Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
WGU COURSE C838-MANAGING CLOUD SECURITY (CCSP) WITH VERIFIED SOLUTIONS.
Typology: Exams
1 / 317
This page cannot be seen from the preview
Don't miss anything!
Which phase of the cloud data life cycle allows both read and process functions to be performed? A Create B Archive C Store D Share - -Solution A Which phase of the cloud data security life cycle typically occurs simultaneously with creation? A Share B Store C Use D Destroy - -Solution B Which phase of the cloud data life cycle uses content delivery networks? A Destroy B Archive C Share D Create - -Solution
Which phase of the cloud data life cycle is associated with crypto-shredding? A Share B Use C Destroy D Store - -Solution C Which cloud data storage architecture allows sensitive data to be replaced with unique identification symbols that retain all the essential information about the data without compromising its security? A Randomization B Obfuscation C Anonymization D Tokenization - -Solution D Which methodology could cloud data storage utilize to encrypt all data associated in an infrastructure as a service (IaaS) deployment model? A Sandbox encryption B Polymorphic encryption C Client-side encryption
Which technique scrambles the content of data using a mathematical algorithm while keeping the structural arrangement of the data? A Dynamic masking B Format-preserving encryption C Proxy-based encryption D Tokenization - -Solution B Which encryption technique connects the instance to the encryption instance that handles all crypto operations? A Database B Proxy C Externally managed D Server-side - -Solution B Which type of control should be used to implement custom controls that safeguard data? A Public and internal sharing B Options for access C Management plane D Application level - -Solution D
Which element is protected by an encryption system? A Ciphertext B Management engine C Data D Public key - -Solution C A cloud administrator recommends using tokenization as an alternative to protecting data without encryption. The administrator needs to make an authorized application request to access the data. Which step should occur immediately before this action is taken? A The tokenization server returns the token to the application. B The tokenization server generates the token. C The application collects a token. D The application stores the token. - -Solution D A company has recently defined classification levels for its data. During which phase of the cloud data life cycle should this definition occur?
Which jurisdictional data protection safeguards protected health information (PHI)? A Directive 95/46/EC B Safe harbor regime C Personal Data Protection Act of 2000 D Health Insurance Portability and Accountability Act (HIPAA) - -Solution D How is the compliance of the cloud service provider's legal and regulatory requirements verified when securing personally identifiable information (PII) data in the cloud? A Contractual agreements B Third-party audits and attestations C e-Discovery process D Researching data retention laws - -Solution B Which security strategy is associated with data rights management solutions? A Unrestricted replication B Limited documents type support C Static policy control D Continuous auditing - -Solution
Who retains final ownership for granting data access and permissions in a shared responsibility model? A Customer B Developer C Manager D Analyst - -Solution A Which data retention solution should be applied to a file in order to reduce the data footprint by deleting fixed content and duplicate data? A Backup B Caching C Archiving D Saving - -Solution C Which data retention method is stored with a minimal amount of metadata storage with the content? A File system B Redundant array C Object-based D Block-based - -Solution
Which technology is used to manage identity access management by building trust relationships between organizations? A Single sign-on B Multifactor authentication C Federation D Biometric authentication - -Solution C Which term describes the action of confirming identity access to an information system? A Coordination B Concept C Access D Authentication - -Solution D Which cloud computing tool is used to discover internal use of cloud services using various mechanisms such as network monitoring? A Data loss prevention (DLP) B Content delivery network (CDN) C Cloud access security broker (CASB) D Web application firewall (WAF) - -Solution
Which cloud computing technology unlocks business value through digital and physical access to maps? A Multitenancy B Cloud application C Application programming interface D On-demand self-service - -Solution C Which cloud computing tool may help detect data migrations to cloud services? A Uniform resource locator (URL) filtering B Cloud security gateways C Cloud data transfer D Data loss prevention - -Solution D What is a key component of the infrastructure as a service (IaaS) cloud service model? A Allows choice and reduces lock-in B Supports multiple languages and frameworks C Ease of use and limited administration D High reliability and resilience - -Solution D
In which situation could cloud clients find it impossible to recover or access their own data if their cloud provider goes bankrupt? A Vendor lock-in B Multitenant C Multicloud D Vendor lock-out - -Solution D Which cloud deployment model is operated for a single organization? A Consortium B Hybrid C Public D Private - -Solution D Which cloud model provides data location assurance? A Hybrid B Private C Community D Public - -Solution B
Which cloud model allows the consumer to have sole responsibility for management and governance? A Hybrid B Community C Private D Public - -Solution C Which technology allows an organization to control access to sensitive documents stored in the cloud? A Digital rights management (DRM) B Database activity monitoring (DAM) C Identity and access management (IAM) D Distributed resource scheduling (DRS) - -Solution A Which security technology can provide secure network communications from on-site enterprise systems to a cloud platform? A Domain name system security extensions (DNSSEC) B Internet protocol security (IPSec) virtual private network (VPN) C Web application firewall (WAF) D Data loss prevention (DLP) - -Solution B
-Solution A Which design principle of secure cloud computing ensures that users can utilize data and applications from around the globe? A Portability B Scalability C On-demand self-service D Broad network access - -Solution D Which design principle of secure cloud computing involves deploying cloud service provider resources to maximize availability in the event of a failure? A Elasticity B Resiliency C Scalability D Clustering - -Solution B Which item should be part of the legal framework analysis if a company wishes to store prescription drug records in a SaaS solution? A Sarbanes-Oxley Act B Health Insurance Portability and Accountability Act
C Federal Information Security Modernization Act D U.S. Patriot Act - -Solution B Which standard addresses practices related to acquisition of forensic artifacts and can be directly applied to a cloud environment? A NIST SP 500- B ISO/IEC 27001 C NIST SP 800- D ISO/IEC 27050-1 - -Solution D Which regulation in the United States defines the requirements for a CSP to implement and report on internal accounting controls? A HIPAA B SOX C FERPA D GDPR - -Solution B Which legislation must a trusted cloud service adhere to when utilizing the data of EU citizens? A GDPR
B Utility power availability C Expansion possibilities and growth D Telecommunications connections - -Solution A Which result is achieved by removing all nonessential services and software of devices for secure configuration of hardware? A Hardening B Maintenance C Patching D Lockdown - -Solution A What is a component of device hardening? A Patching B Unit testing C Versioning D Configuring VPN access - -Solution A Which technology typically provides security isolation in infrastructure as a service (IaaS) cloud computing? A Application instance B System image repository
C Virtual machines D Operating systems - -Solution C Which technology an administrator to remotely manage a fleet of servers? A KVM switch B VPN concentrator C Bastion host D Management plane - -Solution D What part of the logical infrastructure design is used to configure cloud resources, such as launching virtual machines or configuring virtual networks? A Management orchestration software B Management plane C Identity access management D Database management - -Solution B Which action enhances cloud security application deployment through standards such as ISO/IEC 27034 for the development, acquisition, and configuration of software systems?
