WGU Course C838 - Managing Cloud Security
Latest Update 2024-2025 Actual Exam with 1050
Questions and 100% Verified Correct Answers
Guaranteed A+ At First Attempt Verified By
Professor
_______ drive security decisions.
A Public opinion
B Business requirements
C Surveys
D Customer service responses - CORRECT ANSWER: B
________ reports review controls relevant to security, availability, processing integrity,
confidentiality, or privacy. This is the report of most use to cloud customers (to
determine the suitability of cloud providers) and IT security practitioners. - CORRECT
ANSWER: SOC 2
__________ usually concerns modifications to a known set of parameters regarding
each element of the network, including what settings each has, how the controls are
implemented, and so forth. - CORRECT ANSWER: Configuration management
___________ abstracts the running of code (including operating systems) from the
underlying hardware and most commonly refers to virtual machines. - CORRECT
ANSWER: Compute virtualization
___________ are the logs, documentation, and other materials needed for audits and
compliance; they are the evidence to support compliance activities. - CORRECT
ANSWER: Artifacts
____________ are applied to existing systems and components, whereas upgrades are
the replacement of older elements for new ones. - CORRECT ANSWER: Updates
,____________ refers to the process of identifying and obtaining electronic evidence for
either prosecutorial or litigation purposes. Determining which data in a set is pertinent
can be difficult. Regardless of whether it is databases, records, email, or just simple
files. - CORRECT ANSWER: Electronic discovery (eDiscovery)
____________ specifies a management system that is intended to bring information
security under management control and gives specific requirements. Organizations that
meet the requirements may be certified by an accredited certification body following
successful completion of an audit. - CORRECT ANSWER: ISO/IEC 27001
_____________ usually deals with modifications to the network, such as the acquisition
and deployment of new systems and components and the disposal of those taken out of
service. - CORRECT ANSWER: Change management
______________ efforts are concerned with maintaining critical operations during any
interruption in service, whereas disaster recovery efforts are focused on the resumption
of operations after an interruption due to disaster. - CORRECT ANSWER: Business
continuity
______________ is an advisory organization for matters related to IT service. -
CORRECT ANSWER: Uptime Institute
______________ talks about personally identifiable information (PII) as a name, date of
birth, and Social Security number. HIPAA calls this type of data "electronic protected
health information" (ePHI), and it also includes any patient information, including
medical records, and facial photos. GLBA includes customer account information such
as account numbers and balances. - CORRECT ANSWER: NIST Special Publication
(SP) 800-122
_______________ is a protocol specification providing for the exchange of structured
information or data in web services. It also works over other protocols such as SMTP,
FTP, and HTTP.
Standards-based
Reliant on XML
,Highly intolerant of errors
Slower
Built-in error handling - CORRECT ANSWER: Simple Object Access Protocol (SOAP)
_________________ can be caused when the cloud provider goes out of business, is
acquired by another interest, or ceases operation for any reason. In these
circumstances, the concern is whether the customer can still readily access and recover
their data. - CORRECT ANSWER: Vendor lock-out
_________________ is the amount of risk that the leadership and stakeholders of an
organization are willing to accept.
It varies based on asset value and the requirements of a particular asset. - CORRECT
ANSWER: Risk tolerance
_________________ refers to the body of rights, obligations, and remedies that set out
reliefs for persons who have been harmed by others and seeks to provide for the
compensation of victims that suffered at the hand of others by shifting their costs to the
person who caused them. - CORRECT ANSWER: Tort law
___________________ is a full application and distributed model that's managed and
hosted by the provider. Consumers access it with a web browser, mobile app, or a
lightweight client app.
Includes everything listed in the previous Infrastructure as a Service (IaaS) and Platform
as a Service (PaaS) models, with the addition of software programs. - CORRECT
ANSWER: Software as a Service (SaaS)
___________________ is considered a black-box test since the code is not revealed
and the test must look for problems and vulnerabilities while the application is running. It
is most effective when used against standard HTTP and other HTML web application
interfaces. - CORRECT ANSWER: Dynamic application security testing (DAST)
, ___________________ is the practice of viewing the application from the perspective of
a potential attacker. Realistically, it involves more than just causing a breach or gaining
access (the "penetration") - CORRECT ANSWER: Threat modeling
____________________ abstracts and provides development or application platforms,
such as databases, application platforms (e.g. a place to run Python, PHP, or other
code), file storage and collaboration, or even proprietary application processing (such
as machine learning, big data processing, or direct API access to features of a full SaaS
application). The key differentiator is that, with PaaS, you don't manage the underlying
servers, networks, or other infrastructure.
It contains everything included in IaaS, with the addition of OSs. This model is
especially useful for software development operations (DevOps). - CORRECT
ANSWER: Platform as a Service (PaaS)
____________________ testing is useful in finding such security problems as cross-site
scripting (XSS) errors, SQL injection vulnerabilities, buffer overflows, unhandled error
conditions, and backdoors. This type of test usually delivers more results and more
accuracy than its counterpart dynamic application security testing (DAST). - CORRECT
ANSWER: Static application security testing (SAST)
______________________ meters what is provided, to ensure that consumers only use
what they are allotted, and, if necessary, to charge them for it. This is where the term
utility computing comes from, since computing resources can now be consumed like
water and electricity, with the client only paying for what they use. - CORRECT
ANSWER: Measured service
__________refers to include only departments or business units impacted by any cloud
engagement. - CORRECT ANSWER: Scoping
-All guest accounts are removed
-No default passwords remain
-Systems are patched, maintained, and updated according to vendor guidance
-All unused ports are closed
