Exam (elaborations)
WGU - D320 2024 EXAM QUESTIONS WITH DETAILED VERIFIED ANSWERS
- Course
- Institution
WGU - D320 2024 EXAM QUESTIONS WITH DETAILED VERIFIED ANSWERS GRADE A+
[Show more]
Seller
Follow
Content preview
WGU - D320 2024 EXAM QUESTIONSWITH DETAILED VERIFIED ANSWERS
GRADE A+
1: Implements Secure Solutions
Which technology should be implemented to ensure secure communication between on-site
enterprise systems and a cloud platform.
A. Domain Name System Security Extensions (DNSSEC)
B. Internet Protocol Security (IPSec) VPN
C. Web Application Firewall (WAF)
D. Data Loss Prevention (DLP)
Correct Answer: B. Internet Protocol Security (IPSec) VPN
Explanation:
• IPSec VPN is designed to secure communication over an IP network. It encrypts the entire
IP packet for secure transmission between on-site systems and cloud platforms, ensuring data
integrity and confidentiality.
• DNSSEC ensures the integrity of DNS responses but doesn't provide secure communication
between systems.
• WAF protects web applications by filtering and monitoring HTTP traffic but is not used for
secure communication between systems.
• DLP prevents data breaches by monitoring and controlling data flows, but it doesn't
establish secure communication channels.
2: Implements Operations
Which phase of the cloud data lifecycle is most likely to overlap with the 'Create' phase in
terms of implementing security controls
A. Share
B. Store
C. Use
D. Destroy
,Correct Answer: B. Store
Explanation:
• Store often overlaps with the Create phase because as soon as data is created, it usually
needs to be securely stored. Security controls, such as encryption, should be implemented at
this stage.
• Share and Use happen after data is stored.
• Destroy is the final stage in the lifecycle and typically occurs after data is no longer needed.
3: Conducts Risk Management
Which risk management approach involves completely eliminating a risk because it exceeds
the organization's risk appetite
A. Mitigation
B. Avoidance
C. Transfer
D. Acceptance
Correct Answer: B. Avoidance
Explanation:
• Avoidance involves eliminating the risk entirely, typically when the potential impact is too
great or when controls cannot adequately reduce the risk to an acceptable level.
• Mitigation involves reducing the risk to an acceptable level.
• Transfer involves shifting the risk to a third party, such as through insurance.
• Acceptance involves acknowledging the risk and choosing to bear it without further action.
4: Identifies Legal, Compliance, and Ethical Concerns
Which United States law focuses specifically on the privacy of financial information
A. Health Insurance Portability and Accountability Act (HIPAA)
B. Sarbanes-Oxley Act (SOX)
C. Gramm-Leach-Bliley Act (GLBA)
D. Safe Harbor
Correct Answer: C. Gramm-Leach-Bliley Act (GLBA)
Explanation:
• GLBA is designed to protect consumer financial privacy by setting regulations for how
financial institutions handle private data.
,• HIPAA focuses on healthcare information.
• SOX is concerned with corporate financial practices and reporting.
• Safe Harbor was an agreement between the US and EU for data transfers, not specifically
financial privacy.
1: Implements Secure Solutions
Which technology is most effective in preventing unauthorized access to sensitive data by
ensuring it is unreadable without proper decryption keys
A. Data Masking
B. Tokenization
C. Encryption
D. Obfuscation
Correct Answer: C. Encryption
Explanation: Encryption transforms readable data into an unreadable format using
cryptographic algorithms, making it inaccessible to unauthorized users. Tokenization and data
masking are also methods of protecting data, but they do not provide the same level of
security as encryption. Obfuscation is the process of making data more difficult to understand
but is not intended to prevent access.
2: Implements Operations
Which of the following activities is essential during the Secure Operations phase of the
Software Development Lifecycle (SDLC)
A. Static Analysis
B. Code Review
C. Dynamic Analysis
D. Acceptance Testing
Correct Answer: C. Dynamic Analysis
Explanation: Dynamic Analysis is crucial during the secure operations phase because it
involves testing the software in a runtime environment, identifying security vulnerabilities
that might only become apparent during execution. Static Analysis and Code Review are
performed earlier in the SDLC, and Acceptance Testing is typically done after secure
operations to verify the system meets the requirements.
, 3: Conducts Risk Management
Which risk management approach involves the transfer of risk to another party, such as
through insurance
A. Risk Mitigation
B. Risk Avoidance
C. Risk Transference
D. Risk Acceptance
Correct Answer: C. Risk Transference
Explanation: Risk Transference involves shifting the impact of a risk to a third party, often by
using insurance or outsourcing certain activities. Risk Mitigation involves reducing the risk,
Risk Avoidance involves eliminating the risk, and Risk Acceptance involves acknowledging
and accepting the risk without further action.
4: Identifies Legal, Compliance, and Ethical Concerns
Which U.S. law focuses specifically on the protection of personal health information
A. Sarbanes-Oxley Act (SOX)
B. Health Insurance Portability and Accountability Act (HIPAA)
C. Gramm-Leach-Bliley Act (GLBA)
D. Federal Information Security Management Act (FISMA)
Correct Answer: B. Health Insurance Portability and Accountability Act (HIPAA)
Explanation: HIPAA sets standards for the protection of personal health information. SOX is
related to corporate financial practices, GLBA focuses on financial privacy, and FISMA
applies to federal information security management.
5: Implements Secure Solutions
Which cloud service model requires the customer to manage the security of the operating
system, applications, and data
A. Software as a Service (SaaS)
B. Platform as a Service (PaaS)
C. Infrastructure as a Service (IaaS)
D. Containers as a Service (CaaS)
Correct Answer: C. Infrastructure as a Service (IaaS)
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller wilsonmariam576. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $15.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
78462 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now