bearing on how that data is treated and handled What is a data audit? - CORRECT ANSWER >>> A powerful tool to regularly review, inventory, and inspect usage and condition of the information that an organization owns. What does copyright not protect? - CORRECT ANSWER >>> ideas, facts, titles, names, short phrases, blank forms Who is the data processor in the cloud motif? - CORRECT ANSWER >>> Cloud provider What isn't included in data labels? - CORRECT ANSWER >>> Data value What is the intellectual property protection for the tangible expression of a creative idea? - CORRECT ANSWER >>> Copyright What federal agency accepts applications for new patents? - CORRECT ANSWER >>> USPTO What is the intellectual property protection for a very valuable set of sales leads? - CORRECT ANSWER >>> Trade secret What is the intellectual property protection for a useful manufacturing innovation? - CORRECT ANSWER >>> Patent
What is the intellectual property protection for the tangible expression of a creative idea? - CORRECT ANSWER >>> Copyright Who is the data owner in a cloud motif? - CORRECT ANSWER >>> cloud customer What are 3 data analytic modes? - CORRECT ANSWER >>> Data Mining Agile business intelligence real-time analytics What are the 6 stages of the data life cycle? - CORRECT ANSWER >>> Create Store Use Share Archive Delete Data created should be _________ upon creation/upload - CORRECT ANSWER >>> encrypted new digital content is generated or existing content is modified - CORRECT ANSWER >>> create data is committed to a repository - CORRECT ANSWER >>> store data is viewed, processed, or otherwise in some sort of activity - CORRECT ANSWER >>> use information is made accessible to others - CORRECT ANSWER >>> share
What is a database? - CORRECT ANSWER >>> Provides some sort of structure for stored data; it is backend storage in the datacenter, accessed by users utilizing online apps What is a content delivery network? - CORRECT ANSWER >>> Acts as a form of data caching, usually near geophysical locations of high use demand, improves bandwidth and provides quality What are three levels of encryption related to databases? - CORRECT ANSWER >>> File- level Transparent application-level When the database is stored on a volume, what encryption type should be used? - CORRECT ANSWER >>> file-level When wanting to encrypt the entire database or specific portions of it, what type of encryption should be used? - CORRECT ANSWER >>> transparent When should application-level encryption be used with a database? - CORRECT ANSWER >>> compromised administrative accounts other database and application-level attacks What is tokenization? - CORRECT ANSWER >>> Practice of having two distinct databases: one with the live, actual sensitive data, and one with nonrepresentational tokens mapped to each piece of data What are the four goals of Security Information and Event Management(SIEM)? - CORRECT ANSWER >>> Centralize collection of log data enhanced analysis capabilities
dashboarding automated response What does DLP in egress monitoring stand for? - CORRECT ANSWER >>> data loss, leak prevention, and protection What are the four major goals of DLP? - CORRECT ANSWER >>> Additional security Policy Enforcement Enhanced Monitoring Regulatory compliance What is randomization - CORRECT ANSWER >>> replacement of data with random characters What is hasing? - CORRECT ANSWER >>> Using a one-way cryptographic function to create a digest of the original data What is shuffling - CORRECT ANSWER >>> Using different entries from within the same data set to represent the data What is masking? - CORRECT ANSWER >>> Hiding the data with useless characters What are nulls? - CORRECT ANSWER >>> deleting the raw data from the display before it is represented or displaying null What is key recovery? - CORRECT ANSWER >>> A procedure that involves multiple people, each with access to only a portion of the key
T/F: The customer is legally liable for their data even if the provider was negligent. - CORRECT ANSWER >>> True What is a private cloud? - CORRECT ANSWER >>> a cloud that is owned and operated by an organization for its own benefit. What are 5 risks private cloud owners face? - CORRECT ANSWER >>> Personnel threats Natural disasters External attacks regulatory noncompliance malware What are 3 risk associated with a community cloud? - CORRECT ANSWER >>> Resiliency through shared ownership Access and control lack of centralized standards What are the 3 main issues with a public cloud? - CORRECT ANSWER >>> vendor lock- in vendor lock-out multitenant environments What are 4 things to consider to avoid vender lock-in? - CORRECT ANSWER >>> Ensure favorable contract terms for portability Avoid proprietary formats Ensure no physical limitations to moving Check for regulatory constraints What are 4 factors to consider to avoid vender lock-out? - CORRECT ANSWER >>> Provider longevity Core competency
Jurisdictional suitability Supply chain dependencies Legislative environment What are 4 risks in a multitenant environment? - CORRECT ANSWER >>> Conflict of interest Privilege escalation Information bleed Legal activity What are 3 risks associated with Infrastructure as a Service(Iaas)? - CORRECT ANSWER >>> Personnel threats External threats Lack of specific skillsets what are 4 risks associated with Platform as a service(Paas)? - CORRECT ANSWER >>> Interoperability issues Persistent backdoors Virtualization Resource Sharing What are 3 risks associated with Software as a service(SaaS)? - CORRECT ANSWER >>> Proprietary formats Virtualization Web application security What are 4 risk with virtualization? - CORRECT ANSWER >>> Attacks on the hypervisor
