Exam (elaborations)
WGU D320 - MANAGING CLOUD SECURITY VERSION (JYO2) QUESTIONS AND ANSWERS 2024
- Course
- Institution
WGU D320 - MANAGING CLOUD SECURITY VERSION (JYO2) QUESTIONS AND ANSWERS 2024
[Show more]
Content preview
WGU D320 - MANAGING CLOUD SECURITYVERSION (JYO2)
SOC 1
SOC Report type: strictly for auditing the financial reporting instruments of a
corporation
SOC 2
SOC Report type: Intended to report audits of any controls on an organization's
security, availability, processing integrity, confidentiality, and privacy.
SOC 3
SOC Report type: Designed to be shared with the public.
Seal of approval. Does not contain any actual data about the security controls of
the audit target.
encrypted
Data at rest should be _________.
Defining
SDLC Phase focused on identifying the business requirements of the application,
such as accounting, database, or customer relationship management
Designing
SDLC Phase: Begin to develop user stories (what the user will want to accomplish,
what interface will look like and whether it will require the use or development of
any APIs)
Development
SDLC Phase where the code is written.
,Testing
SDLC Phase where activities such as initial pen testing and vulnerability scanning
against the application are performed. Will use both dynamic and static testing or
DSAT (Dynamic Application Security Testing) or SAST (Static Application Security
Testing).
Secure Operations
SDLC Phase where after testing, the application is deemed secure.
Disposal
SDLC Phase where app has reached end of life or has been replaced with a newer
or different application.
S (Spoofing)
T (Tampering)
R (Repudiation)
I (Information Disclosure)
D (Denial of Service)
E (Elevation of Privilege)
STRIDE
Graham-Leach-Bliley Act (GLBA)
Allow banks to merge with and own insurance companies. Included in the law
were stipulations that customer account information be kept secure and private,
and that customers be allowed to opt out of any information-sharing
arrangements the bank or insurer might engage in.
Sarbanes-Oxley Act (SOX)
,Law that increases transparency into publicly traded corporations' financial
activities.
HIPPA
Law that protects patient records and data.
FERPA
Law that prevents academic institutions from sharing student data with anyone
other than parents or students (after age 18)
DMCA
provisions to protect owned data; cracking of access controls on copyrighted
media a crime and enables holders to require any site to remove content
CLOUD Act
Allows US law enforcement and courts to compel American companies to disclose
data stored in foreign data centers.
GDPR
Most significant, powerful personal privacy law in the world. Describes the
appropriate handling of personal and private information of all EU citizens.
Crypto-shredding
The practice of 'deleting' data by deliberately deleting or overwriting the
encryption keys.
Business Impact Analysis (BIA)
A process that assesses and identifies the potential effects of disruptions to a
business operation.
SPOF
, A component or system that, if it fails, will cause the entire system to fail.
Quantitative
Risk assessment that uses specific numerical values
Qualitative
Risk assessment that uses non-numerical categories that are relative in nature,
such as high, medium, and low.
Risk appetite
level, amount, or type of risk that the organization finds acceptable
Residual risk
The remaining risk that exists after countermeasures have been applied.
IaaS
Service model where cloud customer has the most responsibility and authority.
Cloud provider is only liable for the underlying hardware.
PaaS
Service model where cloud customer loses more control because the cloud
provider is responsible for installing, maintaining, and administering the OS as
well as underlying hardware.
SaaS
Service model where cloud customer loses all control of the environment. Cloud
provider is responsible for all of the underlying hardware and software.
Homomorphic encryption
A method of processing data in the cloud while it remains encrypted.
Defense in depth
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Teacher101. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
78252 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now