100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
WGU C838 MANAGING CLOUD SECURITY $12.49   Add to cart

Other

WGU C838 MANAGING CLOUD SECURITY

 6 views  0 purchase
  • Course
  • WGU C838
  • Institution
  • WGU C838

WGU C838 MANAGING CLOUD SECURITY

Preview 2 out of 8  pages

  • August 6, 2024
  • 8
  • 2024/2025
  • Other
  • Unknown
  • WGU C838
  • WGU C838
avatar-seller
GEEKA
WGU C838 MANAGING CLOUD SECURITY

Eucalyptus - answer- Open source cloud computing and IaaS platform for enabling
private clouds

Apache Cloud Stack - answer- Open source cloud computing and IaaS platform
developed to help make creating, deploying, and managing cloud services easier by
providing a complete "stack" of features and components for cloud environments

FIPS 140-2 - answer- NIST document that lists accredited and outmoded cryptosystems

NIST 800-53 - answer- Guidance document with the primary goal of ensuring that
appropriate security requirements and controls are applied to all U.S. federal
government information in information management systems

Four Steps of a Business Requirements Analysis - answer- 1. inventory of all assets (#)
2. valuation of each asset ($)
3. determination of critical paths, processes, and assets
4. clear understanding of risk appetite

Cloud Provider Defense Roles - answer- - strong personnel controls (background
checks, and continual monitoring)
- technological controls (encryption, event logging, and access control enforcement)
- physical controls
- governance mechanisms and enforcement (policies and audits)

Cloud Customer Defense Roles - answer- - training programs for staff and users
- contractual enforcement of policy requirements
- use of encryption and logical isolation mechanisms
- strong access control methods

Key Components of Strong Data Retention Policies - answer- 1. Retention periods
2. Applicable regulation
3. Retention formats
4. Data classification
5. Archiving and retrieval procedures
6. Monitoring, maintenance and enforcement

CSA STAR Program - answer- Designed to provide an independent level of program
assurance for cloud consumers
Consists of: 1. Cloud Controls Matrix (CCM): A list of security controls and principles
appropriate for the cloud environment, cross-referenced to other control frameworks
such as COBIT, ISO standards, and NIST pubs; arranged into separate security
domains

, 2. Consensus Assessments Initiative Questionnaire (CAIQ): A self-assessment
performed by cloud providers, detailing their evaluation of the practice areas and control
groups they use in providing their services

The 3 Levels of CSA STAR Program - answer- Level One: Self-Assessment: Requires
the release and publication of due diligence assessments against the CSA's Consensus
Assessment Initiative Questionnaire and/or Cloud Matrix (CCM)
Level Two: CSA STAR Attestation: Requires the release and publication of available
results of an assessment carried out by an independent third party based on CSA CCM
and ISO 27001:2013 or an AICPA SOC 2
Level Three: CSA STAR Continuous Monitoring: Requires the release and publication
of results related to the security properties of monitoring based on the CloudTrust
Protocol

API - answer- Application Programming Interface
A set of routines, standards, protocols, and tools for building software applications to
access a web-based software application or tool

ISO/IEC 27034-1 - answer- One of the most widely accepted set of standards and
guidelines for secure application development; provides an overview of network and
infrastructure security designed to secure cloud applications; key elements include the
organizational normative framework (ONF), the application normative framework (ANF),
and the application security management process (APSM)

Data Masking - answer- a program that protects privacy by replacing personal
information with fake values

ITAR - answer- International Traffic in Arms Regulations
United States regulation; prohibitions on defense-related exports; can include
cryptography systems.

EAR - answer- Export Administration Regulations
United States regulation; prohibitions on dual-use items (technologies that could be
used for both commercial and military purposes).

The 3 Types of Database Encryption - answer- 1. File-level - encrypting the volume or
folder of the database, with the encryption engine and keys residing on the instances
attached to the volume; protects from media theft, lost backups, and external attack but
does not protect against attacks with access to the application layer, the instance's OS,
or the database itself
2. Transparent - encrypting the entire database or specific portions, such as tables;
encryption engine resides within the database, and it is transparent to the application;
keys usually reside within the instance, although processing and management of them
may also be offloaded to an external KMS; provides effective protection from media
theft, backup system intrusions, and certain database and application-level attacks

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller GEEKA. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $12.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

82215 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$12.49
  • (0)
  Add to cart