Download WGU C838 MANAGING CLOUD SECURITY and more Exams Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!
WGU C838 MANAGING CLOUD SECURITY
FINAL EXAM 2026 OA 100+ STRUCTURED
QUESTIONS AND ANSWERS LATEST
AGRADE
What are the 4 characteristics of cloud computing? - ANSWER>>Broad network access On-demand services Resource Pooling Measured or "metered" service What NIST publication number defines cloud computing? - ANSWER>> 800 - 145 What ISO/IEC standard provides information on cloud computing? - ANSWER>> 17788 What is another way of describing a functional business requirement? - ANSWER>>necessary What is another way of describing a nonfunctional business requirement? - ANSWER>>not necessary What is the greatest driver pushing orgs to the cloud? - ANSWER>>Cost savings What is cloud bursting? - ANSWER>>Ability to increase available cloud resources on demand What are 3 characteristics of cloud computing? - ANSWER>>Elasticity Simplicity
Scalability What is a cloud customer? - ANSWER>>Anyone purchasing cloud services What is a cloud user? - ANSWER>>Anyone using cloud services What are the three cloud computing service models? - ANSWER>>SaaS(Software as a service) PaaS(Platform as a service) IaaS(Infrastructure as a service) What is IaaS (Infrastructure as a Service)? - ANSWER>>Cloud provider provides all the physical capability and administration, while the customer is responsible for logical resources. What is PaaS (Platform as a Service)? - ANSWER>>A cloud computing service that provides the hardware and the operating system and is responsible for updating and maintaining both. What is SaaS (Software As A Service)? - ANSWER>>Cloud provider manages everything. What are the four cloud deployment models? - ANSWER>>Public Private Community Hybrid What cloud model is owned by a single organization? - ANSWER>>Private
ANSWER>>FIPS 140- 2
customer may be unable to leave, migrate, or transfer to an alternate provider due to technical or non-technical constraints. - ANSWER>>vendor lock-m What is cloud migration? - ANSWER>>Process of transitioning part of a company's data or services from onsite premises to the cloud What is cloud portability? - ANSWER>>Move applications and data between cloud providers What offers a degree of assurance that nobody w/o authorization will be able to access other's data? - ANSWER>>Encryption If a cloud customer wants a secure, isolated sandbox in order to conduct software development and testing, which cloud service model would probably be best? - ANSWER>>PaaS What technology has NOT made cloud service viable? - ANSWER>>Smart hubs What determines the critical paths, processes, and assets of an organization? - ANSWER>>BIA Fully-operational environment with very little maintenance or administration necessary, which cloud service model would probably be best? - ANSWER>>PaaS customer is unable to recover or access their own data due to the cloud provider going into bankruptcy or otherwise leaving the market. - ANSWER>>Vendor lock-out What are four examples of things to know to decide how to handle risks within an org? -
ANSWER>>Inventory of all assets Valuation of each asset Critical paths, processes, and assets Clear understanding of risk appetite T/F: Assets are only tangible items. - ANSWER>>False. Assets are everything owned or controlled by an org. The process of evaluating assets? - ANSWER>>Business Impact Analysis(BIA) What is criticality? - ANSWER>>Something an org could not operate or exist without What are 5 examples of criticality for an org - ANSWER>>Tangible assets Intangible assets Processes Data paths Personnel In risk, what is the avoidance method? - ANSWER>>Avoiding high risk In risk, what is the acceptance method? - ANSWER>>Acceptable level of risk In risk, what is an example of the avoidance method? - ANSWER>>Insurance In risk, what is the mitigation method? - ANSWER>>Controls or countermeasures Assets can be what? - ANSWER>>Tangible Intangible Personnel
In cloud layered defense what are examples of personnel controls? - ANSWER>>background checks continual monitoring In cloud layered defense what are examples of technological controls? - ANSWER>>encryption event logging access control enforcement In cloud layered defense what is an examples of physical controls? - ANSWER>>access to overall campus In cloud layered defense what is an example of governance mechanisms? - ANSWER>>auditing What are ways for securing devices in a datacenter? - ANSWER>>Guess accounts removed no default passwords systems are patched, maintained and updated unused ports are closed limited physical access What is layered defense? - ANSWER>>The practice of having multiple overlapping means of securing the environment with a variety of methods Who determines risk appetite? - ANSWER>>senior management Experimental technology of processing encrypted data w/o decrypting it first? - ANSWER>>Homomorphic T/F: Data owners remain legally responsible for all data they own - ANSWER>>True
