100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
WGU Course C838 - Managing Cloud Security Latest Update Actual Exam with 1050 Questions and 100% Verified Correct Answers Guaranteed A+ At First Attempt Verified By Professor $30.49   Add to cart

Exam (elaborations)

WGU Course C838 - Managing Cloud Security Latest Update Actual Exam with 1050 Questions and 100% Verified Correct Answers Guaranteed A+ At First Attempt Verified By Professor

 4 views  0 purchase
  • Course
  • WGU Course C838 - Managing Cloud Security
  • Institution
  • WGU Course C838 - Managing Cloud Security

WGU Course C838 - Managing Cloud Security Latest Update Actual Exam with 1050 Questions and 100% Verified Correct Answers Guaranteed A+ At First Attempt Verified By Professor

Preview 4 out of 230  pages

  • September 16, 2024
  • 230
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • WGU Course C838 - Managing Cloud Security
  • WGU Course C838 - Managing Cloud Security
avatar-seller
Tutordiligent
WGU Course C838 - Managing Cloud Security
Latest Update 2024-2025 Actual Exam with 1050
Questions and 100% Verified Correct Answers
Guaranteed A+ At First Attempt Verified By
Professor
_______ drive security decisions.


A Public opinion
B Business requirements
C Surveys
D Customer service responses - CORRECT ANSWER: B


________ reports review controls relevant to security, availability, processing integrity,
confidentiality, or privacy. This is the report of most use to cloud customers (to
determine the suitability of cloud providers) and IT security practitioners. - CORRECT
ANSWER: SOC 2


__________ usually concerns modifications to a known set of parameters regarding
each element of the network, including what settings each has, how the controls are
implemented, and so forth. - CORRECT ANSWER: Configuration management


___________ abstracts the running of code (including operating systems) from the
underlying hardware and most commonly refers to virtual machines. - CORRECT
ANSWER: Compute virtualization


___________ are the logs, documentation, and other materials needed for audits and
compliance; they are the evidence to support compliance activities. - CORRECT
ANSWER: Artifacts


____________ are applied to existing systems and components, whereas upgrades are
the replacement of older elements for new ones. - CORRECT ANSWER: Updates

,____________ refers to the process of identifying and obtaining electronic evidence for
either prosecutorial or litigation purposes. Determining which data in a set is pertinent
can be difficult. Regardless of whether it is databases, records, email, or just simple
files. - CORRECT ANSWER: Electronic discovery (eDiscovery)


____________ specifies a management system that is intended to bring information
security under management control and gives specific requirements. Organizations that
meet the requirements may be certified by an accredited certification body following
successful completion of an audit. - CORRECT ANSWER: ISO/IEC 27001


_____________ usually deals with modifications to the network, such as the acquisition
and deployment of new systems and components and the disposal of those taken out of
service. - CORRECT ANSWER: Change management


______________ efforts are concerned with maintaining critical operations during any
interruption in service, whereas disaster recovery efforts are focused on the resumption
of operations after an interruption due to disaster. - CORRECT ANSWER: Business
continuity


______________ is an advisory organization for matters related to IT service. -
CORRECT ANSWER: Uptime Institute


______________ talks about personally identifiable information (PII) as a name, date of
birth, and Social Security number. HIPAA calls this type of data "electronic protected
health information" (ePHI), and it also includes any patient information, including
medical records, and facial photos. GLBA includes customer account information such
as account numbers and balances. - CORRECT ANSWER: NIST Special Publication
(SP) 800-122


_______________ is a protocol specification providing for the exchange of structured
information or data in web services. It also works over other protocols such as SMTP,
FTP, and HTTP.
Standards-based
Reliant on XML

,Highly intolerant of errors
Slower
Built-in error handling - CORRECT ANSWER: Simple Object Access Protocol (SOAP)


_________________ can be caused when the cloud provider goes out of business, is
acquired by another interest, or ceases operation for any reason. In these
circumstances, the concern is whether the customer can still readily access and recover
their data. - CORRECT ANSWER: Vendor lock-out


_________________ is the amount of risk that the leadership and stakeholders of an
organization are willing to accept.


It varies based on asset value and the requirements of a particular asset. - CORRECT
ANSWER: Risk tolerance


_________________ refers to the body of rights, obligations, and remedies that set out
reliefs for persons who have been harmed by others and seeks to provide for the
compensation of victims that suffered at the hand of others by shifting their costs to the
person who caused them. - CORRECT ANSWER: Tort law


___________________ is a full application and distributed model that's managed and
hosted by the provider. Consumers access it with a web browser, mobile app, or a
lightweight client app.


Includes everything listed in the previous Infrastructure as a Service (IaaS) and Platform
as a Service (PaaS) models, with the addition of software programs. - CORRECT
ANSWER: Software as a Service (SaaS)


___________________ is considered a black-box test since the code is not revealed
and the test must look for problems and vulnerabilities while the application is running. It
is most effective when used against standard HTTP and other HTML web application
interfaces. - CORRECT ANSWER: Dynamic application security testing (DAST)

, ___________________ is the practice of viewing the application from the perspective of
a potential attacker. Realistically, it involves more than just causing a breach or gaining
access (the "penetration") - CORRECT ANSWER: Threat modeling


____________________ abstracts and provides development or application platforms,
such as databases, application platforms (e.g. a place to run Python, PHP, or other
code), file storage and collaboration, or even proprietary application processing (such
as machine learning, big data processing, or direct API access to features of a full SaaS
application). The key differentiator is that, with PaaS, you don't manage the underlying
servers, networks, or other infrastructure.


It contains everything included in IaaS, with the addition of OSs. This model is
especially useful for software development operations (DevOps). - CORRECT
ANSWER: Platform as a Service (PaaS)


____________________ testing is useful in finding such security problems as cross-site
scripting (XSS) errors, SQL injection vulnerabilities, buffer overflows, unhandled error
conditions, and backdoors. This type of test usually delivers more results and more
accuracy than its counterpart dynamic application security testing (DAST). - CORRECT
ANSWER: Static application security testing (SAST)


______________________ meters what is provided, to ensure that consumers only use
what they are allotted, and, if necessary, to charge them for it. This is where the term
utility computing comes from, since computing resources can now be consumed like
water and electricity, with the client only paying for what they use. - CORRECT
ANSWER: Measured service


__________refers to include only departments or business units impacted by any cloud
engagement. - CORRECT ANSWER: Scoping


-All guest accounts are removed
-No default passwords remain
-Systems are patched, maintained, and updated according to vendor guidance
-All unused ports are closed

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Tutordiligent. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $30.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

75323 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$30.49
  • (0)
  Add to cart