WGU D320 MANAGING CLOUD SECURITY OA AND PA EXAM 300 QUESTIONS AND ANSWERS REAL EXAM .
5 views 0 purchase
Course
WGU D320
Institution
WGU D320
WGU D320 MANAGING CLOUD SECURITY OA AND PA EXAM 300 QUESTIONS AND ANSWERS REAL EXAM .
OWASP 3: Injection – ANSWER an attacker's attempt to send data to an application in a way that will change the meaning of commands being sent to an interpreter
OWASP 4: Insecure Design – ANSWER focus...
WGU D320 MANAGING CLOUD SECURITY OA AND
PA EXAM 300 QUESTIONS AND ANSWERS REAL
EXAM 2024-2025.
OWASP 3: Injection – ANSWER an attacker's attempt to send data to an application in a
way that will change the meaning of commands being sent to an interpreter
OWASP 4: Insecure Design – ANSWER focuses on risks related to design and
architectural flaws, with a call for more use of threat modeling, secure design patterns,
and reference architectures
OWASP 5: Security Misconfiguration – ANSWER occurs when system or
applicationconfiguration settings are missing or are erroneously implemented,
allowing unauthorized access
OWASP 6: Vulnerable and Outdated Components – ANSWER third-party libraries or
frameworks used in web applications that have known vulnerabilities or are no longer
supported by their developers
OWASP 7: Identification and Authentication Failures – ANSWER The failure of a
systemto identify and/or authenticate leaves the application susceptible to attacks and
leaves user accounts/data at risk
Gramm-Leach-Bliley Act (GLBA) – ANSWER allow banks to merge and own insurance
companies
,Clarifying Lawful Overseas Use of Data (CLOUD) Act – ANSWER Allows US law
enforcement and courts to compel American companies to disclose data stored in
foreign data centers
FERPA – ANSWER prevent academic institutions from sharing student data other than
parents or student
Master service agreement (MSA) – ANSWER provide an umbrella contract for the
workthat a vendor does with an organization over an extended period of time
Service level agreement (SLA) – ANSWER written contracts that specify the conditions
of service that will be provided by the vendor and the remedies available to the
customer if the vendor fails to meet the SLA
Business partnership agreement (BPA) – ANSWER exist when two organizations
agreeto do business with each other in a partnerhsip
memorandum of understanding (MOU) – ANSWER a letter written to document
aspectsof the relationship to avoid future misunderstandings
OWASP Top Ten – ANSWER a standard awareness document for developers and
webapplication security, it represents a broad consensus about the most critical
security risks to web applications.
OWASP 1: Access Control – ANSWER enforces policy such that users cannot
actoutside of their intended permissions
OWASP 2: Cryptographic Failures – ANSWER focus is on failures related to
cryptography (or lack thereof), Which often lead to exposure of sensitive data.
,OWASP 8: Software and Data Integrity Failures – ANSWER relate to code and
infrastructure that does not protect against integrity violations; occur when an attacker
can modify or delete data in an unauthorized manner
OWASP 9: Security Logging and Monitoring Failures – ANSWER this category is to
helpdetect, escalate, and respond to active breaches, without logging and monitoring,
breaches cannot be detected
OWASP 10: Server Side Request Forgery (SSRF) – ANSWER occur whenever a web
application is fetching a remote resource without validating the user-supplied URL,
allows an attacker to coerce the application to send a crafted request to an unexpected
destination, even when protected by a firewall, VPN, or another type of network access
control list (ACL).
data lifecycle – ANSWER Create, Store, Use, Share, Archive, Destroy
SOC 1 Report – ANSWER strictly for auditing the financial reporting instruments of a
corporation
SOC 2 Report – ANSWER Intended to report audits of any controls on an organization's
security, availability, processing integrity, confidentiality, and privacy
SOC 3 Report – ANSWER Designed to be shared with the public, does not contain any
actual data about the security controls of the audit target.
, SOC 2 Type 1 Report - ANSWERReviews the design of controls, not how they are
implemented or maintained
SOC 2 Type 2 Report - ANSWERUsed for getting a true assessment of an
organization's security posture
IaaS risks - ANSWER1. Personnel threats (insiders)
2. External threats (malware, hacking, DDoS, MITM)
3. Lack of specific skillsets
Defining - ANSWERFocused on identifying the business requirements of the
application, such as accounting, database, or customer relationship management
Designing - ANSWERBegin to develop user stories (what the user will want to
accomplish, what the interface will look like and whether it will require the use or
development of any APIs)
Development - ANSWERwhere the code is written
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller maleek. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $18.49. You're not tied to anything after your purchase.