What are four ways an org might categorize data? - ANSWER>>Regulatory compliance business function function unit by project What are three examples of classification? - ANSWER>>sensitivity jurisdiction criticality What is a data owner? - ANSWER>>Collects or creates the data, and possesses the rights and responsibilities of the data What is a data custodian? - ANSWER>>Manipulates, stores, or moves the data, and serves as a cloud provider What is datamining? - ANSWER>>Data mining tries to automatically find interesting patterns in data using plethora of technologies What method would an org creates categories based on which rules apply to a specific dataset? - ANSWER>>regulatory compliance What method would an org have specific categories for different uses of data? - ANSWER>>business function What would a department or office be called that has its own category and keeps all the data it controls? - ANSWER>>functional unit what dataset is defined by projects? - ANSWER>>by project
What are five examples of exceptions under copyright laws? - ANSWER>>Fair use satire library preservation personal backup versions for people with physical disabilities What is copyright? - ANSWER>>protection of written material or ideas What is a trademark? - ANSWER>>a symbol, word, or words legally registered or established by use as representing a company or product. What is a patent? - ANSWER>>legal mechanism for protecting intellectual property in the form of inventions, processes, materials, decorations, and plant life What are trade secrets? - ANSWER>>Any form of knowledge or info that has economic value from not being known to others, or readily ascertainable by proper means and has been the subject of reasonable efforts by the owner to maintain secrecy What are rudimentary reference checks? - ANSWER>>Content itself can automatically check for proper usage or ownership What is the presence of licensed media? - ANSWER>>DRM engine on the media identifies the unique disk What are online reference checks? - ANSWER>>Product key What is support-based licensing? - ANSWER>>the need for continual help for content What are local agent checks? - ANSWER>>Installed reference tool that checks the protected content against the user's license What are four examples of conflicts that are posed while employing DRM to the cloud? -
ANSWER>>API
Replication Jurisdiction Enterprise What are six retention policies that should be included in data retention? - ANSWER>>retention periods applicable regulation retention formats data classification archiving and retrieval procedures monitoring, maintenance, and enforcement What are four legacy examples of data destruction? - ANSWER>>Physical destruction of media and hardware degaussing overwriting Cryptoshredding data retention policy: Retention period - ANSWER>>how long data should be kept data retention policy: data classification - ANSWER>>how and when data should be categorized data retention policy: retention format - ANSWER>>how data is achieved and stored data retention policy: applicable regulation - ANSWER>>senior management's decision to resolve conflict in policy What is jurisdiction? - ANSWER>>geophysical location of the source or storage point of the data might have significant bearing on how that data is treated and handled What is a data audit? - ANSWER>>A powerful tool to regularly review, inventory, and inspect usage and condition of the information that an organization owns.
Share Archive Delete Data created should be _________ upon creation/upload - ANSWER>>encrypted new digital content is generated or existing content is modified - ANSWER>>create data is committed to a repository - ANSWER>>store data is viewed, processed, or otherwise in some sort of activity - ANSWER>>use information is made accessible to others - ANSWER>>share data leaves active use and enters long-term storage - ANSWER>>archive data is permanently removed using physical or digital means - ANSWER>>destroy T/F: Archive phase is for short-term storage when planning security controls for the data
- ANSWER>>False T/F: Archive phase activities in the cloud will largely be driven by whether a user is using the same cloud provider for backups and its production environment - ANSWER>>True T/F: In the archive phase, physical security of the data in short-term storage is also important - ANSWER>>False T/F: In the archive phase, cryptography will, as with most data-related controls, be an essential consideration - ANSWER>>True
What is volume storage? - ANSWER>>allocates a storage space within the cloud; this storage space is represented as an attached drive to the user's virtual machine What are two types of volume storage architecture? - ANSWER>>File Block Volume storage is associated with what infrastructure model? - ANSWER>>Infrastructure as a Service(IaaS) What is object-based storage? - ANSWER>>Data is stored as objects What is a database? - ANSWER>>Provides some sort of structure for stored data; it is backend storage in the datacenter, accessed by users utilizing online apps What is a content delivery network? - ANSWER>>Acts as a form of data caching, usually near geophysical locations of high use demand, improves bandwidth and provides quality What are three levels of encryption related to databases? - ANSWER>>File-level Transparent application-level When the database is stored on a volume, what encryption type should be used? - ANSWER>>file-level When wanting to encrypt the entire database or specific portions of it, what type of encryption should be used? - ANSWER>>transparent
