Exam (elaborations)
WGU D320/CCSP QUESTIONS AND ANSWERS 2024
- Course
- Institution
WGU D320/CCSP QUESTIONS AND ANSWERS 2024
[Show more]
Content preview
WGU D320/CCSPAt which phase of the software development life cycle (SDLC) is user involvement
most crucial?
A. Define
B. Design
C. Development
D. Test
A. While some development models allow for user involvement in the entirety of
the process, user input is most necessary in the Define phase, where developers
can understand the business/user requirements-what the system/software is
actually supposed to produce, in terms of function and performance.
Brain wants to ensure that he takes the OWASP Top 10 Cloud risks into account in
his development process. He knows that regulatory compliance is on the list, and
he wants to include it in the SDLC. During what phase of the SDLC would it make
the most sense to consider regulatory compliance?
A. Analysis and requirement definition
B. Design
C. Implementation
D. Testing
A. Brian needs to bring up regulatory compliance during the Requirements
Gathering phase of the SDLC. If it isn't a requirement, it won't make it into the
design and implementation. Testing for regulatory compliance can be challenging
as not all compliance can be tested for by technical means.
,Dana's organization requires an SBOM for each application it deploys. What
OWASP Top 10 item does an SBOM help to avoid?
A. Vulnerable and outdated systems
B. Broken access control
C. Injection
D. Security misconfiguration
A. A software bill of rights material (SBOM) is used to identify each component in
a software package. Dana knows that having a SBOM will help her to track the
versions and updates available for each component of her software stack.
The company that Yun works for provides API access to customers. Yun wants to
rate-limit API access and gather billing information while using a central
authorization and access management system. What type of tool should Yun put
in place to meet these requirements?
A. An API gateway
B. An API proxy
C. An API firewall
D. A next-generation API manager
A. API gateways are designed to aggregate API access, provide authentication for
API use, rate-limit, and gather statistics and data about API usage. API proxies are
used to decouple software components, API firewalls are purpose-built firewalls
for APIs that protect specific APIs, and next-generation API managers were made
up for this question.
Gary's cloud service provides customers with access to APIs. Which of the
following is a common security flaw in APIs?
A. Us of unstructured data
,B. Lack of authentication
C. Use of semi-structured data
D. Lack of encryption
B. Unsecured APIs aera common issue, and lack of authentication is a major
problem. How data is provided-structured, unstructured, or semi-structured-is
not a security issue. Encryption is typically not provided by the API and is instead
provided by the web server or underlying service.
The management plane is use to administer a cloud environment and perform
administrative tasks across a variety of systems, but most specifically it's used
with the hypervisors.
What does the management plane typically leverage for this orchestration?
A. APIs
B. Scripts
C. TLS
D. XML
The management plane uses APIs to execute remote calls across the cloud
environment to various management systems, especially hypervisors. This allows
a centralized administrative interface, often a web portal, to orchestrate tasks
throughout an enterprise. Scripts may be utilized to execute API calls, but they are
not used directly to interact with systems. XML is used for data encoding and
transmission, but not for executing remote calls. TLS is used to encrypt
communications and may be used with API calls, but it is not the actual process
for executing commands.
, When dealing with PII, which category pertains to those requirements that can
carry legal sanctions or penalties for failure to adequately safeguard the data and
address compliance requirements?
A. Contractual
B. Jurisdictional
C. Regulated
D. Legal
Regulated PII pertains to data that is outlined in law and regulations. Violations of
the requirements for the protection of regulated PII can carry legal sanctions or
penalties. Contractual PII involves required data protection that is determined by
the actual service contract between the cloud provider and cloud customer,
rather than outlined by law. Violations of the provisions of contractual PII carry
potential financial or contractual implications, but not legal sanctions. Legal and
jurisdictional are similar terms to regulated, but neither is the official term used.
Although the united states does not have a single, comprehensive privacy and
regulatory framework, a number of specific regulations pertain to types of data or
populations.
Which of the following is NOT a regulatory system from the United States federal
government?
A. HIPAA
B. SOX
C. FISMA
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Teacher101. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
78121 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now