C838 – CCSP- 158 questions- with complete solutions
Your organization has just been served with an eDiscovery order. Because the organization has moved to a cloud environment, what is the biggest challenge when it comes to full compliance with an eDiscovery order? correct answer: Data discovery Your organization is considering a move to a cloud environment and is looking for certifications or audit reports from cloud providers to ensure adequate security controls and processes. Which of the following is NOT a security certification or audit report that would be pertinent? correct answer: FIPS 140-2 US Crypto modules You are developing a new process for data discovery for your organization and are charged with ensuring that all applicable data is included. Which of the following is NOT one of the 3 methods of data discovery? correct answer: Classification Management has requested that security testing be done against their live cloud-based applications, with the testers not having internal knowledge of the system. Not attempting to actually breach systems or inject data is also a top requirement. Which of the following would be the appropriate approach to take? correct answer: Dynamic Application Security Testing (DAST) Which of the following cloud categories would allow for the LEAST amount of customization by the cloud customer? correct answer: SaaS (Software as a Service) Which phase of the risk management process involves an organization deciding how to mitigate risk that is discovered during the course of an audit? correct answer: Responding During the testing phase of the SDLC, which of the following is NOT included as a core activity of testing? correct answer: Auditing You have decided to use SOAP as the protocol for exchanging information between services for your application. Which of the following is the only data format that can be used with SOAP? correct answer: XML (Extensible Markup Language) A cloud provider is looking to provide a higher level of assurance to current and potential cloud customers about the design and effectiveness of its security controls. Which of the following audit reports would the cloud provider choose as the most appropriate to accomplish this goal? correct answer: SOC 3 At which stage of the software development lifecycle is the most appropriate place to begin the involvement of security? correct answer: Requirement Gathering not part of the data archiving? correct answer: Encryption While an audit is being conducted, which of the following could cause management and the auditors to change the original plan in order to continue with the audit? correct answer: Impact on systems Which threat model has elevation of privilege correct answer: STRIDE What type of risk assessment is based on a documentation review and making informed judgement calls about risk from operational procedures and system designs? correct answer: Qu
Escuela, estudio y materia
- Institución
-
Western Governors University
- Grado
-
WGU C838
Información del documento
- Subido en
- 6 de marzo de 2023
- Número de páginas
- 17
- Escrito en
- 2022/2023
- Tipo
- Examen
- Contiene
- Preguntas y respuestas
Temas
-
c838 – ccsp 158 questions with complete solutions
Documento también disponible en un lote