What are nulls? - ANSWER>>deleting the raw data from the display before it is represented or displaying null What is key recovery? - ANSWER>>A procedure that involves multiple people, each with access to only a portion of the key What is block storage? - ANSWER>>A blank volume that the customer or user can put anything into and it might allow more flexibility and higher performance What is the U.S. Commerce Department controls on technology exports? - ANSWER>>Export Administration Regulations(EAR) What is the U.S. State Department controls on technology exports? - ANSWER>>International Traffic in Arms Regulations(ITAR) T/F: Cryptographic keys for encrypted data stored in the cloud should be stored with cloud provider. - ANSWER>>False What is the practice of obscuring raw data where only a portion is displayed for operational purposes? - ANSWER>>Masking What are third-party providers of IAM functions for the cloud environment? - ANSWER>>Cloud Access Security Broker(CASB) T/F: The goals of DLP include elasticity - ANSWER>>False T/F: Risk and responsibilities will be shared between the cloud provider and customer - ANSWER>>True
T/F: The customer is concerned with dat, whereas the provider is concerned with security and operation - ANSWER>>True T/F: The customer wants to refute control, deny insight, and refrain from disclosing any information used for malicious purpose - ANSWER>>False T/F: The customer is legally liable for their data even if the provider was negligent. - ANSWER>>True What is a private cloud? - ANSWER>>a cloud that is owned and operated by an organization for its own benefit. What are 5 risks private cloud owners face? - ANSWER>>Personnel threats Natural disasters External attacks regulatory noncompliance malware What are 3 risk associated with a community cloud? - ANSWER>>Resiliency through shared ownership Access and control lack of centralized standards What are the 3 main issues with a public cloud? - ANSWER>>vendor lock-in vendor lock-out multitenant environments What are 4 things to consider to avoid vender lock-in? - ANSWER>>Ensure favorable contract terms for portability Avoid proprietary formats Ensure no physical limitations to moving Check for regulatory constraints What are 4 factors to consider to avoid vender lock-out? - ANSWER>>Provider longevity
Data seizure What is a type 1 hypervisor? - ANSWER>>Installed on top of a bare metal install, bootable software what is a type 2 hypervisor? - ANSWER>>Applications that run on a standard OS What are 8 threats to a private cloud? - ANSWER>>malware internal threats external attackers man in the middle social engineering theft or loss of devices regulatory violations natural disasters What three additional concerns from a private cloud apply to a community cloud - ANSWER>>Loss of policy control loss of physical control lack of audit access What are three additional threats to public clouds from community and private clouds? - ANSWER>>rogue administrator privilege escalation contractual failure What are three methods of using cloud backups for business continuity / disaster recover(BC/DR)? - ANSWER>>Private architecture, cloud service as a backup Cloud operations, cloud provider as backup Cloud operations, third-party cloud backup provider What are some examples of cloud computing external threats? - ANSWER>>malware, hacking, man-in-the-middle What is a personnel threats? - ANSWER>>Malicious or negligent insider who can cause negative impact, as they have physical access to the resources
What is resource sharing? - ANSWER>>Programs and instances run by the customer that will operate on the same devices used by other customers, sometimes simultaneously What is an interoperability issue? - ANSWER>>Customer's software may not function properly with each new adjustment in the environment if the OS is updated by the provider What is a data seizure? - ANSWER>>Legal activity that might results in a host machine being confiscated or inspected by law enforcement or plaintiffs' attorneys What is guest escape? - ANSWER>>improperly designed or poorly configured hypervisor might allow for a user to leave the confines of their own virtualized instance What is information bleed? - ANSWER>>Possibility that processing performed on one virtualized instance may be detected by other instances on the same host What are three techniques to enhance the portability of data and avoid vendor lock-in - ANSWER>>Favorable contract terms Avoid proprietary data formats No physical limitations to moving What are six countermeasures against internal threats? - ANSWER>>Least privilege mandatory vacation separation of duties skills and knowledge testing extensive and comprehensive training programs aggressive background checks What are 3 countermeasures that can be applied to cloud operations against internal threats? - ANSWER>>DLP solutions
